September 5, 2024 at 04:15AM Cisco Talos has discovered that threat actors may be using MacroPack, a payload generation framework, to distribute malware. The malicious documents are observed to have bypassed anti-malware detections and follow a three-step attack chain. The attackers are utilizing sophisticated techniques and diverse lure themes, suggesting the involvement of distinct threat … Read more
September 4, 2024 at 06:06PM The MacroPack framework, originally for Red Team exercises, is exploited by threat actors to distribute malicious payloads such as Havoc, Brute Ratel, and PhantomCore. Security researchers at Cisco Talos found various documents in different countries, indicating widespread abuse. These attacks use advanced evasion techniques and represent a concerning trend. Ransomware … Read more
August 28, 2024 at 07:39AM The BlackByte ransomware group has been found exploiting a recently patched security flaw in VMware ESXi hypervisors, and using vulnerable drivers to bypass security protections, according to a report from Cisco Talos. The group is also targeting various sectors and has been observed evolving its tactics to evade detection and … Read more
August 8, 2024 at 01:25PM CISA recommends disabling the Cisco Smart Install feature due to recent abuse in attacks. Threat actors exploit weak password types and leverage other protocols to steal sensitive data. Admins are advised to disable legacy SMI protocol, implement stronger password protection, and follow best practices for securing administrator accounts and passwords … Read more
August 2, 2024 at 12:42PM A Taiwanese research institute specializing in computing was breached by China-affiliated threat actors, delivering backdoors and malware like ShadowPad and Cobalt Strike. Cisco Talos discovered the activity in August 2023 and attributed it to APT41. The attackers used various techniques to evade detection and exfiltrated documents from the network. This … Read more
May 19, 2024 at 10:36PM Nissan has confessed to another data breach involving the theft of personal information belonging to over 50,000 employees. The breach occurred in November 2023 through a targeted cyber attack. In a separate incident, systems at Nissan Oceania were hit by the Akira ransomware gang, compromising the personal information of over … Read more
May 7, 2024 at 01:13PM Nearly 52,000 vulnerable Tinyproxy instances exposed to CVE-2023-49606, a critical remote code execution flaw. Cisco Talos disclosed the use-after-free vulnerability in December 2023, affecting versions 1.11.1 and 1.10.0. After receiving no response from developers, Cisco reported detailed information and proof-of-concept exploits. On Sunday, Tinyproxy released a fix to prevent exploitation, … Read more
April 25, 2024 at 12:06PM A state-sponsored threat actor named UAT4356 conducted a global cyber espionage campaign by exploiting two Cisco zero-day vulnerabilities in firewall devices. Dubbed “ArcaneDoor,” the campaign targeted government networks and utilized custom backdoor malware called “Line Dancer” and “Line Runner.” Organizations are advised to patch their systems and monitor for any … Read more
April 25, 2024 at 03:01AM A new state-sponsored malware campaign, named ArcaneDoor by Cisco Talos, used two zero-day flaws in Cisco networking gear to deploy custom malware for covert data collection. The U.S. CISA added the vulnerabilities to its KEV catalog, requiring federal agencies to apply fixes by May 1, 2024. The campaign exemplifies increased … Read more
April 24, 2024 at 01:10PM Cisco warns of state-backed hacking involving zero-day vulnerabilities in ASA and FTD firewalls used to infiltrate government networks globally. The cyber-espionage campaign, known as ArcaneDoor, targeted vulnerable edge devices since November 2023. Cisco discovered and fixed two zero-days – CVE-2024-20353 and CVE-2024-20359 – and urges customers to upgrade their devices … Read more