on September 19, 2024 at 7:00 am — CVE-2022-2601 Redhat: CVE-2022-2601 grub2 – Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass
Updated FAQs with the following information: To address a known issue on systems with dual booting for Windows and Linux, we have reconfigured the manner in which this fix can be applied. Starting with the September 10, 2024 security updates, the fix will not automatically apply the SBAT update to the firmware. Customers who have
July 11, 2023 — Undocumented driver-based browser hijacker RedDriver targets Chinese speakers and internet cafes
Cisco Talos has identified multiple versions of an undocumented malicious driver named “RedDriver,” a driver-based browser hijacker that uses the Windows Filtering Platform (WFP) to intercept browser traffic. RedDriver has been active since at least 2021.RedDriver utilizes HookSignTool to forge its signature timestamp to bypass Windows driver-signing policies.Code from multiple open-source tools has been used
August 8, 2023 — What Cisco Talos knows about the Rhysida ransomware
Cisco Talos is aware of the recent advisory published by the U.S. Department of Health and Human Services (HHS) warning the healthcare industry about Rhysida ransomware activity. As we’ve discussed recently, there has been huge growth in the ransomware and extortion space, potentially linked to the plethora of leaked builders and source code related to
August 8, 2023 — What Cisco Talos knows about the Rhysida ransomware Read More »
October 11, 2023 — What to know about the HTTP/2 Rapid Reset DDoS attacks
Cisco Talos is actively tracking the novel distributed denial-of-service (DDoS) attacks cloud services provider Cloudflare disclosed earlier this week. The techniques described in Cloudflare’s blog post resulted in a record-breaking DDoS attack and could facilitate much larger attacks in the future. CVE-2023-44487 CVE-2023-44487, a vulnerability in the HTTP/2 protocol, was recently used to launch intensive
October 11, 2023 — What to know about the HTTP/2 Rapid Reset DDoS attacks Read More »
October 16, 2023 — Active exploitation of Cisco IOS XE Software Web Management User Interface vulnerabilities
Updates Nov. 02: Identified a third version of the BadCandy implant. Added expected response from the new version of the implant against one of the HTTP requests used to check for infected device. Nov. 1: Observed increase in exploitation attempts since the publication of the proofs-of-concept (POCs) of the exploits involved. Named the Lua-based web
April 24, 2024 — ArcaneDoor – New espionage-focused campaign found targeting perimeter network devices
*Updated 2024-04-25 16:57 GMT with minor wording corrections regarding the targeting of other vendors. ArcaneDoor is a campaign that is the latest example of state-sponsored actors targeting perimeter network devices from multiple vendors. Coveted by these actors, perimeter network devices are the perfect intrusion point for espionage-focused campaigns. As a critical path for data into
April 16, 2024 — Large-scale brute-force activity targeting VPNs, SSH services with commonly used login credentials
Cisco Talos would like to acknowledge Anna Bennett and Brandon White of Cisco Talos and Phillip Schafer, Mike Moran, and Becca Lynch of the Duo Security Research team for their research that led to the identification of these attacks. Cisco Talos is actively monitoring a global increase in brute-force attacks against a variety of targets,
Insider threat: Months after being fired, former employee accessed company’s computer test system and deleted servers, causing it to lose S$918,000
CNA reports: Singapore: Upset that he was fired, an employee accessed his former company’s computer test systems and deleted 180 virtual servers, costing them about S$918,000 (US$678,000). Kandula Nagaraju, 39, was sentenced to two years and eight months’ jail on Monday (Jun 10) for one charge of unauthorised access to computer material. Another charge was… …
