How Cisco Talos IR helped a healthcare company quickly resolve a Qakbot attack
A healthcare company recently detected a potential Qakbot infection early, and with the help of the Talos IR team, evicted the threat actor from their network quickly before any harm could come to the organization or its customers.
Microsoft Patch Tuesday for September 2023 — Unusually low 5 critical vulnerabilities included in Microsoft Patch Tuesday, along with two zero-days
Microsoft disclosed 65 vulnerabilities across its suite of products and software Tuesday, only five of which are considered critical, which is very low compared to Microsoft’s usual security updates.
You can try to hide your firmware from Kelly Patterson, but she’ll find it (and break it)
Patterson and her teammates are responsible for helping to disclose and patch more than 200 security vulnerabilities a year, some of which affect devices used in thousands of households around the world.
A secondhand account of the worst possible timing for a scammer to strike
Cybercriminals are abusing Advanced Installer, a legitimate Windows tool used for creating software packages, to drop cryptocurrency-mining malware on infected machines, new Cisco Talos research shows.
Cybercriminals target graphic designers with GPU miners
Cybercriminals are abusing Advanced Installer, a legitimate Windows tool used for creating software packages, to drop cryptocurrency-mining malware including PhoenixMiner and lolMiner on infected machines.
Eight vulnerabilities in Open Automation Software Platform could lead to information disclosure, improper authentication
OAS Platform allows various devices, including PLCs, servers, files, databases and internet-of-things platforms to communicate with one another and share data when they otherwise would be unable to because of their various protocols.
New open-source infostealer, and reflections on 2023 so far
A new open-source information stealer called ‘SapphireStealer’ has been observed across public malware repositories with increasing frequency. Plus, watch a new series of videos on the year so far in the threat landscape.
SapphireStealer: Open-source information stealer enables credential and data theft
SapphireStealer appears to be delivered as part of a multi-stage infection process, with threat actors leveraging open-source malware downloaders like FUD-Loader to deliver SapphireStealer to potential victims.
What's in a name? Strange behaviors at top-level domains creates uncertainty in DNS
Confusion over whether some name is a public DNS name or another private resource can cause sensitive data to fall into the hands of unintended recipients.