“Pig butchering” is an evolution of a social engineering tactic we’ve seen for years
In the case of pig butchering scams, it’s not really anything that can be solved by a cybersecurity solution or sold in a package.
New details on TinyTurla’s post-compromise activity reveal full kill chain
We now have new information on the entire kill chain this actor uses, including the tactics, techniques and procedures (TTPs) utilized to steal valuable information from their victims and propagate through their infected enterprises.
Netgear wireless router open to code execution after buffer overflow vulnerability
There is also a newly disclosed vulnerability in a graphics driver for some NVIDIA GPUs that could lead to a memory leak.
Dissecting a complex vulnerability and achieving arbitrary code execution in Ichitaro Word
Research conducted by Cisco Talos last year uncovered multiple vulnerabilities rated as low severity despite their ability to allow for full arbitrary code execution.
The LockBit story: Why the ransomware affiliate model can turn takedowns into disruptions
Talos explores the recent law enforcement takedown of LockBit, a prolific ransomware group that claimed to resume their operations 7 days later.
Not everything has to be a massive, global cyber attack
There are a few reasons why we’re so ready to jump to the “it’s a cyber attack!”
Threat actors leverage document publishing sites for ongoing credential and session token theft
Talos IR has responded to several recent incidents in which threat actors used legitimate digital document publishing sites such as Publuu and Marq to host phishing documents as part of ongoing credential and session harvesting attacks.
Another Patch Tuesday with no zero-days, only two critical vulnerabilities disclosed by Microsoft
March’s Patch Tuesday is relatively light, containing 60 vulnerabilities — only two labeled “critical.”
You’re going to start seeing more tax-related spam, but remember, that doesn’t actually mean there’s more spam
It’s important to be vigilant about tax-related scams any time these deadlines roll around, regardless of what country you’re in, but it’s not like you need to be particularly more skeptical in March and April.