The Trojan horse of cybercrime: Weaponizing SaaS notification pipelines
Cisco Talos has recently observed an increase in activity that is leveraging notification pipelines in popular collaboration platforms to deliver spam and phishing emails.
BeaverTail and OtterCookie evolve with a new Javascript module
Cisco Talos has uncovered a new attack linked to Famous Chollima, a threat group aligned with North Korea (DPRK).
UAT-8099: Chinese-speaking cybercrime group targets high-value IIS for SEO fraud
Cisco Talos is disclosing details on UAT-8099, a Chinese-speaking cybercrime group mainly involved in SEO fraud and theft of high-value credentials, configuration files, and certificate data.
Famous Chollima deploying Python version of GolangGhost RAT
Learn how the North Korean-aligned Famous Chollima is using the a new Python-based RAT, "PylangGhost," to target cryptocurrency and blockchain jobseekers in a campaign affecting users primarily in India.
Threat Spotlight: WarmCookie/BadSpace
WarmCookie is a malware family that emerged in April 2024 and has been distributed via regularly conducted malspam and malvertising campaigns.
Highlighting TA866/Asylum Ambuscade Activity Since 2021
TA866 (also known as Asylum Ambuscade) is a threat actor that has been conducting intrusion operations since at least 2020.
DarkGate switches up its tactics with new payload, email templates
DarkGate has been observed distributing malware through Microsoft Teams and even via malvertising campaigns.
New SugarGh0st RAT targets Uzbekistan government and South Korea
Cisco Talos recently discovered a malicious campaign that likely started as early as August 2023, delivering a new remote access trojan (RAT) we dubbed “SugarGh0st.”
Spammers abuse Google Forms’ quiz to deliver scams
Cisco Talos has recently observed an increase in spam messages abusing a feature of quizzes created within Google Forms.
Arid Viper disguising mobile spyware as updates for non-malicious Android applications
Since April 2022, Cisco Talos has been tracking a malicious campaign operated by the espionage-motivated Arid Viper advanced persistent threat (APT) group targeting Arabic-speaking Android users.
Kazakhstan-associated YoroTrooper disguises origin of attacks as Azerbaijan
Cisco Talos assesses with high confidence that YoroTrooper, an espionage-focused threat actor first active in June 2022, likely consists of individuals from Kazakhstan based on their use of Kazakh currency and fluency in Kazakh and Russian.
Qakbot-affiliated actors distribute Ransom Knight malware despite infrastructure takedown
The threat actors behind the Qakbot malware have been conducting a campaign since early August 2023 in which they have been distributing Ransom Knight ransomware and the Remcos backdoor via phishing emails.
New ShroudedSnooper actor targets telecommunications firms in the Middle East with novel Implants
Cisco Talos has discovered a new intrusion set we're calling "ShroudedSnooper" consisting of two new implants "HTTPSnoop" and "PipeSnoop" targeting telecommunications firms in the middle-east.
Cybercriminals target graphic designers with GPU miners
Cybercriminals are abusing Advanced Installer, a legitimate Windows tool used for creating software packages, to drop cryptocurrency-mining malware including PhoenixMiner and lolMiner on infected machines.
SapphireStealer: Open-source information stealer enables credential and data theft
SapphireStealer appears to be delivered as part of a multi-stage infection process, with threat actors leveraging open-source malware downloaders like FUD-Loader to deliver SapphireStealer to potential victims.
Lazarus Group's infrastructure reuse leads to discovery of new malware
Lazarus Group appears to be changing its tactics, increasingly relying on open-source tools and frameworks in the initial access phase of their attacks, as opposed to strictly employing them in the post-compromise phase.
Lazarus Group exploits ManageEngine vulnerability to deploy QuiteRAT
This is the third documented campaign attributed to this actor in less than a year, with the actor reusing the same infrastructure throughout these operations.
What Cisco Talos knows about the Rhysida ransomware
The group appears to commonly deploy double extortion — of the victims that have been listed on the leak site, several of them have had some portion of their exfiltrated data exposed.
New threat actor targets Bulgaria, China, Vietnam and other countries with customized Yashma ransomware
Cisco Talos discovered an unknown threat actor, seemingly of Vietnamese origin, conducting a ransomware operation that began at least as early as June 4, 2023 with customized Yashma ransomware.
Malicious campaigns target government, military and civilian entities in Ukraine, Poland
Cisco Talos has discovered a threat actor conducting several campaigns against government entities, military organizations and civilian users in Ukraine and Poland. We judge that these operations are very likely aimed at stealing information and gaining persistent remote access.
Active exploitation of the MOVEit Transfer vulnerability — CVE-2023-34362 — by Clop ransomware group
The Clop ransomware group has claimed responsibility for exploiting the vulnerability to deploy a previously unseen web shell, LemurLoot.
New Horabot campaign targets the Americas
Cisco Talos has observed a threat actor deploying a previously unidentified botnet program Talos is calling “Horabot,” which delivers a known banking trojan and spam tool onto victim machines in a campaign that has been ongoing since at least November 2020.
Mercenary mayhem: A technical analysis of Intellexa's PREDATOR spyware
Commercial spyware use is on the rise, with actors leveraging these sophisticated tools to conduct surveillance operations against a growing number of targets. Cisco Talos has new details of a commercial spyware product sold by the spyware firm Intellexa (formerly known as Cytrox).
Newly identified RA Group compromises companies in U.S. and South Korea with leaked Babuk source code
Cisco Talos recently discovered a new ransomware actor called RA Group that has been operating since at least April 22, 2023.
State-sponsored campaigns target global network infrastructure
This campaign, dubbed "Jaguar Tooth," is an example of a much broader trend of sophisticated adversaries targeting networking infrastructure to advance espionage objectives or pre-position for future destructive activity.
Vulnerability Spotlight: Vulnerabilities in popular Japanese word processing software could lead to arbitrary code execution, other issues
Ichitaro uses the ATOK input method (IME) and uses the proprietary .jtd file extension. It’s the second most-popular word processing system in Japan behind only Microsoft word.
Typhon Reborn V2: Updated stealer features enhanced anti-analysis and evasion capabilities
The stealer is for sale on dark web forums for $59 a month, or $540 for a lifetime subscription, which is relatively inexpensive compared to other infostealers.
Vulnerability Spotlight: Buffer overflow vulnerability in ADMesh library
A specially crafted STL file can lead to a heap buffer overflow.
Talos uncovers espionage campaigns targeting CIS countries, embassies and EU health care agency
Cisco Talos has identified a new espionage oriented threat actor, which we are naming “YoroTrooper,” targeting a multitude of entities in Europe and Turkey.
New MortalKombat ransomware and Laplas Clipper malware threats deployed in financially motivated campaign
Since December 2022, Cisco Talos has been observing an unidentified actor deploying two relatively new threats, the recently discovered MortalKombat ransomware and a GO variant of the Laplas Clipper malware, to steal cryptocurrency from victims.
Following the LNK metadata trail
While tracking some prevalent commodity malware threat actors, Talos observed the popularization of malicious LNK files as their initial access method to download and execute payloads. A closer look at the LNK files illustrates how their metadata could be used to identify and track new campaigns.
Threat Spotlight: XLLing in Excel - threat actors using malicious add-ins
As more and more users adopt new versions of Microsoft Office, it is likely that threat actors will turn away from VBA-based malicious documents to other formats such as XLLs or rely on exploiting newly discovered vulnerabilities to launch malicious code.
Threat Spotlight: Cyber Criminal Adoption of IPFS for Phishing, Malware Campaigns
* The InterPlanetary File System (IPFS) is an emerging Web3 technology that is currently seeing widespread abuse by threat actors. * Cisco Talos has observed multiple ongoing campaigns that leverage the IPFS network to host their malware payloads and phishing kit infrastructure
Emotet coming in hot
Emotet is a ubiquitous and well-known banking trojan that has evolved over the years to become a very successful modular botnet capable of dropping a variety of other threats. Even after a global takedown campaign in early 2021 disrupted the botnet, it reemerged later that year,
Alchimist: A new attack framework in Chinese for Mac, Linux and Windows
Cisco Talos discovered a new attack framework including a command and control (C2) tool called "Alchimist" and a new malware "Insekt" with remote administration capabilities.
Vulnerability Spotlight: Multiple issues in Robustel R1510 cellular router could lead to code execution, denial of service
Cisco Talos recently discovered nine vulnerabilities in the Robustel R1510 industrial cellular router, several of which could allow an adversary to inject operating system code remotely.
Gamaredon APT targets Ukrainian government agencies in new campaign
Cisco Talos discovered Gamaredon APT activity targeting users in Ukraine with malicious LNK files distributed in RAR archives.
Vulnerability Spotlight: Vulnerabilities in Alyac antivirus program could stop virus scanning, cause code execution
Jaewon Min of Cisco Talos discovered these vulnerabilities. Update (Aug. 3, 2022): Talos disclosed two new vulnerabilities in the Alyac antivirus software and added their details to this post. Cisco Talos recently discovered out-of-bounds read and buffer overflow vulnerabilitie
Vulnerability Spotlight: How a code re-use issue led to vulnerabilities across multiple products
Recently, I was performing some research on a wireless router and noticed the following piece of code: This unescape function will revert the URL encoded bytes to its original form. But something specifically caught my attention: There was no size check for the performed operati
Avos ransomware group expands with new attack arsenal
By Flavio Costa, * In a recent customer engagement, we observed a month-long AvosLocker campaign. * The attackers utilized several different tools, including Cobalt Strike, Sliver and multiple commercial network scanners. * The initial ingress point in this incident was a pa
Vulnerability Spotlight: Vulnerabilities in Anker Eufy Homebase could lead to code execution, authentication bypass
Lilith >_> of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered three vulnerabilities in the Anker Eufy Homebase 2. The Eufy Homebase 2 is the video storage and networking gateway that works with Anker’s Eufy Smarthome ecos
The BlackByte ransomware group is striking users all over the globe
News summary * Cisco Talos has been monitoring the BlackByte Ransomware Group for several months, infecting victims all over the world, from North America to Colombia, Netherlands, China, Mexico and Vietnam. * The FBI released a joint cybersecurity advisory in February 2022 wa
Vulnerability Spotlight: Multiple memory corruption vulnerabilities in NVIDIA GPU driver
Piotr Bania of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered four vulnerabilities in the NVIDIA D3D10 driver for graphics cards that could allow an attacker to corrupt memory and write arbitrary memory on the card. NVIDIA graphics drivers are sof
Deep dive: Vulnerabilities in ZTE router could lead to complete attacker control of the device
Cisco Talos’ vulnerability research team disclosed multiple vulnerabilities in the ZTE MF971R wireless hotspot and router in October. Several months removed from that disclosure and ZTE’s patch, we decided to take an even closer look at two of these vulnerabilities — CVE-2021-217
Threat Roundup for November 26 to December 3
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Nov. 26 and Dec. 3. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting ke
Vulnerability Spotlight: PHP deserialize vulnerability in CloudLinux Imunity360 could lead to arbitrary code execution
Marcin “Icewall” Noga of Cisco Talos. Cisco Talos recently discovered a vulnerability in the Ai-Bolit functionality of CloudLinux Inc Imunify360 that could lead to arbitrary code execution. Imunify360 is a security platform for web-hosting servers that allows users to configure
Threat Roundup for November 12 to November 19
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Nov. 12 and Nov. 19. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting k
Vulnerability Spotlight: Multiple code execution vulnerabilities in LibreCAD
Lilith >_> of Cisco Talos discovered this vulnerability. Cisco Talos recently discovered three vulnerabilities in LibreCAD’s libdfxfw open-source library. This library reads and writes .dxf and .dwg files — the primary file format for vector graphics in CAD software. Libr
Vulnerability Spotlight: Use-after-free vulnerability in Google Chrome could lead to code execution
Marcin Towalski of Cisco Talos discovered this vulnerability. Cisco Talos recently discovered an exploitable use-after-free vulnerability in Google Chrome. Google Chrome is a cross-platform web browser — and Chromium is the open-source version of the browser that other software
Attackers use domain fronting technique to target Myanmar with Cobalt Strike
By Chetan Raghuprasad, Vanja Svajcer and Asheer Malhotra. News Summary * Cisco Talos discovered a new malicious campaign using a leaked version of Cobalt Strike in September 2021. * This shows that Cobalt Strike, although it was originally created as a legitimate tool, cont
Vulnerability Spotlight: Vulnerabilities in Lantronix PremierWave 2050 could lead to code execution, file deletion
Matt Wiseman discovered these vulnerabilities. Cisco Talos recently discovered multiple vulnerabilities in Lantronix’s PremierWave 2050, an embedded Wi-Fi module. There are several vulnerabilities in PremierWave 2050’s Web Manager, a web-accessible application that allows users
Cisco Talos finds 10 vulnerabilities in Azure Sphere’s Linux kernel, Security Monitor and Pluton
By Claudio Bozzato and Lilith [-_-];. Following our previous engagements (see blog posts 1, 2, 3 and 4) with Microsoft's Azure Sphere IoT platform, we decided to take another look at the device, without all the rush and commotion that normally entails a hacking challenge. T
Threat Roundup for October 29 to November 5
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Oct. 29 and Nov. 5. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting ke
Microsoft Exchange vulnerabilities exploited once again for ransomware, this time with Babuk
By Chetan Raghuprasad and Vanja Svajcer, with contributions from Caitlin Huey. * Cisco Talos recently discovered a malicious campaign deploying variants of the Babuk ransomware predominantly affecting users in the U.S. with smaller number of infections in U.K., Germany, Ukraine
SQUIRRELWAFFLE Leverages malspam to deliver Qakbot, Cobalt Strike
By Edmund Brumaghin, Mariano Graziano and Nick Mavis. Executive summary Recently, a new threat, referred to as "SQUIRRELWAFFLE" is being spread more widely via spam campaigns, infecting systems with a new malware loader. This is a malware family that's been spre
Threat Roundup for October 15 to October 22
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Oct. 15 and Oct. 22. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting k
Malicious campaign uses a barrage of commodity RATs to target Afghanistan and India
* Cisco Talos recently discovered a threat actor using political and government-themed malicious domains to target entities in India and Afghanistan. * These attacks use dcRAT and QuasarRAT for Windows delivered via malicious documents exploiting CVE-2017-11882 — a memory corru
Vulnerability Spotlight: Multiple vulnerabilities in ZTE MF971R LTE router
Cisco Talos recently discovered multiple vulnerabilities in the ZTE MF971R LTE portable router. The MF971R is a portable router with Wi-Fi support and works as an LTE/GSM modem. An attacker could exploit all these vulnerabilities by sending a specially crafted HTTP request to th
Threat Roundup for October 8 to October 15
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Oct. 8 and Oct. 15. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting ke
Vulnerability Spotlight: Code execution vulnerabilities in Nitro Pro PDF
A Cisco Talos team member discovered these vulnerabilities. Cisco Talos recently discovered multiple vulnerabilities in the Nitro Pro PDF reader that could allow an attacker to execute code in the context of the application. Nitro Pro PDF is part of Nitro Software’s Productivit
Vulnerability Spotlight: Use-after-free vulnerability in Microsoft Excel could lead to code execution
Marcin “Icewall” Noga of Cisco Talos discovered this vulnerability. Cisco Talos recently discovered a use-after-free vulnerability in the ConditionalFormatting functionality of Microsoft Office Excel 2019 that could allow an attacker to execute arbitrary code on the victim machi
Microsoft Patch Tuesday for Oct. 2021 — Snort rules and prominent vulnerabilities
By Jon Munshaw, with contributions from Asheer Malhotra. Microsoft released its monthly security update Tuesday, disclosing 78 vulnerabilities in the company’s various software, hardware and firmware offerings. This month’s release is particularly notable because there are only
Vulnerability Spotlight: Vulnerabilities in Anker Eufy Homebase could lead to code execution, buffer overflows
UUpdate (Nov. 29, 2021): Anker patched five other vulnerabilities in this product affecting the same version as originally listed in this blog. These have been added to the post. Lilith >_> of Cisco Talos discovered this vulnerability. Cisco Talos recently discovered two
A wolf in sheep's clothing: Actors spread malware by leveraging trust in Amnesty International and fear of Pegasus
By Vitor Ventura and Arnaud Zobec. Threat actors are impersonating the group Amnesty International and promising to protect against the Pegasus spyware as part of a scheme to deliver malware. Amnesty International recently made international headlines when it released a groundb
Vulnerability Spotlight: Information disclosure vulnerability in D-LINK DIR-3040 mesh router
Dave McDaniel of Cisco Talos discovered this vulnerability. Cisco Talos recently discovered an exploitable information disclosure vulnerability in the D-LINK DIR-3040 smart WiFi mesh router that could allow an adversary to eventually turn off the device or remove other connected
Operation “Armor Piercer:” Targeted attacks in the Indian subcontinent using commercial RATs
By Asheer Malhotra, Vanja Svajcer and Justin Thattil. * Cisco Talos is tracking a campaign targeting government personnel in India using themes and tactics similar to APT36 (aka Mythic Leopard and Transparent Tribe). * This campaign distributes malicious documents and archive
Microsoft Patch Tuesday for Sept. 2021 — Snort rules and prominent vulnerabilities
By Jon Munshaw, with contributions from Holger Unterbrink. Microsoft released its monthly security update Tuesday, disclosing 85 vulnerabilities across the company’s firmware and software. This month’s release is headlined by an official patch for the critical remote code execut
Vulnerability Spotlight: Code execution vulnerability in Nitro Pro PDF
A Cisco Talos team member discovered these vulnerabilities. Cisco Talos recently discovered a vulnerability in the Nitro Pro PDF reader that could allow an attacker to execute code in the context of the application. Nitro Pro PDF is part of Nitro Software’s Productivity Suite.
Vulnerability Spotlight: Heap buffer overflow vulnerability in Ribbonsoft dxflib library
Lilith >_> of Cisco Talos discovered this vulnerability. Cisco Talos recently discovered an exploitable heap-based buffer overflow vulnerability in Ribbonsoft’s dxflib library that could lead to code execution. The dxflib library is a C++ library utilized by digital desig
Malicious Campaign Targets Latin America: The seller, The operator and a curious link
By Asheer Malhotra and Vitor Ventura, with contributions from Vanja Svajcer. * Cisco Talos has observed a new malware campaign delivering commodity RATs, including njRAT and AsyncRAT. * The campaign targets travel and hospitality organizations in Latin America. * Techniques
Neurevt trojan takes aim at Mexican users
By Chetan Raghuprasad, with contributions from Vanja Svajcer. News summary * Cisco Talos discovered a new version of the Neurevt trojan with spyware and backdoor capabilities in June 2021 using Cisco Secure Endpoint product telemetry. * This version of Neurevt appears to tar
Vulnerability Spotlight: Memory corruption vulnerability in Daemon Tools Pro
Piotr Bania of Cisco Talos discovered this vulnerability. Cisco Talos recently discovered a memory corruption vulnerability in Disc Soft Ltd.'s Daemon Tools Pro. Daemon Tools Pro is a professional emulation software that works with disc images and virtual drives. It allows
Threat Roundup for August 6 to August 13
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Aug. 6 and Aug. 13. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting ke
Vulnerability Spotlight: Multiple integer overflow vulnerabilities in GPAC Project on Advanced Content
A Cisco Talos team member discovered these vulnerabilities. Cisco Talos recently discovered multiple integer overflow vulnerabilities in the GPAC Project on Advanced Content that could lead to memory corruption. The GPAC Project on Advanced Content is an open-source cross-platf
Vice Society leverages PrintNightmare in ransomware attacks
Executive Summary Another threat actor is actively exploiting the so-called PrintNightmarevulnerability (CVE-2021-1675 / CVE-2021-34527) in Windows' print spooler service to spread laterally across a victim's network as part of a recent ransomware attack, according to Ci
Signed MSI files, Raccoon and Amadey are used for installing ServHelper RAT
By Vanja Svajcer. News summary * Group TA505 has been active for at least seven years, making wide-ranging connections with other threat actors involved in ransomware, stealing credit card numbers and exfiltrating data. One of the common tools in TA505's arsenal is ServH
Microsoft Patch Tuesday for August 2021 — Snort rules and prominent vulnerabilities
By Jon Munshaw, with contributions from Martin Lee. Microsoft released its monthly security update Tuesday, disclosing 44 vulnerabilities in the company’s firmware and software. This is the fewest amount of vulnerabilities Microsoft has patched in a month in more than two years.
Vulnerability Spotlight: Multiple vulnerabilities in AT&T Labs’ Xmill utility
Carl Hurd of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered multiple vulnerabilities in AT&T Labs’ Xmill utility. An attacker could take advantage of these issues to carry out a variety of malicious actions, including corrupting the application
Vulnerability Spotlight: Code execution vulnerability in Mozilla Firefox
Marcin “Icewall” Noga of Cisco Talos discovered this vulnerability. Cisco Talos recently discovered a use-after-free vulnerability in Mozilla Firefox that could lead to code execution. Firefox is a widely used web browser available on many operating systems. This specific vulne
Threat Roundup for July 30 to August 6
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between July 30 and Aug. 6. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting ke
Vulnerability Spotlight: Use-after-free vulnerability in tinyobjloader
Lilith >_> of Cisco Talos discovered this vulnerability. Cisco Talos recently discovered that a specific function of tinyobjloader does not properly validate array indexes. An adversary could trick a user into opening a specially crafted file, causing an index out-of-bound
Threat Roundup for July 23 to July 30
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between July 23 and July 30. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting k
Threat Spotlight: Solarmarker
By Andrew Windsor, with contributions from Chris Neal. Executive summary * Cisco Talos has observed new activity from Solarmarker, a highly modular .NET-based information stealer and keylogger. * A previous staging module, "d.m," used with this malware has been rep
Vulnerability Spotlight: Use-after-free vulnerabilities in Foxit PDF Reader
Aleksandar Nikolic of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered multiple use-after-free vulnerabilities in the Foxit PDF Reader. Foxit PDF Reader is one of the most popular PDF document readers currently available. As a comp
Vulnerability Spotlight: Unsafe deserialization vulnerabilities in CODESYS Development System
Patrick DeSantis discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered multiple vulnerabilities in the CODESYS Development System. The CODESYS Development System is the IEC 61131-3 programming tool for industrial control and automation technolog
Threat Roundup for July 16 to July 23
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between July 16 and July 23. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting k
Threat Roundup for July 9 to July 16
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between July 9 and July 16. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting ke
Vulnerability Spotlight: Multiple vulnerabilities in D-LINK DIR-3040
Dave McDaniel discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered multiple vulnerabilities in the D-LINK DIR-3040 wireless router. The DIR-3040 is an AC3000-based wireless internet router. These vulnerabilities could allow an attacker to carry
Vulnerability Spotlight: Multiple vulnerabilities in Advantech R-SeeNet
The Talos vulnerability research team discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered multiple vulnerabilities in the Advantech R-SeeNet monitoring software. R-SeeNet is the software system used for monitoring Advantech routers. It continu
Microsoft Patch Tuesday for July 2021 — Snort rules and prominent vulnerabilities
By Jon Munshaw, with contributions from Jaeson Schultz. Microsoft released its monthly security update Tuesday, disclosing 117 vulnerabilities across its suite of products, by far the most in a month this year. Today’s Patch Tuesday includes three vulnerabilities that Microsoft
Threat Roundup for July 2 to July 9
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between July 2 and July 9. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key
Vulnerability Spotlight: Information disclosure, privilege escalation vulnerabilities in IOBit Advanced SystemCare Ultimate
Cory Duplantis of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered multiple vulnerabilities in IOBit Advanced SystemCare Ultimate. IOBit Advanced SystemCare Ultimate is a system optimizer that promises to remove unwanted files and
InSideCopy: How this APT continues to evolve its arsenal
By Asheer Malhotra and Justin Thattil. * Cisco Talos is tracking an increase in SideCopy's activities targeting government personnel in India using themes and tactics similar to APT36 (aka Mythic Leopard and Transparent Tribe). * SideCopy is an APT group that mimics the Si
REvil ransomware actors attack Kaseya in supply chain attack
Updated on July 6, 2021: As analysis of the ransomware attack affecting organizations using Kaseya VSA has continued, we are sharing an update containing additional information. As new details are identified, this information may be updated as needed. * This event consisted of
Threat Roundup for June 25 to July 2
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between June 25 and July 2. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting ke
Vulnerability Spotlight: EIP Stack Group OpENer information disclosure vulnerability
Martin Zeiser of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered an exploitable information disclosure vulnerability in EIP Stack Group OpENer’s Ethernet/IP UDP handler. OpENer is an Ethernet/IP stack for I/O adapter devices that
Vulnerability Spotlight: Code execution vulnerability in Google Web Audio API
Piotr Bania of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered two use-after-free vulnerabilities in Google’s Web Audio API that an adversary could exploit to execute remote code on the victim machine. Web Audio API is a high-le
Microsoft Patch Tuesday for June 2021 — Snort rules and prominent vulnerabilities
By Jon Munshaw, with contributions from Edmund Brumaghin. Microsoft released its monthly security update Tuesday, disclosing 51 vulnerabilities across its suite of products, breaking last month’s 16-month record of the fewest vulnerabilities disclosed in a month by the company.
Necro Python bot adds new exploits and Tezos mining to its bag of tricks
By Vanja Svajcer, with contributions from Caitlin Huey and Kendall McKay. News summary * Some malware families stay static in terms of their functionality. But a newly discovered malware campaign utilizing the Necro Python bot shows this actor is adding new functionality and
Vulnerability Spotlight: Use-after-free vulnerability in WebKit
Marcin Towalski of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. The WebKit browser engine contains a use-after-free vulnerability in its GraphicsContext function. A malicious web page code could trigger a use-after-free error, which could lead to a potentia