Source
TALOS
There are many ways to approach this growing threat, but here's why Talos feels intent-based protection is the best.
There are many ways to approach this growing threat, but here's why Talos feels intent-based protection is the best.
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Oct. 7 and Oct. 14. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is non-exhaustive and current as of the date of publication. Additionally, please keep in mind that IOC searching is only one part of threat hunting. Spotting a single IOC does not necessarily indicate maliciousness. Detection and coverage for the following threats is subject to updates, pending additional threat or vulnerability analysis. For the most current information, please refer to your Firepower Management Center, Snort.org, or ClamAV.net. For each threat described below, this blog post only lists 25...
Cisco Talos is well-known for its work in spotting and defeating fake news, disinformation and misinformation. And state-sponsored actors, unwitting social media users and even direct government agencies have played a part in spreading fake news during Russia's invasion of Ukraine. In this video, we'll look at a few examples of what essentially equates to propaganda spreading across social media, leading to false stories, headlines, posts and the continued degradation of the meaning of "truth."
In this video, we'll look at a few examples of what essentially equates to propaganda spreading across social media, leading to false stories, headlines, posts and the continued degradation of the meaning of "truth."
By Jon Munshaw. Welcome to this week’s edition of the Threat Source newsletter. October is National Cybersecurity Awareness Month. Which, if you’ve been on social media at all the past 13 days or read any cybersecurity news website, you surely know already. As it does every year, I saw Cybersecurity Awareness Month kick off with a lot of snark and memes of people joking about what it even means to be “aware” of cybersecurity and why we even have this month at all. And I get why it’s easy to poke fun at, it is at its core a marketing-driven campaign, and hardcore security experts and researchers have notoriously pushed back against this being a marketing-driven field. I’m not saying there should be Cybersecurity Awareness Month mascots brought to life on the floor of Black Hat, but it is probably time to pump the brakes on the skepticism and snark. After all, this week should be about broadening the security community, not trying to exclude others from it. I came to Talos ...
By Chetan Raghuprasad, Asheer Malhotra and Vitor Ventura, with contributions from Matt Thaxton. Cisco Talos discovered a new attack framework including a command and control (C2) tool called "Alchimist" and a new malware "Insekt" with remote administration capabilities. The Alchimist has a web interface in Simplified Chinese with remote administration features. The attack framework is designed to target Windows, Linux and Mac machines. Alchimist and Insekt binaries are implemented in GoLang. This campaign consists of additional bespoke tools such as a MacOS exploitation tool, a custom backdoor and multiple off-the-shelf tools such as reverse proxies. Cisco Talos has discovered a new single-file command and control (C2) framework the authors call "Alchimist [sic]." Talos researchers found this C2 on a server that had a file listing active on the root directory along with a set of post-exploitation tools. Cisco Talos assesses with moderate-high confidence that this framework is being...
Cisco Talos discovered a new attack framework including a command and control (C2) tool called "Alchimist" and a new malware "Insekt" with remote administration capabilities.
Cisco Talos discovered a new attack framework including a command and control (C2) tool called "Alchimist" and a new malware "Insekt" with remote administration capabilities.
Francesco Benvenuto of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered nine vulnerabilities in the Robustel R1510 industrial cellular router, several of which could allow an adversary to inject operating system code remotely. The Robustel R1510 router is a dual-ethernet port wireless router that shares 3G and 4G wireless signals for use in industrial and internet-of-things environments. The router includes the use of open VPN tunneling, a cloud management platform to manage other devices and routers and different safeguards to manage data caps. Talos discovered five operating system command injection vulnerabilities in the router that an adversary could trigger by sending the targeted device a specially crafted network request. All these vulnerabilities have a CVSS severity score of 9.1 out of 10: TALOS-2022-1578 (CVE-2022-34850) TALOS-2022-1577 (CVE-2022-33150) TALOS-2022-1576 (CVE-2022-32765) TALOS-2022-1573 (CVE-2022-33325 ...