Security
Headlines
HeadlinesLatestCVEs

Tag

#cisco

ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices

ArcaneDoor is a campaign that is the latest example of state-sponsored actors targeting perimeter network devices from multiple vendors. Coveted by these actors, perimeter network devices are the perfect intrusion point for espionage-focused campaigns.

TALOS
#vulnerability#web#microsoft#cisco#intel#backdoor#perl#auth#ssh#zero_day#ssl
Patch Now: CrushFTP Zero-Day Cloud Exploit Targets US Orgs

An exploit for the vulnerability allows unauthenticated attackers to escape a virtual file system sandbox to download system files and potentially achieve RCE.

TikTok comes one step closer to a US ban

The US Senate has approved a bill that will ban TikTok, unless it finds a new owner, bringing it one step closer to being signed into law.

CoralRaider Malware Campaign Exploits CDN Cache to Spread Info-Stealers

A new ongoing malware campaign has been observed distributing three different stealers, such as CryptBot, LummaC2, and Rhadamanthys hosted on Content Delivery Network (CDN) cache domains since at least February 2024. Cisco Talos has attributed the activity with moderate confidence to a threat actor tracked as CoralRaider, a suspected Vietnamese-origin

Russia's Fancy Bear Pummels Windows Print Spooler Bug

The infamous Russian threat actor has created a custom tool called GooseEgg to exploit CVE-2022-38028 in cyber-espionage attacks against targets in Ukraine, Western Europe, and North America.

Suspected CoralRaider continues to expand victimology using three information stealers

Talos also discovered a new PowerShell command-line argument embedded in the LNK file to bypass anti-virus products and download the final payload into the victims’ host.

CISO Corner: Breaking Staff Burnout, GPT-4 Exploits, Rebalancing NIST

SecOps highlights this week include the executive role in "cyber readiness;" Cisco's Hypershield promise; and Middle East cyber ops heat up.

What’s the deal with the massive backlog of vulnerabilities at the NVD?

Given the state of the NVD and vulnerability management, we felt it was worth looking at the current state of the NVD, how we got to this point, what it means for security teams, and where we go from here.

Cisco's Complex Road to Deliver on Its Hypershield Promise

The tech giant tosses together a word salad of today's business drivers — AI, cloud-native, digital twins — and describes a comprehensive security strategy for the future, but can the company build the promised platform?

Cisco Warns of Massive Surge in Password-Spraying Attacks on VPNs

Attackers are indiscriminately targeting VPNs from Cisco and several other vendors in what may be a reconnaissance effort, the vendor says.