All news with #talos tag

🎃 Microsoft’s free Windows 10 updates have largely ended, with EEA consumers receiving free Extended Security Updates through Oct 14, 2026, while most other users must pay. Q3 telemetry shows roughly 35,000 CVEs through September, averaging about 130 new entries per day, and a rising set of Known Exploited Vulnerabilities (KEV) that widen vendor and network impact. Talos also launched the Tool Talk series, offering a hands-on guide to dynamic binary instrumentation with DynamoRIO for malware analysis and runtime inspection.

🔐 Cisco Talos reports that a North Korean-linked threat cluster has blended features of its BeaverTail and OtterCookie JavaScript malware families, with recent OtterCookie variants adding keylogging, screenshot capture, and clipboard monitoring. The intrusion chain observed involved a trojanized Node.js application called Chessfi and a malicious npm dependency published on August 20, 2025 that executed postinstall hooks to launch multi-stage payloads. Talos tied the activity to the Contagious Interview recruitment scam and highlighted continued modularization and abuse of legitimate open-source packages and public Git hosting to distribute malicious code.

🔍 Talos uncovered a campaign linked to the DPRK-aligned cluster Famous Chollima that used a trojanized Node.js package and a malicious VS Code extension to deliver merged BeaverTail and OtterCookie tooling. The combined JavaScript payloads include a newly observed keylogger and screenshot module alongside clipboard theft, targeted file exfiltration, remote shell access, and cryptocurrency extension stealing. Indicators, C2 addresses, Snort/ClamAV detections, and mitigation guidance are provided.

⚠️ Cisco Talos disclosed vulnerabilities affecting OpenPLC and the Planet WGR-500 industrial router, including a ModbusTCP denial-of-service and multiple critical flaws in HTTP-handling functions. The OpenPLC issue (TALOS-2025-2223 / CVE-2025-53476) can be triggered by a crafted series of TCP connections to exhaust the ModbusTCP server. Planet WGR-500 vulnerabilities (TALOS-2025-2226–2229 / CVE-2025-54399–54406, CVE-2025-48826) include stack-based buffer overflows, format string, and OS command injection flaws that may lead to memory corruption or arbitrary command execution.

🔐 Cisco Talos Incident Response (Talos IR) provides rapid, 24/7 crisis support and proactive services to contain, investigate, and remediate cybersecurity incidents. Talos combines deep threat intelligence, digital forensics, and a vendor-agnostic approach to work with existing tools and environments. Engagements follow a structured IR lifecycle—Preparation, Identification, Containment, Eradication, Recovery, and Lessons learned—to minimize disruption and build long-term resilience.

🔒 Cisco Talos disclosed multiple vulnerabilities affecting libbiosig, Tenda AC6, SAIL, PDF‑XChange Editor, and Foxit PDF Reader. The flaws include integer overflows, heap and stack buffer overflows, out‑of‑bounds reads, authentication and firmware validation weaknesses, and other memory corruption issues that can lead to remote code execution or information disclosure. Vendors have released patches in coordination with Talos and Snort coverage is available to detect exploitation attempts. Apply vendor updates and detection rules immediately to reduce exposure.

🔒 At Talos, JJ Cummings — leader of the Threat Intelligence and Interdiction team — discusses the delicate work of handling partner-provided, sensitive information while conducting nation‑state investigations. He outlines how analysts create unattributable or alternatively attributable reporting to preserve sources and still deliver operationally useful findings. JJ credits colleagues such as Matt Olney and Ryan Pentney and emphasizes his team's role as force multipliers in incident response, threat hunting, and deep analysis.

🔒 This deep-dive by Philippe Laulheret (Talos) dissects Dell's ControlVault3 ecosystem, exposing firmware decryption, memory-corruption flaws, and exploit chains that cross the device/host boundary. The researchers recovered hardcoded keys, reverse-engineered the SCD/SMAU update mechanism, and achieved arbitrary code execution in firmware, enabling persistence and a demonstrated Windows Hello bypass. Practical attacks include forging SCD blobs, backdooring firmware to escalate to SYSTEM, and physically extracting the USH board over USB for rapid compromise.