Cisco Talos Intelligence Blog

May 18, 2022 02:05

The BlackByte ransomware group is striking users all over the globe

News summary * Cisco Talos has been monitoring the BlackByte Ransomware Group for several months, infecting victims all over the world, from North America to Colombia, Netherlands, China, Mexico and Vietnam. * The FBI released a joint cybersecurity advisory in February 2022 wa

May 17, 2022 10:05

Vulnerability Spotlight: Multiple memory corruption vulnerabilities in NVIDIA GPU driver

Piotr Bania of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered four vulnerabilities in the NVIDIA D3D10 driver for graphics cards that could allow an attacker to corrupt memory and write arbitrary memory on the card. NVIDIA graphics drivers are sof

March 7, 2022 11:03

Deep dive: Vulnerabilities in ZTE router could lead to complete attacker control of the device

Cisco Talos’ vulnerability research team disclosed multiple vulnerabilities in the ZTE MF971R wireless hotspot and router in October. Several months removed from that disclosure and ZTE’s patch, we decided to take an even closer look at two of these vulnerabilities — CVE-2021-217

December 3, 2021 15:12

Threat Roundup for November 26 to December 3

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Nov. 26 and Dec. 3. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral

November 22, 2021 07:11

Vulnerability Spotlight: PHP deserialize vulnerability in CloudLinux Imunity360 could lead to arbitrary code execution

Marcin “Icewall” Noga of Cisco Talos. Cisco Talos recently discovered a vulnerability in the Ai-Bolit functionality of CloudLinux Inc Imunify360 that could lead to arbitrary code execution. Imunify360 is a security platform for web-hosting servers that allows users to configure

November 19, 2021 14:11

Threat Roundup for November 12 to November 19

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Nov. 12 and Nov. 19. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behaviora

November 17, 2021 15:11

Vulnerability Spotlight: Multiple code execution vulnerabilities in LibreCAD

Lilith >_> of Cisco Talos discovered this vulnerability. Cisco Talos recently discovered three vulnerabilities in LibreCAD’s libdfxfw open-source library. This library reads and writes .dxf and .dwg files — the primary file format for vector graphics in CAD software. LibreCAD,

November 17, 2021 14:11

Vulnerability Spotlight: Use-after-free vulnerability in Google Chrome could lead to code execution

Marcin Towalski of Cisco Talos discovered this vulnerability. Cisco Talos recently discovered an exploitable use-after-free vulnerability in Google Chrome. Google Chrome is a cross-platform web browser — and Chromium is the open-source version of the browser that other software

November 16, 2021 07:11

Attackers use domain fronting technique to target Myanmar with Cobalt Strike

By Chetan Raghuprasad, Vanja Svajcer and Asheer Malhotra. News Summary * Cisco Talos discovered a new malicious campaign using a leaked version of Cobalt Strike in September 2021. * This shows that Cobalt Strike, although it was originally created as a legitimate tool, cont