CyberSecurity
on September 19, 2024 at 7:00 am — CVE-2023-40547 Redhat: CVE-2023-40547 Shim – RCE in HTTP boot support may lead to secure boot bypass
Updated FAQs with the following information: To address a known issue on systems with dual booting for Windows and Linux, we have reconfigured the manner in which this fix can be applied. Starting with the September 10, 2024 security updates, the fix will not automatically apply the SBAT update to the firmware. Customers who have
on September 19, 2024 at 7:00 am — CVE-2022-2601 Redhat: CVE-2022-2601 grub2 – Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass
Updated FAQs with the following information: To address a known issue on systems with dual booting for Windows and Linux, we have reconfigured the manner in which this fix can be applied. Starting with the September 10, 2024 security updates, the fix will not automatically apply the SBAT update to the firmware. Customers who have
July 11, 2023 — Undocumented driver-based browser hijacker RedDriver targets Chinese speakers and internet cafes
Cisco Talos has identified multiple versions of an undocumented malicious driver named “RedDriver,” a driver-based browser hijacker that uses the Windows Filtering Platform (WFP) to intercept browser traffic. RedDriver has been active since at least 2021.RedDriver utilizes HookSignTool to forge its signature timestamp to bypass Windows driver-signing policies.Code from multiple open-source tools has been used
August 8, 2023 — What Cisco Talos knows about the Rhysida ransomware
Cisco Talos is aware of the recent advisory published by the U.S. Department of Health and Human Services (HHS) warning the healthcare industry about Rhysida ransomware activity. As we’ve discussed recently, there has been huge growth in the ransomware and extortion space, potentially linked to the plethora of leaked builders and source code related to
August 8, 2023 — What Cisco Talos knows about the Rhysida ransomware Read More »
October 11, 2023 — What to know about the HTTP/2 Rapid Reset DDoS attacks
Cisco Talos is actively tracking the novel distributed denial-of-service (DDoS) attacks cloud services provider Cloudflare disclosed earlier this week. The techniques described in Cloudflare’s blog post resulted in a record-breaking DDoS attack and could facilitate much larger attacks in the future. CVE-2023-44487 CVE-2023-44487, a vulnerability in the HTTP/2 protocol, was recently used to launch intensive
October 11, 2023 — What to know about the HTTP/2 Rapid Reset DDoS attacks Read More »
October 16, 2023 — Active exploitation of Cisco IOS XE Software Web Management User Interface vulnerabilities
Updates Nov. 02: Identified a third version of the BadCandy implant. Added expected response from the new version of the implant against one of the HTTP requests used to check for infected device. Nov. 1: Observed increase in exploitation attempts since the publication of the proofs-of-concept (POCs) of the exploits involved. Named the Lua-based web
April 24, 2024 — ArcaneDoor – New espionage-focused campaign found targeting perimeter network devices
*Updated 2024-04-25 16:57 GMT with minor wording corrections regarding the targeting of other vendors. ArcaneDoor is a campaign that is the latest example of state-sponsored actors targeting perimeter network devices from multiple vendors. Coveted by these actors, perimeter network devices are the perfect intrusion point for espionage-focused campaigns. As a critical path for data into