Cisco Talos Blog

Recent
February 8, 2024 08:00

New Zardoor backdoor used in long-term cyber espionage operation targeting an Islamic organization

Talos discovered a new, stealthy espionage campaign that has likely persisted since at least March 2021. The observed activity affects an Islamic non-profit organization using backdoors for a previously unreported malware family we have named “Zardoor.”

February 6, 2024 03:30

How are user credentials stolen and used by threat actors?

You’ve probably heard the phrase, “Attackers don’t hack anyone these days. They log on.” In this blog, we describe the various tools and techniques bad actors are using to steal credentials so they can 'log on' with valid account details, and outline our recommendations for defense.

February 1, 2024 14:00

The many ways electric cars are vulnerable to hacks, and whether that matters in a real-world

Researchers recently discovered 49 zero-day vulnerabilities, including a two-vulnerability exploit chain in Tesla cars that could allow an attacker to take over the onboard infotainment system.

January 31, 2024 12:00

OAS Engine Deep Dive: Abusing low-impact vulnerabilities to escalate privileges

Open Automation Software recently released patches for multiple vulnerabilities in their OAS Engine.  Cisco Talos publicly disclosed these issues after working with Open Automation Software to ensure that patches were available for users. Now that a fix has been released with Ve

January 25, 2024 14:00

Why is the cost of cyber insurance rising?

Cyber insurance premiums are expected to rise this year after leveling out in 2023.

January 24, 2024 08:00

IR Q4 2023 trends: Significant increase in ransomware activity found in engagements, while education remains one of the most-targeted sectors

Talos IR observed operations involving Play, Cactus, BlackSuit and NoEscape ransomware for the first time this quarter.

January 18, 2024 14:00

What to do with that fancy new internet-connected device you got as a holiday gift

There are many examples of WiFi-enabled home cameras, assistants and doorbells vulnerable to a wide range of security issues.

January 18, 2024 08:00

Exploring malicious Windows drivers (Part 1): Introduction to the kernel and drivers

Malicious drivers are difficult to detect and successfully leveraging one can give an attacker full access to a system.

January 17, 2024 12:00

Critical vulnerability in ManageEngine could lead to file creation, dozens of other vulnerabilities disclosed by Talos to start 2024

There are also multiple vulnerabilities in AVideo, an open-source video broadcasting suite, that could lead to arbitrary code execution.