talos
-
Threat actors increasingly deployed web shells against vulnerable web applications and primarily exploited vulnerable or unpatched public-facing applications to gain initial access in Q4, a notable shift from previous quarters. The functionality of the web shells and targeted web applications varied across incidents, highlighting the multitude of ways threat actors can leverage vulnerable web servers…
-
Threat actors increasingly deployed web shells against vulnerable web applications and primarily exploited vulnerable or unpatched public-facing applications to gain initial access in Q4, a notable shift from previous quarters. The functionality of the web shells and targeted web applications varied across incidents, highlighting the multitude of ways threat actors can leverage vulnerable web servers…
-
Welcome to this week’s edition of the Threat Source newsletter.
-
Threat actors are increasingly conducting identity-based attacks across a range of operations that are proving highly effective, with credential theft being the main goal in a quarter of incident response engagements.
-
Now celebrating its 10th anniversary, Cisco Talos is among the world’s preeminent threat intelligence detection and response groups. And given the relentless sophistication of today’s cyberthreats, it’s needed more than ever.
-
Cisco Talos’ Vulnerability Research team recently discovered 11 vulnerabilities in Microsoft Windows CLIPSP.SYS and Adobe Acrobat Reader that were all disclosed this week as part of the company’s regular security updates.
-
Cisco has announced the integration of its Talos threat intelligence across multiple Splunk security products, marking a significant milestone in the company’s efforts to combine capabilities following its acquisition of Splunk earlier this year.
-
Cisco Talos experts are actively monitoring several malicious campaigns utilizing NetSupport RAT for persistent infections. These campaigns evade detection through obfuscation and regular updates.
-
With Black Hat just a week away, Cisco Talos is gearing up for another year of heading to Las Vegas to share in some of the latest major cybersecurity announcements, research and news.
-
A new report out today from Cisco Talos finds that business email compromise and ransomware were the top threats in the second quarter of 2024, with technology companies becoming the most targeted sector.
-
A lot has happened in Talos’ 10 years of existence. And to celebrate our birthday, we wanted to look back on some of the major moments in Talos’ history. Here’s an overview of some of the major events, cyber attacks, research breakthroughs and more that truly make Talos Talos. We hope this walk down memory…
-
In Cisco Talos’ first episode of Talos Threat Perspective (TTP) episode, two Talos Threat Intelligence experts, Nick Biasini and James Nutland, discuss new research on the most prominent ransomware groups. They also pick three key topics and trends to focus on: initial access, differences among the groups, and the vulnerabilities they most heavily target.
-
To avoid detection, ransomware actors employ “defense evasion methods” such as disabling or modifying security software, including anti-virus programs and endpoint detection solutions. They also often try to disable security features in the operating system to prevent the detection of the ransomware payload,” Nutland wrote. “Adversaries will also often obfuscate malicious software by packing and compressing…
-
Cisco Talos analyzed the top 14 ransomware groups between 2023 and 2024 to expose their attack chain and highlight interesting Tactics,Techniques and Protocols. The security company also exposed the most leveraged vulnerabilities being triggered by ransomware actors.
-
A new report released today by Cisco Talos is warning of the implications of the recent Snowflake Inc.-related cloud data platform breach and how the comprised accounts highlight the vulnerabilities inherent in cloud environments.
-
Multi-factor authentication (MFA) is a critical form of defense for organizations, and threat actors are recognizing that: According to the latest Cisco Talos Incident Response Quarterly Trends report, instances related to MFA were involved in some capacity in half of all security incidents that the Talos team responded to in the first quarter of 2024.
-
A new report from Cisco Talos exposed the activities of a threat actor known as LilacSquid, or UAT-4820. The threat actor exploits vulnerable web applications or uses compromised Remote Desktop Protection credentials to successfully compromise systems by infecting them with custom PurpleInk malware. So far, organizations in various sectors in the U.S., Europe and Asia…
-
Cisco Talos is preparing to release the first in a series of changes to our Web Categorization system, which is designed to simplify the verbiage we use.
-
Cisco Talos has developed a fuzzer that enables us to test macOS software on commodity hardware. Fuzzer utilizes a snapshot-based fuzzing approach and is based on WhatTheFuzz framework. Support for VM state extraction was implemented and WhatTheFuzz was extended to support the loading of VMWare virtual machine snapshots. Additional tools support symbolizing and code coverage…
-
Cisco Talos is delighted to share updates about our ongoing partnership with the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to combat cybersecurity threats facing civil society organizations.