Cisco Talos Blog

October 16, 2023 11:05

Active exploitation of Cisco IOS XE Software Web Management User Interface vulnerabilities

Cisco has identified active exploitation of two previously unknown vulnerabilities in the Web User Interface (Web UI) feature of Cisco IOS XE software — CVE-2023-20198 and CVE-2023-20273 — when exposed to the internet or untrusted networks.

October 11, 2023 19:06

What to know about the HTTP/2 Rapid Reset DDoS attacks

CVE-2023-44487, a vulnerability in the HTTP/2 protocol, was recently used to launch intensive DDoS attacks against several targets.

August 8, 2023 15:36

What Cisco Talos knows about the Rhysida ransomware

The group appears to commonly deploy double extortion — of the victims that have been listed on the leak site, several of them have had some portion of their exfiltrated data exposed.

July 11, 2023 13:04

Undocumented driver-based browser hijacker RedDriver targets Chinese speakers and internet cafes

Cisco Talos has identified multiple versions of an undocumented malicious driver named “RedDriver,” a driver-based browser hijacker that uses the Windows Filtering Platform (WFP) to intercept browser traffic.

July 11, 2023 13:04

Old certificate, new signature: Open-source tools forge signature timestamps on Windows drivers

Actors are leveraging multiple open-source tools that alter the signing date of kernel mode drivers to load malicious and unverified drivers signed with expired certificates.

June 16, 2023 14:17

Active exploitation of the MOVEit Transfer vulnerability — CVE-2023-34362 — by Clop ransomware group

The Clop ransomware group has claimed responsibility for exploiting the vulnerability to deploy a previously unseen web shell, LemurLoot.

May 25, 2023 08:02

Mercenary mayhem: A technical analysis of Intellexa's PREDATOR spyware

Commercial spyware use is on the rise, with actors leveraging these sophisticated tools to conduct surveillance operations against a growing number of targets. Cisco Talos has new details of a commercial spyware product sold by the spyware firm Intellexa (formerly known as Cytrox).

May 10, 2023 08:00

New phishing-as-a-service tool “Greatness” already seen in the wild

Greatness incorporates features seen in some of the most advanced PaaS offerings, such as multi-factor authentication (MFA) bypass, IP filtering and integration with Telegram bots.

April 25, 2023 13:16

Video: Everything you need to know about ongoing state-sponsored attacks targeting network infrastructure across the globe

Video explanation of the Jaguar Tooth vulnerabilities with Matt Olney, J.J. Cummings and Hazel Burton.