Vulnerability Spotlight: Information disclosure, privilege escalation vulnerabilities in IOBit Advanced SystemCare Ultimate
Cory Duplantis of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered multiple vulnerabilities in IOBit Advanced SystemCare Ultimate. IOBit Advanced SystemCare Ultimate is a system optimizer that promises to remove unwanted files and
InSideCopy: How this APT continues to evolve its arsenal
By Asheer Malhotra and Justin Thattil. * Cisco Talos is tracking an increase in SideCopy's activities targeting government personnel in India using themes and tactics similar to APT36 (aka Mythic Leopard and Transparent Tribe). * SideCopy is an APT group that mimics the Si
REvil ransomware actors attack Kaseya in supply chain attack
Updated on July 6, 2021: As analysis of the ransomware attack affecting organizations using Kaseya VSA has continued, we are sharing an update containing additional information. As new details are identified, this information may be updated as needed. * This event consisted of
Threat Roundup for June 25 to July 2
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between June 25 and July 2. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting ke
Talos Takes Ep. #59: How to secure the devices that secure your home network
As consumers start having more “smart” devices connected to their home network, they may want an easy solution to keeping those devices safe. But what if that device gets owned? Carl Hurd of our vulnerability research team recently discovered several vulnerabilities in Trend Mic
Threat Source newsletter (July 1, 2021)
Good afternoon, Talos readers. There's been a lot of talk recently around how to address America's infrastructure cybersecurity. After attacks like Colonial Pipeline and JBS, everyone across the public and private sectors are wondering what they should be doing to avoid
Vulnerability Spotlight: Memory corruption vulnerability in PowerISO’s DMG handler
Piotr Bania of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered a memory corruption vulnerability in PowerISO’s handler that deals with DMG files. PowerISO is a CD/DVD/BD image file processing tool, which allows users to open, extr
Threat Roundup for June 18 to June 25
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between June 18 and June 25. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting k
Talos Takes Ep. #58: How to approach the partnerships it will take to defend critical infrastructure
By Jon Munshaw. With major cyber attacks in recent years against major U.S. critical infrastructure suppliers like Norsk Hydro and Colonial Pipeline, we’re in a new world of CI cybersecurity. New threats require new approaches to defense. And in the U.S., this is likely going to