Vulnerability Spotlight: Authentication bypass and enumeration vulnerabilities in Ghost CMS
Dave McDaniel and other members of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered two vulnerabilities in Ghost CMS, one authentication bypass vulnerability and one enumeration vulnerability. Ghost is a content management system with tools to build
Threat Spotlight: XLLing in Excel - threat actors using malicious add-ins
As more and more users adopt new versions of Microsoft Office, it is likely that threat actors will turn away from VBA-based malicious documents to other formats such as XLLs or rely on exploiting newly discovered vulnerabilities to launch malicious code.
Threat Round up for December 9 to December 16
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Dec. 9 and Dec. 16. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting ke
Talos Takes Ep. 122: Year in Review & Ukraine Activities
In this episode of Talos Takes we are joined by Kendall McKay to discuss the recently released year in review report and dig deep on our activities in Ukraine. The year in review covers a vast amount of data and intel sources to identify some of the key trends we observed in 2022.
Threat Source newsletter (Dec. 15, 2022): Talos Year in Review is here
The inaugural 2022 Talos Year in Review is here! And it’s taking over the final Threat Source newsletter of the year.
Ukraine Topic Summary Report: Cisco Talos Year in Review 2022
Talos’ support for Ukraine has lead us to launch a task force to monitor critical infrastructure - identifying threats, remediating attacks, and gathering information. Discover the top adversaries, threats, and behavior trends Talos has observed this past year in Ukraine.
Beers with Talos Ep. 129: Talos Year in Review 2022 w/ Dave Liebenberg
We discuss the premiere Talos Year in Review report - a look back at the major threats, trends, and topics from 2022 and what we should take forward into 2023. Dave Liebenberg joins us to discuss *why* his team undertook this effort, and some of the finer points of the report findings.
Talos Year in Review 2022
We expect this data-driven story will shed some insight into Cisco’s and the security community’s most notable successes and remaining challenges. As these Year in Review reports continue in the future, we aim to help explain how the threat landscape changes from one year to the next.
HTML smugglers turn to SVG images
* HTML smuggling is a technique attackers use to hide an encoded malicious script within an HTML email attachment or webpage. * Once a victim receives the email and opens the attachment, their browser decodes and runs the script, which then assembles a malicious payload directl