Security
Headlines
HeadlinesLatestCVEs

Tag

#cisco

Lotus Blossom espionage group targets multiple industries with different versions of Sagerunex and hacking tools

Lotus Blossom espionage group targets multiple industries with different versions of Sagerunex and hacking tools

TALOS
Open in Source
#web#mac#windows#cisco#git#backdoor#auth#chrome#firefox
PolarEdge Botnet Exploits Cisco and Other Flaws to Hijack ASUS, QNAP, and Synology Devices

A new malware campaign has been observed targeting edge devices from Cisco, ASUS, QNAP, and Synology to rope them into a botnet named PolarEdge since at least the end of 2023. French cybersecurity company Sekoia said it observed the unknown threat actors leveraging CVE-2023-20118 (CVSS score: 6.5), a critical security flaw impacting Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and

Roblox called “real-life nightmare for children” as Roblox and Discord sued

Last week it was reported that a lawsuit has been initiated against gaming giant Roblox and leading messaging platform Discord.  The court...

Your item has sold! Avoiding scams targeting online sellers

There are many risks associated with selling items on online marketplaces that individuals and organizations should be aware of when conducting business on these platforms.

GHSA-5pmw-9j92-3c4c: OpenH264 Rust API Openh264 Decoding Functions Heap Overflow Vulnerability

OpenH264 recently reported a [heap overflow](https://github.com/cisco/openh264/security/advisories/GHSA-m99q-5j7x-7m9x) that was fixed in upstream [63db555](https://github.com/cisco/openh264/commit/63db555e30986e3a5f07871368dc90ae78c27449) and [integrated into](https://github.com/ralfbiedert/openh264-rs/commit/3a822fff0b4c9a984622ca2b179fe8898ac54b14) our 0.6.6 release. For users relying on Cisco's pre-compiled DLL, we also published 0.8.0, which is compatible with their latest fixed DLL version 2.6.0. In other words: - if you rely on our `source` feature only, >=0.6.6 should be safe, - if you rely on `libloading`, you must upgrade to 0.8.0 _and_ use their latest DLL >=2.6.0. Users handling untrusted video files should update immediately.

The US Is Considering a TP-Link Router Ban—Should You Worry?

Several government departments are investigating TP-Link routers over Chinese cyberattack fears, but the company denies links.

Cisco Confirms Salt Typhoon Exploited CVE-2018-0171 to Target U.S. Telecom Networks

Cisco has confirmed that a Chinese threat actor known as Salt Typhoon gained access by likely abusing a known security flaw tracked as CVE-2018-0171, and by obtaining legitimate victim login credentials as part of a targeted campaign aimed at major U.S. telecommunications companies. "The threat actor then demonstrated their ability to persist in target environments across equipment from multiple

Efficiency? Security? When the quest for one grants neither.

William discusses what happens when security is an afterthought rather than baked into processes and highlights the latest of Talos' security research.

Weathering the storm: In the midst of a Typhoon

Cisco Talos has been closely monitoring reports of widespread intrusion activity against several major U.S. telecommunications companies, by a threat actor dubbed Salt Typhoon. This blog highlights our observations on this campaign and identifies recommendations for detection and prevention.

How One AI Startup Founder Cornered Microsoft Into Finally Taking Down Explicit Videos of Her

Breeze Liu has been a prominent advocate for victims. But even she struggled to scrub nonconsensual intimate images and videos of herself from the web.