Cisco Talos Blog

Recent
August 29, 2024 14:00

What kind of summer has it been?

As we head into the final third of 2024, we caught up with Talos' Nick Biasini to ask him about the biggest shifts and trends in the threat landscape so far. Turns out, he has two major areas of concern.

August 28, 2024 12:00

The vulnerabilities we uncovered by fuzzing µC/OS protocol stacks

Fuzzing has long been one of our favorite ways to search for security issues or vulnerabilities in software, but when it comes to fuzzing popular systems used in ICS environments, it traditionally involved a custom hardware setup to fuzz the code in its native environment.

August 28, 2024 12:00

Fuzzing µCOS protocol stacks, Part 2: Handling multiple requests per test case

This time, I’ll discuss why this approach is more challenging than simply substituting a socket file descriptor with a typical file descriptor.

August 28, 2024 12:00

Fuzzing µC/OS protocol stacks, Part 1: HTTP server fuzzing

Any vulnerability in an RTOS has the potential to affect many devices across multiple industries.

August 28, 2024 12:00

Fuzzing µC/OS protocol stacks, Part 3: TCP/IP server fuzzing, implementing a TAP driver

This is the final post in the three-part series that details techniques I used to fuzz two µC/OS protocol stacks: µC/TCP-IP and µC/HTTP-server.

August 28, 2024 06:00

BlackByte blends tried-and-true tradecraft with newly disclosed vulnerabilities to support ongoing attacks

In recent investigations, Talos Incident Response has observed the BlackByte ransomware group using techniques that depart from their established tradecraft. Read the full analysis.

August 22, 2024 14:00

No, not every Social Security number in the U.S. was stolen

It’s not unusual for a threat actor to exaggerate the extent of a hack or breach to drum up interest, and hopefully, the eventual purchase or ransom price.

August 21, 2024 06:00

MoonPeak malware from North Korean actors unveils new details on attacker infrastructure

Cisco Talos has uncovered a new remote access trojan (RAT) family we are calling “MoonPeak.” This a XenoRAT-based malware, which is under active development by a North Korean nexus cluster we are calling “UAT-5394.”

August 19, 2024 06:00

How multiple vulnerabilities in Microsoft apps for macOS pave the way to stealing permissions

An adversary could exploit these vulnerabilities by injecting malicious libraries into Microsoft's applications to gain their entitlements and user-granted permissions.