Cisco Talos Intelligence Blog

March 15, 2023 19:03

Threat Advisory: Microsoft Outlook privilege escalation vulnerability being exploited in the wild

Cisco Talos is urging all users to update Microsoft Outlook after the discovery of a critical vulnerability, CVE-2023-23397, in the email client that attackers are actively exploiting in the wild.

March 9, 2023 08:03

Prometei botnet improves modules and exhibits new capabilities in recent updates

The high-profile botnet, focused on mining cryptocurrency, is back with new Linux versions.

February 14, 2023 08:02

New MortalKombat ransomware and Laplas Clipper malware threats deployed in financially motivated campaign

Since December 2022, Cisco Talos has been observing an unidentified actor deploying two relatively new threats, the recently discovered MortalKombat ransomware and a GO variant of the Laplas Clipper malware, to steal cryptocurrency from victims.

February 9, 2023 08:02

Beyond the basics: Implementing an active defense

An active defense posture, where the defenders actively use threat intelligence and their own telemetry to uncover potential compromises, is the next stage in the cyber security maturity road. Instead of waiting for detections to trigger, defenders can take initiative and hunt threat actors.

January 24, 2023 07:01

State Sponsored Attacks in 2023 and Beyond

As 2023 begins I wanted to look forward on the future of state sponsored aggression and how we can see it change and evolve over the next year and beyond.

November 8, 2022 09:11

The Company You Keep – Preparing for supply chain attacks with Talos IR

Organizations must proactively limit supply chain risks through careful selection of the company they keep while preparing to respond to an incident that will invariably originate from the supply chain.

November 1, 2022 15:11

Threat Advisory: High Severity OpenSSL Vulnerabilities

In late October two new buffer overflow vulnerabilities, CVE-2022-3602 and CVE-2022-3786, were announced in OpenSSL versions 3.0.0 to 3.0.6. These vulnerabilities can be exploited by sending an X.509 certificate with a specially crafted email address, potentially causing a buffer

October 25, 2022 08:10

Quarterly Report: Incident Response Trends in Q3 2022

A lack of MFA remains one of the biggest impediments to enterprise security.

September 28, 2022 08:09

New campaign uses government, union-themed lures to deliver Cobalt Strike beacons

Cisco Talos recently discovered a malicious campaign with a modularised attack technique to deliver Cobalt Strike beacons on infected endpoints.