Manjusaka: A Chinese sibling of Sliver and Cobalt Strike
* Cisco Talos recently discovered a new attack framework called "Manjusaka" being used in the wild that has the potential to become prevalent across the threat landscape. This framework is advertised as an imitation of the Cobalt Strike framework. * The implants for t
Vulnerability Spotlight: How misusing properly serialized data opened TCL LinkHub Mesh Wi-Fi system to 17 vulnerabilities
The TCL LinkHub Mesh Wi-Fi system is a multi-device Wi-Fi system that allows users to expand access to their network over a large physical area. What makes the LInkHub system unique is the lack of a network interface to manage the devices individually or in the mesh. Instead, a p
Researcher Spotlight: You should have been listening to Lurene Grenier years ago
The exploit researcher recently rejoined Talos after starting her career with the company’s predecessor Lurene Grenier says state-sponsored threat actors keep her up at night, even after years of studying and following them. She’s spent her security career warning people why th
Threat Roundup for July 22 - 29
Talos is publishing a glimpse into the most prevalent threats we've observed from July 22 - 29. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral cha
Threat Source newsletter (July 28, 2022) — What constitutes an "entry-level" job in cybersecurity?
Welcome to this week’s edition of the Threat Source newsletter. Between the White House’s recent meeting, countless conference talks and report after report warning of cybersecurity burnout, there’s been a ton of talk recently around the cybersecurity skills gap and hiring. Eve
Vulnerability Spotlight: How a code re-use issue led to vulnerabilities across multiple products
Recently, I was performing some research on a wireless router and noticed the following piece of code: This unescape function will revert the URL encoded bytes to its original form. But something specifically caught my attention: There was no size check for the performed operati
What Talos Incident Response learned from a recent Qakbot attack hijacking old email threads
By Nate Pors and Terryn Valikodath. Executive summary * In a recent malspam campaign delivering the Qakbot banking trojan, Cisco Talos Incident Response (CTIR) observed the adversary using aggregated, old email threads from multiple organizations that we assess were likely ha
Quarterly Report: Incident Response Trends in Q2 2022
For the first time in more than a year, ransomware was not the top threat Cisco Talos Incident Response (CTIR) responded to this quarter, as commodity malware surpassed ransomware by a narrow margin. This is likely due to several factors, including the closure of several ransomwa
Threat Roundup for July 15 to July 22
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between July 15 and July 22. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting k