Threat Source Newsletter (May 13, 2021)
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. In case you missed the Friday news drop last week, we have an update on the Lemon Duck cryptocurrency miner. It's not as eye-catching as the ransomware attacks that make the news, but Lemon Duck's exploi
Transparent Tribe APT expands its Windows malware arsenal
Transparent Tribe, also known as APT36 and Mythic Leopard, continues to create fake domains mimicking legitimate military and defense organizations as a core component of their operations. Cisco Talos’ previous research has mainly linked this group to CrimsonRAT, but new campaign
Microsoft Patch Tuesday for May 2021 — Snort rules and prominent vulnerabilities
By Jon Munshaw, with contributions from Chris Neal. Microsoft released its monthly security update Tuesday, disclosing 55 vulnerabilities across its suite of products, the fewest in any month since January 2020. There are only three critical vulnerabilities patched in this mont
Vulnerability Spotlight: Code execution vulnerability in Adobe Acrobat Reader
Aleksandar Nikolic of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered an arbitrary code execution vulnerability in Adobe Acrobat Reader. Adobe Acrobat Reader is one of the most popular and feature-rich PDF readers on the market. T
Lemon Duck spreads its wings: Actors target Microsoft Exchange servers, incorporate new TTPs
By Caitlin Huey and Andrew Windsor with contributions from Edmund Brumaghin. * Lemon Duck continues to refine and improve upon their tactics, techniques and procedures as they attempt to maximize the effectiveness of their campaigns. * Lemon Duck remains relevant as the operat
Talos Takes Ep. #52: Celebrating World Password Day by talking about getting rid of passwords
The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. The internet celebrated World Password Day on Thursday. To celebrate, we had Dave Lewis on the latest episode of Talos T
Threat Roundup for April 30 to May 7
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between April 30 and May 7. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting ke
Threat Source Newsletter (May 6, 2021)
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. COVID-19 has changed everything about our lives — no surprise there. So it also shouldn't be shocking that it's changing the way Americans view Tax Day this year. The deadline to file taxes is about a m
Vulnerability Spotlight: Use-after-free vulnerability in Foxit PDF Reader
Aleksandar Nikolic of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered a use-after-free vulnerability in the Foxit PDF Reader. Foxit PDF Reader is one of the most popular PDF document readers currently available. As a complete and