Cisco Talos Intelligence Blog

February 24, 2022 15:02

Threat Advisory: HermeticWiper

This post is also available in: 日本語 (Japanese) Українська (Ukrainian) Update: March 1, 2022 Cisco Talos is aware of reporting related to additional components discovered to be associated with ongoing HermeticWiper attacks. These additional components include: * HermeticWiz

December 10, 2021 14:12

Threat Advisory: Critical Apache Log4j vulnerability being exploited in the wild

Update History DateDescription of UpdatesDec. 20, 2021 Additional coverage and IOCs; additional detection capabilities for customers via Cisco Global Threat Alerts. Dec. 18, 2021 Additional mitigation guidance; updated coverage information. Dec. 17, 2021 Added additional vulner

November 23, 2021 13:11

Attackers exploiting zero-day vulnerability in Windows Installer — Here’s what you need to know and Talos’ coverage

Cisco Talos is releasing new SNORTⓇ rules to protect against the exploitation of a zero-day elevation of privilege vulnerability in Microsoft Windows Installer. This vulnerability allows an attacker with a limited user account to elevate their privileges to become an administrato

November 22, 2021 08:11

Back from the dead: Emotet re-emerges, begins rebuilding to wrap up 2021

Executive Summary Emotet has been one of the most widely distributed threats over the past several years. It has typically been observed being distributed via malicious spam email campaigns, and often leads to additional malware infections as it provides threat actors with an in

October 7, 2021 15:10

Threat Advisory: Apache HTTP Server zero-day vulnerability opens door for attackers

A recently discovered vulnerability in Apache HTTP Server (CVE-2021-41733) is being actively exploited in the wild. This vulnerability is a path traversal and file disclosure vulnerability that could allow an attacker to map URLs outside of the document root. It could also resu

July 8, 2021 16:07

PrintNightmare: Here’s what you need to know and Talos’ coverage

Over the past several weeks, there's been a lot of discussion about a particular privilege escalation vulnerability in Windows affecting the print spooler, dubbed PrintNightmare. The vulnerability (CVE-2021-1675/CVE-2021-34527) has now been patched multiple times but is believed

April 22, 2021 09:04

Threat Advisory: Pulse Secure Connect Coverage

Pulse Secure announced that a critical vulnerability (CVE-2021-22893) was discovered in their VPN service "Pulse Secure Connect" in a recent security advisory. The advisory states that, "a vulnerability was discovered under Pulse Connect Secure (PCS). This includes an authentica

April 15, 2021 11:04

Threat Advisory: NSA SVR Advisory Coverage

The U.S. National Security Agency released an advisory outlining several vulnerabilities that the Russian Foreign Intelligence Services (SVR) is exploiting in the wild. The U.S. formally attributed the recent SolarWinds supply chain attack to the SVR group in this advisory and de

March 9, 2021 19:03

Hafnium Update: Continued Microsoft Exchange Server Exploitation

Update 3/11: The following OSQuery detects active commands being run through webshells observed used by actors on compromised Exchange servers. While systems may have been patched to defend against Hafnium and others, threat actors may have leveraged these vulnerabilities to esta