Cisco Talos has discovered a new intrusion set we're calling "ShroudedSnooper" consisting of two new implants "HTTPSnoop" and "PipeSnoop" targeting telecommunications firms in the middle-east.
As a result of user applications increasingly registering actual “.zip” files as URLs, these filenames may trigger unintended DNS queries or web requests, thereby revealing possibly sensitive or internal company data in a file’s name to any actor monitoring the associated DNS server
New MortalKombat ransomware and Laplas Clipper malware threats deployed in financially motivated campaign
Since December 2022, Cisco Talos has been observing an unidentified actor deploying two relatively new threats, the recently discovered MortalKombat ransomware and a GO variant of the Laplas Clipper malware, to steal cryptocurrency from victims.
An active defense posture, where the defenders actively use threat intelligence and their own telemetry to uncover potential compromises, is the next stage in the cyber security maturity road. Instead of waiting for detections to trigger, defenders can take initiative and hunt threat actors.
As 2023 begins I wanted to look forward on the future of state sponsored aggression and how we can see it change and evolve over the next year and beyond.
Organizations must proactively limit supply chain risks through careful selection of the company they keep while preparing to respond to an incident that will invariably originate from the supply chain.
In late October two new buffer overflow vulnerabilities, CVE-2022-3602 and CVE-2022-3786, were announced in OpenSSL versions 3.0.0 to 3.0.6. These vulnerabilities can be exploited by sending an X.509 certificate with a specially crafted email address, potentially causing a buffer