Emotet resumes spam operations, switches to OneNote
Since returning, Emotet has leveraged several distinct infection chains, indicating that they are modifying their approach based on their perceived success in infecting new systems.
Threat Advisory: Microsoft Outlook privilege escalation vulnerability being exploited in the wild
Cisco Talos is urging all users to update Microsoft Outlook after the discovery of a critical vulnerability, CVE-2023-23397, in the email client that attackers are actively exploiting in the wild.
HTML smugglers turn to SVG images
* HTML smuggling is a technique attackers use to hide an encoded malicious script within an HTML email attachment or webpage. * Once a victim receives the email and opens the attachment, their browser decodes and runs the script, which then assembles a malicious payload directl
Breaking the silence - Recent Truebot activity
Since August 2022, we have seen an increase in infections of Truebot (aka Silence.Downloader) malware. Truebot was first identified in 2017 and researchers have linked it to a threat actor called Silence Group that is responsible for several high-impact attacks on financial insti
Get a Loda This: LodaRAT meets new friends
* LodaRAT samples were deployed alongside other malware families, including RedLine and Neshta. * Cisco Talos identified several variants and altered versions of LodaRAT with updated functionality have been seen in the wild. * Changes in these LodaRAT variants include new f
Threat Advisory: High Severity OpenSSL Vulnerabilities
In late October two new buffer overflow vulnerabilities, CVE-2022-3602 and CVE-2022-3786, were announced in OpenSSL versions 3.0.0 to 3.0.6. These vulnerabilities can be exploited by sending an X.509 certificate with a specially crafted email address, potentially causing a buffer
Threat Advisory: Microsoft warns of actively exploited vulnerabilities in Exchange Server
Even organizations that use Exchange Online may still be affected if they run a hybrid server.
Avos ransomware group expands with new attack arsenal
By Flavio Costa, * In a recent customer engagement, we observed a month-long AvosLocker campaign. * The attackers utilized several different tools, including Cobalt Strike, Sliver and multiple commercial network scanners. * The initial ingress point in this incident was a pa
Threat Advisory: Atlassian Confluence zero-day vulnerability under active exploitation
Cisco Talos is monitoring reports of an actively exploited zero-day vulnerability in Confluence Data Center and Server. Confluence is a Java-based corporate Wiki employed by numerous enterprises. At this time, it is confirmed that all supported versions of Confluence are affecte