Talos Group

Microsoft released its monthly set of security updates today for a variety of its products that address a variety of bugs. The latest Patch Tuesday covers 61 vulnerabilities, 17 of which are rated “critical,” 43 that are rated “important” and one that is considered to have &#…

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between August 31 and September 7. As with previous round-ups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key beha…

Discovered by Paul Rascagneres. Overview Cisco Talos has discovered two similar vulnerabilities in the ProtonVPN and NordVPN VPN clients. The vulnerabilities allow attackers to execute code as an administrator on Microsoft Windows operating systems from a standard user. The vulnerabilities were assi…

Overview Talos is disclosing multiple SQL injection vulnerabilities in the Frappe ERPNext Version 10.1.6 application. Frappe ERPNext is an open-source enterprise resource planning (ERP) cloud application. These vulnerabilities enable an attacker to bypass authentication and get unauthenticated acces…

Since our initial discovery of a malicious mobile device management (MDM) platform that was loading fake applications onto smartphones, we have gained greater insight into the attacker’s methods. We now know how the attacker took advantage of a common MDM feature and used an iOS profile to hid…

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between August 24 and August 31. As with previous round-ups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavi…

This post was authored by David Liebenberg. Summary Cryptocurrency miners are becoming an increasingly significant part of the threat landscape. These malicious miners steal CPU cycles from compromised devices to mine cryptocurrencies and bring in income for the threat actor. In this post, we look a…

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between August 17 and August 24. As with previous round-ups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavi…

This blog post was authored by Edmund Brumaghin and Holger Unterbrink with contributions from Eric Kuhla and Lilia Gonzalez Medina. Overview Cisco Talos has recently observed multiple campaigns using the Remcos remote access tool (RAT) that is offered for sale by a company called Breaking Security.…