Cisco Talos Intelligence Blog

November 17, 2021 14:11

Vulnerability Spotlight: Use-after-free vulnerability in Google Chrome could lead to code execution

Marcin Towalski of Cisco Talos discovered this vulnerability. Cisco Talos recently discovered an exploitable use-after-free vulnerability in Google Chrome. Google Chrome is a cross-platform web browser — and Chromium is the open-source version of the browser that other software

November 16, 2021 07:11

Attackers use domain fronting technique to target Myanmar with Cobalt Strike

By Chetan Raghuprasad, Vanja Svajcer and Asheer Malhotra. News Summary * Cisco Talos discovered a new malicious campaign using a leaked version of Cobalt Strike in September 2021. * This shows that Cobalt Strike, although it was originally created as a legitimate tool, cont

November 15, 2021 14:11

Vulnerability Spotlight: Vulnerabilities in Lantronix PremierWave 2050 could lead to code execution, file deletion

Matt Wiseman discovered these vulnerabilities. Cisco Talos recently discovered multiple vulnerabilities in Lantronix’s PremierWave 2050, an embedded Wi-Fi module. There are several vulnerabilities in PremierWave 2050’s Web Manager, a web-accessible application that allows users

November 9, 2021 13:11

Cisco Talos finds 10 vulnerabilities in Azure Sphere’s Linux kernel, Security Monitor and Pluton

By Claudio Bozzato and Lilith [-_-];. Following our previous engagements (see blog posts 1, 2, 3 and 4) with Microsoft's Azure Sphere IoT platform, we decided to take another look at the device, without all the rush and commotion that normally entails a hacking challenge. Today

November 5, 2021 13:11

Threat Roundup for October 29 to November 5

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Oct. 29 and Nov. 5. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral

November 3, 2021 08:11

Microsoft Exchange vulnerabilities exploited once again for ransomware, this time with Babuk

By Chetan Raghuprasad and Vanja Svajcer, with contributions from Caitlin Huey. * Cisco Talos recently discovered a malicious campaign deploying variants of the Babuk ransomware predominantly affecting users in the U.S. with smaller number of infections in U.K., Germany, Ukraine

October 26, 2021 08:10

SQUIRRELWAFFLE Leverages malspam to deliver Qakbot, Cobalt Strike

By Edmund Brumaghin, Mariano Graziano and Nick Mavis. Executive summary Recently, a new threat, referred to as "SQUIRRELWAFFLE" is being spread more widely via spam campaigns, infecting systems with a new malware loader. This is a malware family that's been spread with increa

October 22, 2021 16:10

Threat Roundup for October 15 to October 22

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Oct. 15 and Oct. 22. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behaviora

October 19, 2021 20:10

Malicious campaign uses a barrage of commodity RATs to target Afghanistan and India

* Cisco Talos recently discovered a threat actor using political and government-themed malicious domains to target entities in India and Afghanistan. * These attacks use dcRAT and QuasarRAT for Windows delivered via malicious documents exploiting CVE-2017-11882 — a memory corru