Microsoft Patch Tuesday includes most vulnerabilities since Sept. 2020
Microsoft released its latest security update Tuesday, disclosing more than 140 vulnerabilities across its array of products. This is a departure from past Patch Tuesdays this year, which have only featured a few dozen vulnerabilities, and is the largest amount of issues in a sin
Time to secure hybrid work for 2022, not 2002
Editor’s note: This post is the first in a new series from Talos looking at high-level topics across the cybersecurity space. Our researchers rely on years of expertise, data, and tremendous visibility; applying what we can learn from history, research, and analysis to nascent se
Threat Advisory: Apache HTTP Server zero-day vulnerability opens door for attackers
A recently discovered vulnerability in Apache HTTP Server (CVE-2021-41733) is being actively exploited in the wild. This vulnerability is a path traversal and file disclosure vulnerability that could allow an attacker to map URLs outside of the document root. It could also resu
Following the Money: Comparing cryptocurrency value to illicit mining activity
By Nick Biasini In the age of meme stocks, Robinhood and Elon Musk's tweets influencing the global economy, cryptocurrency mining has not seemed as fringe as it once did. Mining has been around as long as these crytocurrencies have, but only really started to gather the att
PrintNightmare: Here’s what you need to know and Talos’ coverage
Over the past several weeks, there's been a lot of discussion about a particular privilege escalation vulnerability in Windows affecting the print spooler, dubbed PrintNightmare. The vulnerability (CVE-2021-1675/CVE-2021-34527) has now been patched multiple times but is belie
Attackers in Executive Clothing - BEC continues to separate orgs from their money
By Nick Biasini. In today's world of threat research, the focus tends to be on the overtly malicious practice of distributing and installing malware on end systems. But this is far from the complete picture of what threats organizations face. One of the most, if not the most
Threat Advisory: Pulse Secure Connect Coverage
Pulse Secure announced that a critical vulnerability (CVE-2021-22893) was discovered in their VPN service "Pulse Secure Connect" in a recent security advisory. The advisory states that, "a vulnerability was discovered under Pulse Connect Secure (PCS). This include
Threat Advisory: NSA SVR Advisory Coverage
The U.S. National Security Agency released an advisory outlining several vulnerabilities that the Russian Foreign Intelligence Services (SVR) is exploiting in the wild. The U.S. formally attributed the recent SolarWinds supply chain attack to the SVR group in this advisory and de
Sowing Discord: Reaping the benefits of collaboration app abuse
As telework has become the norm throughout the COVID-19 pandemic, attackers are modifying their tactics to take advantage of the changes to employee workflows. * Attackers are leveraging collaboration platforms, such as Discord and Slack, to stay under the radar and evade organ