Six critical vulnerabilities included in August’s Microsoft security update
The only vulnerability Microsoft states is being exploited in the wild is CVE-2023-38180, a denial-of-service vulnerability in .NET and Microsoft Visual Studio.
Malicious campaigns target government, military and civilian entities in Ukraine, Poland
Cisco Talos has discovered a threat actor conducting several campaigns against government entities, military organizations and civilian users in Ukraine and Poland. We judge that these operations are very likely aimed at stealing information and gaining persistent remote access.
Prometei botnet improves modules and exhibits new capabilities in recent updates
The high-profile botnet, focused on mining cryptocurrency, is back with new Linux versions.
Threat Spotlight: XLLing in Excel - threat actors using malicious add-ins
As more and more users adopt new versions of Microsoft Office, it is likely that threat actors will turn away from VBA-based malicious documents to other formats such as XLLs or rely on exploiting newly discovered vulnerabilities to launch malicious code.
New campaign uses government, union-themed lures to deliver Cobalt Strike beacons
Cisco Talos recently discovered a malicious campaign with a modularised attack technique to deliver Cobalt Strike beacons on infected endpoints.
ModernLoader delivers multiple stealers, cryptominers and RATs
* Cisco Talos recently observed three separate, but related, campaigns between March and June 2022 delivering a variety of threats, including the ModernLoader bot, RedLine information-stealer and cryptocurrency-mining malware to victims. * The actors use PowerShell, .NET assemb
Microsoft Patch Tuesday for August 2022 — Snort rules and prominent vulnerabilities
Microsoft released its monthly security update Tuesday, disclosing more than 120 vulnerabilities across its line of products and software, the most in a single Patch Tuesday in four months. This batch of updates also includes a fix for a new vulnerability in the Microsoft Window
What’s with the shared VBA code between Transparent Tribe and other threat actors?
Recently, we've been researching several threat actors operating in South Asia: Transparent Tribe, SideCopy, etc., that deploy a range of remote access trojans (RATs). After a hunting session in our malware sample repositories and VirusTotal while looking into these actors, we ga
Nanocore, Netwire and AsyncRAT spreading campaign uses public cloud infrastructure
* Cisco Talos discovered a malicious campaign in October 2021 delivering variants of Nanocore, Netwire and AsyncRATs targeting user's information. * According to Cisco Secure product telemetry, the victims of this campaign are primarily distributed across the United States, Ita