We look back on 10 years of Talos, in multiple interviews with Talos' leaders.

Wednesday, July 31, 2024 07:55

As part of the celebrations of Cisco Talos turning 10, we’d like to take you back to where it all began: How we formed our mission of protecting our customers and making the internet suck a bit less, an insight into our culture, and how we came to work with some of the most talented human beings on the planet.  

This is the history of Talos, as told through the eyes of some of our senior leaders. 

**The Sourcefire years**

_Editor's note: Sourcefire was a company that specialized in Firepower network security appliances based on Snort, an open-source intrusion detection system. Sourcefire was acquired by Cisco for $2.7 billion in July 2013._

**Matt Watchinski, Vice President of Talos:** What I remember most from the early years of Sourcefire was all of us being crowded into a minuscule meeting room. We spent our days discussing huge, complicated s\*\*t. There was so much mutual respect and understanding for what we set out to achieve. 

**Chris Marshall, Director of Talos Network Detection and Response Team:** We all collectively believed that we could be the best security team on the planet. We were so passionately driven to achieve things together. And we went out of our way to take care of each other to make sure those two other things happened. 

**Watchinksi:** We had a group that could change priorities on a dime, and then actually execute on them — without anybody coming back and saying, “The dumbest decision in the entire world was just made in that tiny room. Now we have to go and do stupid s\*\*t.” Everybody came back from that room and said, “Alright, this is the thing that's going to make Sourcefire the most successful, and so that’s the direction we’re going to march in.” 

**Lurene Grenier, Director of Competitive Analysis:** At Sourcefire our goal was to build the best and most open product we could. At the time, all the rules had to be written by hand, without any guidance. We had no contracts with any companies. The biggest thing on the map at that point was Patch Tuesday bugs, and they were all remote root bugs. Every month, 15 - 20 of those bugs would get dropped. It was my job to grab the patches, patch the systems, reverse engineer the patches, and write an exploit for the bug. And then I would pass that exploit to the team who wrote the \[Snort\] rules. We would write the documentation, package everything up, and send that to QA. 

We significantly changed the security posture and behaviour of Fortune 50 companies on the regular, with about 30 people. We were doing things that the industry said was impossible. And my favorite part was we had executives from those Fortune 50 companies coming out to buy us lunch, begging us to stop telling the public the truth. 

**The acquisition of Sourcefire**

**Marshall:** I came to Sourcefire from the U.S. military. I had no idea what being acquired meant.  

**Watchinski:** We had been in negotiations with Cisco for about six months. I couldn’t tell anyone about that though. Those final negotiations went on until 4 a.m. the morning that the deal closed. We didn’t stop until we had reached a deal that was right for our people. At 4:30 a.m., I sent a text to my directs, telling them that something big was happening, and they should come into the office at 7 a.m.  

**Marshall:** At the time, I ran the response work. And Watchinski didn't tell me if there was a problem. So, my instincts told me something was very wrong. “Who else do I need to call? How bad is the situation?” And he just replied, “I just need you there first thing in the morning.” So, the next morning Watchinski walked in, and me, \[Matt\] Olney \[Director of Threat Intelligence and Interdiction\] and Nigel \[Houghton, former director of Talos Operations\] are standing around anxiously. And then Watchinski said, “Cisco just bought us. We're not working today.”   

**Three teams coming together**

 **Watchinski:** For the first year after the acquisition, Sourcefire continued as the VRT (Vulnerability Research Team). During that time, we met various people across Cisco and tried to figure out what they all did. One of the people I met was Luci \[Lagrimas\]. She’s an incredible person, and we started hatching a plan on how we could be successful together. 

We proposed bringing together a singular set of services, a singular threat research and intelligence team, a singular understanding of our data, and a singular voice of how we talk about security. 

I gave a presentation to what was then three different groups — VRT, Cisco Threat Research, Analysis and Communications (TRAC), and Security Applications (SecApps).  

**Luci Lagrimas, Senior Director of Engineering:** That was a day I’ll always remember. We all gave presentations about who we were and who our teams were. I put three pictures on an “About Me” slide, and one of them was me playing field hockey, wearing a T-shirt that definitely showed off my guns. \[Matt\] Olney leans over to Marshall and says, “Dude, she can kick our ass!”  

**Matt Olney, Director of Talos Threat Intelligence & Interdiction**: This remains true to this day. 

__Luci’s photo from her original slide deck at the first Talos meeting.__

**Marshall:** My first impression of Luci was that slide. That set the tone for these teams coming together, because here’s this badass lady with a field hockey stick causing carnage on the field, and that’s what we were going to bring into our group.  

**The Talos brand is born**

**Lee Jones, Talos distinguished engineer:** My first exposure to Matt \[Watchinski\] was a cultural definition point, because Matt came in and did what he’s great at, which is coalesce things. It was incredible to watch how he started forming the vision of what Talos was going to be. 

**Watchinski:** I believe that to have an effective team, you need three things: a mission that everybody understands, a culture that everybody can work in, and some type of icon that people can rally behind. A colleague of mine would always say, “This is how you build a cult!” And I would reply, “Yeah, kinda...but the good kind of cult.” 

I knew that having three different brands and messages wouldn’t work. We needed the branding to reflect on who we were as a new team coming together. That was a point of unity — giving up what the VRT had built from a brand perspective for over 10 years. And asking the others to do the same. 

**Luci:** Between April and August 2014, the team leaders all threw different ideas into the ring about what we would be called and what sort of brand could represent who we were becoming.  

**Watchinski:** If I remember it right, it was Matt Olney who came up with Talos, protector of the shores. That one resonated most with everyone, because it aligned with our main mission of protecting our customers.  

**Matt Olney** It came about because we wanted something big to represent us. We were now part of a team that was focussed on much more than vulnerabilities. We wanted to have a larger voice as an organization, and a larger role in security consciousness. 

**Luci:** Talos was officially launched at BlackHat in 2014. 

**The team grows**

**Liz Cooperrider, Leader, Talos Project Management Office:** When I started reporting directly to Matt \[Watchinski\] he elevated the Project Management Office (PMO) and the value of what we brought to the organization. 

Since 2019, we’ve been able to grow and become an integral part of Talos, mainly because I was given a lot of independence and autonomy from the team.

**Lee:** After Talos was formed, I was working across the Cisco portfolio, helping them to design products from a security perspective. In 2018, I came back home to Talos. My role was to work with Luci to transition the architectural aspect of Talos, and get it to a trusted product partner level, global in scope and scale, beyond the core competency of the security mission. 

We created a service delivery architecture called “Tomorrowland”. This was a big turning point. It didn’t change our security capabilities themselves, but our ability to project our power went up. 

**Lee:** At a lot of other places, rank and hierarchy matter. Titles matter, and there can be a top-down approach sometimes. But at Talos, there’s a culture of asking questions and pushing back to see, “Do I really believe this and want to incorporate this to my mission?” That is very energizing. I sat back and thought, “This is where I want to be. I’m happy. This is what I was hoping for.” 

**Amy Henderson, Director of Talos Strategic Communications and Operations:** I was a portfolio manager in the Customer Experience organization in Cisco, and at that time (October 2019), one of our key services was Incident response. The IR team worked very closely with Talos, sharing intelligence, understanding what's going on at a customer site when things go down, etc. We eventually came to the decision that Incident Response should become Talos Incident Response, bringing those teams under one umbrella. 

I got to know Watchinski and Olney and really enjoyed working with them. But there was a moment during the transition that the Talos team pulled back. They said they wanted to pause things because it wasn’t being done in the right way. Not being part of Talos at that point, I really appreciated their honesty and integrity. Because when you’re working towards delivering on a priority, sometimes you end up just pushing the ball down the road without necessarily getting the outcome that you want. It’s important to take stock and think about, “Is this actually what we want to achieve?” 

I pinged Olney and said how much I respected their decision. Because it showed the character of the Talos team. They’re not going to rubber stamp everything and say it’s OK when it’s not. 

**Brad Garnett, Director of Talos Incident Response:** I was another Talos transplant. I was running the Incident Response team on the CX side, and as Amy mentioned it made sense to bring us into Talos. Response and intelligence are like peanut butter and jelly, it just goes together.  

We gathered in London in the fall of 2019, and we talked about what IR might look like inside of Talos. Our brand, reputation, integration, intelligence services etc. I still have that agenda from nearly five years ago, and I still remember our first three customers.

That helps me bring perspective — no matter how challenging things get, we’ve hugely grown in scale. Customers need us more than ever. And our mission has grown to not just helping customers on an individual level, but to use that experience to protect all our customers. “The power of the debrief”, as I frequently say to my team. Take what we’re seeing and go help more people. 

**The mission**

**Olney**: When people ask me what I do, I tell them, “I build the expertise that allows me and my team to go places and fix things.” I’m most proud of the work that we do that makes no sense from a corporate or financial perspective, such as the election security work, the work we’ve done to protect Ukraine’s critical infrastructure…the stuff that doesn’t turn a dollar but makes the world a better place. To do all that within a capitalistic entity is pretty remarkable. 

That’s what makes me so proud of this team. We approach security problems as, “How can I positively affect the most amount of people?”  

**Luci:** Whenever I see Talos in the news, I feel really proud to be a part of an organization that isn’t out there just for the money. We’re out there to make the world a better place. 

**Watchinski:** The work we did to help Ukraine, to fill 747s with Cisco kit and fly into a country at war….being able to actually support their operations from either afar or in country, help protect their people, help them turn back on civil infrastructure so that trains run, telephones work, payment processing is functional, the basic needs of society are still met, even though adversaries are actively trying to bring those things offline… I don't think there's a ton of companies that can say they have the capability to do those things. Or even the will to do them. 

**Amy:** And then on top of that, you have Joe Marshall’s Project PowerUp work which helped keep the electrical grid in Ukraine running after disruption from GPS jamming. Joe, on his own terms, found the right people, pulled volunteers together, and we were able to build something to help the grid maintain better time so Ukrainians can have more stable electrical power. 

Extract from a Dutch newspaper reporting on Talos' work on Project PowerUp

 **Marshall:** When we can pull off that kind of thing, it’s because of the trust that we have. More people today trust us than ever before. And I think that trust is well-deserved because of the solid information we can provide.

We bring verified information our customers can act upon, as well as bringing calm to a situation so we can encourage reason. We keep doing that no matter what else happens, and that gives people peace of mind. 

**Amy:** What’s common amongst the folks that we hire is they know that sometimes they’ll need to drop everything and pivot to a rapid response effort. I hope they know that our leadership team fights to give them air cover to a) keep them sane during those times, and b) makes sure that they have what they need. As a leadership team we fight for budgets and time and resources that can help them, because our people have such an innate sense of doing the right thing. We know that the lengths that people go to, and that's one of the many reasons why we will protect them every single day. 

** Our culture**

**Lurene:** In the early days of Sourcefire, there was no situation that came up where we couldn't sit down together and come up with a plan to solve it. We would make it work, and in so doing, we would make a change in the industry. We were given the space to do that. Matt \[Watchinski\] would say, “Go figure this out, come up with some plans, give me three options, and then we're gonna pick one of them and do it.” 

When I came back to Talos two years ago, I was so pleased to see that everybody had protected that culture and passed it on to new leaders in the group. I’m really proud of that. 

It’s our job to make people feel comfortable who might not feel comfortable elsewhere. Developing a space for people who are extremely valuable team members but might have trouble thriving in an extremely generic environment. I am one of those people, so I know I can say that. 

**Olney:** We want Talos be a thing that's worth being yourself with. Our culture is very conscious.  We didn’t do a survey and figure out, “Employees are 2.5% more engaged if you give them free drinks.” They get to define who they are, and who they want to be at Talos. And they get to define what you want your experience at Talos to be like. 

**Liz:** In other organizations, if a team doesn't make their deliverable, there’s zero compassion and no understanding – “Why did that fail?” Within Talos, we can fail and fail fast because there is so much clear transparency. That’s completely a part of the culture. 

**Marshall:** It really is. Until I myself attain perfection, it’s unfair for me to expect perfection from anyone else. 

**Olney:** We ask so much of our people.  We ask them to move fast and make tough decisions. If we were set the tone that every time someone screwed up, it was a job threatening situation, then people would be far more hesitant. They would work inside of smaller boxes. They would think smaller, and they would act less boldly. They would fade into the background more often. That’s the exact opposite of what we want.  

There’s no “Key performance metric” for Joe Marshall to build relationships with the Ukrainians and then come up with a solution that helps them keep the lights on. It’s just what we do…it’s just what we, as Talos, do. 

**Watchinski:** Our culture is the thing I’m most proud of, of all the things Talos has achieved over the past 10 years. 

**Liz:** Talos is also very family first. I remember once I was caring for my father. He had had a hip replacement, and I was to take care of him when he came home from the hospital. I thought I could do it by myself – be his 24-hour nurse and do my job at the same time. I showed up to a sync with Chinski, and he immediately knew something was wrong. He wasn't interested in any of the business side of things. He simply said, “Go. Go take care of your father.”  

**Marshall:** I stand by the idea that if I take care of my people, my people take care of me. That’s something I ask of all my managers — just take care of your people. The No. 2 thing I ask is to meet the needs of the business. 

**Watchinski:** A lot of people in this organization have been with me for 5,10,15 even 20 years. They’ve gone from junior analyst to senior director inside a Fortune 500 company. And even when you look at all the folks that have left the organization over the years, they've all gone on to do great things. 

**Marshall:** No matter what, I want people to be better for their time spent with us. And if they exit tomorrow but they’ve accomplished that, then we’ve done our job. 

**Brad:** People who have moved on from Talos have said to me, “The Talos years are some of the best years of my career.” To me, that’s worth protecting. 

For more Talos 10 celebrations, take a look at some our key moments:

"There is no business school class that would ever sit down and design Talos"

Chuksrio LMS version 2.9 suffers from an insecure direct object reference vulnerability.

**Chuksrio LMS 2.9 Insecure Direct Object Reference**

Posted Jul 30, 2024

Authored by indoushka

Chuksrio LMS version 2.9 suffers from an insecure direct object reference vulnerability.

tags | exploit

SHA-256 | 2913e2114833b1b975093b54cddc506496b54958798b2a0f6a2dd39c81193a02

Download | Favorite | View

**Chuksrio LMS 2.9 Insecure Direct Object Reference**

    ====================================================================================================================================| # Title     : Chuksrio LMS v2.9 IDOR Vulnerability                                                                               || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                   || # Vendor    : https://www.sourcecodester.com/                                                                                    |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Direct Object Reference : suffers from an insecure direct object reference that allows users to access the administrative interface.[+] use payload : /admin/header.php?captcha[+] https://www/127.0.0.1/mefkayschools.org/admin/header.php?captchaGreetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,203)
*   Arbitrary (16,836)
*   BBS (2,859)
*   Bypass (1,854)
*   CGI (1,033)
*   Code Execution (7,783)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,383)
*   DoS (25,016)
*   Encryption (2,389)
*   Exploit (53,089)
*   File Inclusion (4,257)
*   File Upload (989)
*   Firewall (822)
*   Info Disclosure (2,885)
*   Intrusion Detection (914)
*   Java (3,141)
*   JavaScript (896)
*   Kernel (7,183)
*   Local (14,788)
*   Magazine (586)
*   Overflow (13,161)
*   Perl (1,435)
*   PHP (5,220)
*   Proof of Concept (2,381)
*   Protocol (3,724)
*   Python (1,630)
*   Remote (31,622)
*   Root (3,632)
*   Rootkit (526)
*   Ruby (631)
*   Scanner (1,657)
*   Security Tool (8,024)
*   Shell (3,273)
*   Shellcode (1,217)
*   Sniffer (902)
*   Spoof (2,275)
*   SQL Injection (16,591)
*   TCP (2,440)
*   Trojan (690)
*   UDP (904)
*   Virus (669)
*   Vulnerability (32,920)
*   Web (9,953)
*   Whitepaper (3,781)
*   x86 (967)
*   XSS (18,236)
*   Other

**File Archives**

*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   August 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,099)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,084)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,534)
*   HPUX (880)
*   iOS (378)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,560)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,418)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,704)
*   UNIX (9,432)
*   UnixWare (187)
*   Windows (6,668)
*   Other

Chuksrio LMS 2.9 Insecure Direct Object Reference

PRESS RELEASE

PLEASANTON, Calif., and ZURICH, July 26, 2024 /PRNewswire/ -- Cowbell, a leading provider of cyber insurance for small and medium-sized enterprises (SMEs), announced today that it has closed a $60 million Series C equity investment from Zurich Insurance Group (Zurich), a leading global multi-line insurer.

With the $60 million investment, Cowbell plans to scale operations to meet growing demand, extend its presence in key international markets, bolster cyber resilience services, introduce new cutting-edge products to the market, and further strengthen strategic partnerships. Leveraging existing advances in AI and GenerativeAI (GenAI), the company aims to expand its technological infrastructure to drive further efficiencies and support expedited policyholder and broker decision-making across traditional, digital and API-driven channels.

Zurich's investment in Cowbell underscores its commitment to supporting businesses with state-of-the-art cyber protection and resilience solutions, particularly within the SME and middle market segments, where companies are exposed to cyber risk more than ever. It also aligns with Zurich's ambition to leverage best-in-class technology and expertise to address the evolving complexities of cyber risk management.

The global cost of cybercrime is estimated to reach $24 trillion by 2027, and ransomware attacks alone cost small businesses $1.7 million per incident on average.

Sierra Signorelli, CEO Commercial Insurance at Zurich said: "Cyber threats remain a major concern for business leaders due to their constantly evolving nature. To address this, we continue to invest in enhancing our cyber capabilities and building a strong support system for our customers. Cowbell is an excellent partner for managing cyber risks. They use a data-centric approach to risk management, provide continuous risk assessments, actively monitor threats, and have strong underwriting expertise. And all of this is centered around a highly advanced digital platform designed to boost cyber resilience for their customers."

Jack Kudale, founder and CEO, Cowbell said, "This investment from Zurich is the strongest endorsement of Cowbell's vision and capabilities yet and deepens our footprint in the global cyber insurance market. With a refined focus on product expansion, we will accelerate our efforts to deliver advanced and efficient cyber insurance solutions to SMEs and mid-market businesses globally, ensuring they have the protection and tools they need to navigate the rising threats in the evolving cyber landscape."

Cowbell's broker-first approach and reputation for its easy-to-use platform and effective education experience for the broker community are gaining worldwide traction and trust, with licensed producer growth of nearly 3x over the last two years. With better outcomes for customers at its core, reinvestment back into the business will see Cowbell double down on advancements in AI and GenAI to bring greater transparency to cyber risk. In doing so, Cowbell will facilitate smarter decision-making and raise cyber resiliency standards for brokers and businesses worldwide.

This latest investment marks a major milestone in Cowbell's fast-scaling journey, following a year of rapid geographic and product expansion, technological growth, and the onboarding of industry-heavyweight experts, further solidifying its position in the global cyber insurance market.

With $202 million raised to-date, Cowbell has remained capital-efficient throughout its journey. Cowbell has remained steadfast in its clear vision to protect, educate and empower SMEs and mid-market businesses, and the broker community serving them - from today's and tomorrow's threats.

J.P. Morgan Securities LLC acted as financial advisor and Gunderson Dettmer Stough Villeneuve Franklin & Hachigian, LLP provided legal counsel to Cowbell in this transaction.

About Cowbell  
Cowbell is a pioneer of Adaptive Cyber Insurance, leading the way in providing small and medium-sized enterprises (SMEs) with coverage adaptable to today's and tomorrow's threats and the advanced warning of cyber risk exposures. With its unique AI-based approach in risk selection and pricing, Cowbell's continuous underwriting platform, powered by Cowbell Factors, compresses the insurance process from submission to issue in less than 5 minutes. Backed by 25 prominent global (re)insurance partners, Cowbell serves SMEs across 50 U.S. states, the District of Columbia, and the United Kingdom, assessing businesses with revenues up to $1Bglobally. Founded in 2019, Cowbell is based in the San Francisco Bay Area and has employees across the U.S., Canada, India, and the U.K.

For more information, please visit https://cowbell.insure/.    

About Zurich Insurance Group  
Zurich Insurance Group (Zurich) is a leading multi-line insurer serving people and businesses in more than 200 countries and territories. Founded 150 years ago, Zurich is transforming insurance. In addition to providing insurance protection, Zurich is increasingly offering prevention services such as those that promote wellbeing and enhance climate resilience. Reflecting its purpose to 'create a brighter future together,' Zurich aspires to be one of the most responsible and impactful businesses in the world. It is targeting net-zero emissions by 2050 and has the highest-possible ESG rating from MSCI. In 2020, Zurich launched the Zurich Forest project to support reforestation and biodiversity restoration in Brazil. The Group has about 60,000 employees and is headquartered in Zurich, Switzerland. Zurich Insurance Group Ltd (ZURN), is listed on the SIX Swiss Exchange and has a level I American Depositary Receipt (ZURVY) program, which is traded over-the-counter on OTCQX. Further information is available at www.zurich.com.

Cowbell Secures $60 Million Series C Funding From Zurich Insurance Group

QuickJob version 6.1 suffers from an ignored default credential vulnerability.

**QuickJob 6.1 Insecure Settings**

Posted Jul 29, 2024

Authored by indoushka

QuickJob version 6.1 suffers from an ignored default credential vulnerability.

tags | exploit

SHA-256 | e6896d4cea9d5e1f38adf67e9cf29b00d07caf0ece1ebc4e316d431f13e72eca

Download | Favorite | View

**QuickJob 6.1 Insecure Settings**

    ====================================================================================================================================| # Title     : quickjob 6.1 Insecure Settings Vulnerability                                                                       || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                   || # Vendor    : https://codecanyon.net/item/quickjob-job-board-php-script/25217096                                                 |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user&pass: admin[+] panel : https://www/127.0.0.1/xpressdigitalonline/admin/Greetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,161)
*   Arbitrary (16,833)
*   BBS (2,859)
*   Bypass (1,853)
*   CGI (1,033)
*   Code Execution (7,780)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,380)
*   DoS (25,014)
*   Encryption (2,389)
*   Exploit (53,083)
*   File Inclusion (4,257)
*   File Upload (989)
*   Firewall (822)
*   Info Disclosure (2,876)
*   Intrusion Detection (914)
*   Java (3,141)
*   JavaScript (895)
*   Kernel (7,179)
*   Local (14,782)
*   Magazine (586)
*   Overflow (13,153)
*   Perl (1,435)
*   PHP (5,220)
*   Proof of Concept (2,381)
*   Protocol (3,723)
*   Python (1,630)
*   Remote (31,618)
*   Root (3,625)
*   Rootkit (526)
*   Ruby (631)
*   Scanner (1,657)
*   Security Tool (8,023)
*   Shell (3,272)
*   Shellcode (1,217)
*   Sniffer (902)
*   Spoof (2,271)
*   SQL Injection (16,589)
*   TCP (2,440)
*   Trojan (690)
*   UDP (901)
*   Virus (669)
*   Vulnerability (32,911)
*   Web (9,949)
*   Whitepaper (3,781)
*   x86 (967)
*   XSS (18,236)
*   Other

**File Archives**

*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   August 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,090)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,084)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,534)
*   HPUX (880)
*   iOS (376)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,556)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,418)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,700)
*   UNIX (9,431)
*   UnixWare (187)
*   Windows (6,667)
*   Other

QuickJob 6.1 Insecure Settings

Prison Management System version version 1.0 suffers from an ignored default credential vulnerability.

**Prison Management System version 1.0 Insecure Settings**

Posted Jul 29, 2024

Authored by indoushka

Prison Management System version version 1.0 suffers from an ignored default credential vulnerability.

tags | exploit

SHA-256 | 81a9d01f3c8c94bb0000f4403731ff41830ed447ed13fdad39cbe7cc67884842

Download | Favorite | View

**Prison Management System version 1.0 Insecure Settings**

    ====================================================================================================================================| # Title     : Prison Management System version 1.0 Insecure Settings Vulnerability                                               || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                   || # Vendor    : https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html                     |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user =  admin & pass = admin123[+] https://www/127.0.0.1/untcarriercom/admin/?page=system_infoGreetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,161)
*   Arbitrary (16,833)
*   BBS (2,859)
*   Bypass (1,853)
*   CGI (1,033)
*   Code Execution (7,780)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,380)
*   DoS (25,014)
*   Encryption (2,389)
*   Exploit (53,083)
*   File Inclusion (4,257)
*   File Upload (989)
*   Firewall (822)
*   Info Disclosure (2,876)
*   Intrusion Detection (914)
*   Java (3,141)
*   JavaScript (895)
*   Kernel (7,179)
*   Local (14,782)
*   Magazine (586)
*   Overflow (13,153)
*   Perl (1,435)
*   PHP (5,220)
*   Proof of Concept (2,381)
*   Protocol (3,723)
*   Python (1,630)
*   Remote (31,618)
*   Root (3,625)
*   Rootkit (526)
*   Ruby (631)
*   Scanner (1,657)
*   Security Tool (8,023)
*   Shell (3,272)
*   Shellcode (1,217)
*   Sniffer (902)
*   Spoof (2,271)
*   SQL Injection (16,589)
*   TCP (2,440)
*   Trojan (690)
*   UDP (901)
*   Virus (669)
*   Vulnerability (32,911)
*   Web (9,949)
*   Whitepaper (3,781)
*   x86 (967)
*   XSS (18,236)
*   Other

**File Archives**

*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   August 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,090)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,084)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,534)
*   HPUX (880)
*   iOS (376)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,556)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,418)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,700)
*   UNIX (9,431)
*   UnixWare (187)
*   Windows (6,667)
*   Other

Prison Management System version 1.0 Insecure Settings

Pharmacy Management System version 1.0 suffers from an ignored default credential vulnerability.

**Pharmacy Management System 1.0 Insecure Settings**

Posted Jul 29, 2024

Authored by indoushka

Pharmacy Management System version 1.0 suffers from an ignored default credential vulnerability.

tags | exploit

SHA-256 | 59f44c9b7f06be4efb67d80c7c07d536ce29ef1457664c97c77dea0949148078

Download | Favorite | View

**Pharmacy Management System 1.0 Insecure Settings**

    ====================================================================================================================================| # Title     : Pharmacy Management System v1.0 Insecure Settings Vulnerability                                                    || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                   || # Vendor    : https://www.sourcecodester.com/user/257130/activity                                                                |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user =  admin & pass = admin123[+] https://www/127.0.0.1/yoruanwitness000webhostappcom/admin/?page=clientsGreetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,161)
*   Arbitrary (16,833)
*   BBS (2,859)
*   Bypass (1,853)
*   CGI (1,033)
*   Code Execution (7,780)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,380)
*   DoS (25,014)
*   Encryption (2,389)
*   Exploit (53,083)
*   File Inclusion (4,257)
*   File Upload (989)
*   Firewall (822)
*   Info Disclosure (2,876)
*   Intrusion Detection (914)
*   Java (3,141)
*   JavaScript (895)
*   Kernel (7,179)
*   Local (14,782)
*   Magazine (586)
*   Overflow (13,153)
*   Perl (1,435)
*   PHP (5,220)
*   Proof of Concept (2,381)
*   Protocol (3,723)
*   Python (1,630)
*   Remote (31,618)
*   Root (3,625)
*   Rootkit (526)
*   Ruby (631)
*   Scanner (1,657)
*   Security Tool (8,023)
*   Shell (3,272)
*   Shellcode (1,217)
*   Sniffer (902)
*   Spoof (2,271)
*   SQL Injection (16,589)
*   TCP (2,440)
*   Trojan (690)
*   UDP (901)
*   Virus (669)
*   Vulnerability (32,911)
*   Web (9,949)
*   Whitepaper (3,781)
*   x86 (967)
*   XSS (18,236)
*   Other

**File Archives**

*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   August 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,090)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,084)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,534)
*   HPUX (880)
*   iOS (376)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,556)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,418)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,700)
*   UNIX (9,431)
*   UnixWare (187)
*   Windows (6,667)
*   Other

Pharmacy Management System 1.0 Insecure Settings

Online Payment Hub System version 1.0 suffers from an ignored default credential vulnerability.

**Online Payment Hub System 1.0 Insecure Settings**

Posted Jul 29, 2024

Authored by indoushka

Online Payment Hub System version 1.0 suffers from an ignored default credential vulnerability.

tags | exploit

SHA-256 | 30a6b1cbf6e4c838b1c70e5f65c51d228a564e5d1e6f1bc286e2c364b4ee5cda

Download | Favorite | View

**Online Payment Hub System 1.0 Insecure Settings**

    ====================================================================================================================================| # Title     : Online Payment Hub System v1.0 Insecure Settings Vulnerability                                                     || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                   || # Vendor    : https://scriptmafia.org                                                                                            |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user =  admin & pass = admin123[+] https://www/127.0.0.1/yoruban-witness.000webhostappcom/admin/?page=clientsGreetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,161)
*   Arbitrary (16,833)
*   BBS (2,859)
*   Bypass (1,853)
*   CGI (1,033)
*   Code Execution (7,780)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,380)
*   DoS (25,014)
*   Encryption (2,389)
*   Exploit (53,083)
*   File Inclusion (4,257)
*   File Upload (989)
*   Firewall (822)
*   Info Disclosure (2,876)
*   Intrusion Detection (914)
*   Java (3,141)
*   JavaScript (895)
*   Kernel (7,179)
*   Local (14,782)
*   Magazine (586)
*   Overflow (13,153)
*   Perl (1,435)
*   PHP (5,220)
*   Proof of Concept (2,381)
*   Protocol (3,723)
*   Python (1,630)
*   Remote (31,618)
*   Root (3,625)
*   Rootkit (526)
*   Ruby (631)
*   Scanner (1,657)
*   Security Tool (8,023)
*   Shell (3,272)
*   Shellcode (1,217)
*   Sniffer (902)
*   Spoof (2,271)
*   SQL Injection (16,589)
*   TCP (2,440)
*   Trojan (690)
*   UDP (901)
*   Virus (669)
*   Vulnerability (32,911)
*   Web (9,949)
*   Whitepaper (3,781)
*   x86 (967)
*   XSS (18,236)
*   Other

**File Archives**

*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   August 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,090)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,084)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,534)
*   HPUX (880)
*   iOS (376)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,556)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,418)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,700)
*   UNIX (9,431)
*   UnixWare (187)
*   Windows (6,667)
*   Other

Online Payment Hub System 1.0 Insecure Settings

Innue Business Live Chat version 2.5 suffers from an ignored default credential vulnerability.

**Innue Business Live Chat 2.5 Insecure Settings**

Posted Jul 29, 2024

Authored by indoushka

Innue Business Live Chat version 2.5 suffers from an ignored default credential vulnerability.

tags | exploit

SHA-256 | 69cf2bb9bb7d7ff376d99fe228145e43a3757fab2416d6aff6f75b372ddf2d3a

Download | Favorite | View

**Innue Business Live Chat 2.5 Insecure Settings**

    ====================================================================================================================================| # Title     : innue business live chat v2.5 Insecure Settings Vulnerability                                                      || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                   || # Vendor    : https://www.bdtask.com/business-live-chat-software.php                                                             |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user =  admin@gmail.com & pass = admin[+] https://www/127.0.0.1/vmi1941086contaboservernet/loginGreetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,161)
*   Arbitrary (16,833)
*   BBS (2,859)
*   Bypass (1,853)
*   CGI (1,033)
*   Code Execution (7,780)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,380)
*   DoS (25,014)
*   Encryption (2,389)
*   Exploit (53,083)
*   File Inclusion (4,257)
*   File Upload (989)
*   Firewall (822)
*   Info Disclosure (2,876)
*   Intrusion Detection (914)
*   Java (3,141)
*   JavaScript (895)
*   Kernel (7,179)
*   Local (14,782)
*   Magazine (586)
*   Overflow (13,153)
*   Perl (1,435)
*   PHP (5,220)
*   Proof of Concept (2,381)
*   Protocol (3,723)
*   Python (1,630)
*   Remote (31,618)
*   Root (3,625)
*   Rootkit (526)
*   Ruby (631)
*   Scanner (1,657)
*   Security Tool (8,023)
*   Shell (3,272)
*   Shellcode (1,217)
*   Sniffer (902)
*   Spoof (2,271)
*   SQL Injection (16,589)
*   TCP (2,440)
*   Trojan (690)
*   UDP (901)
*   Virus (669)
*   Vulnerability (32,911)
*   Web (9,949)
*   Whitepaper (3,781)
*   x86 (967)
*   XSS (18,236)
*   Other

**File Archives**

*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   August 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,090)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,084)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,534)
*   HPUX (880)
*   iOS (376)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,556)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,418)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,700)
*   UNIX (9,431)
*   UnixWare (187)
*   Windows (6,667)
*   Other

Innue Business Live Chat 2.5 Insecure Settings

An attack flow that combines API flaws within "log in with" implementations and Web injection bugs could affect millions of websites.

Source: Richard Levine via Alamy Stock Photo

Critical API security flaws have put millions of users at risk for account takeover, by using a modern authentication standard to resurrect a longtime vulnerability. The bugs were found in the Hotjar service, which tracks and records Web user activity, and in the code of the popular Business Insider global news website.

That's according to API security firm Salt Security's Salt Labs, which found that by pairing manipulation of the OAuth standard with cross-site scripting (XSS) flaws in the two sites, attackers can potentially expose sensitive data and conduct malicious activity acting as legitimate users of more than a million websites.

Hotjar, a tool that complements Google Analytics by recording user activity to analyze behavior, serves more than a million websites, including well-known brands such as Adobe, Microsoft, Panasonic, Columbia, RyanAir, Decathlon, T-Mobile, and Nintendo.

"Due to the nature of the Hotjar solution, the data it collects can include a vast volume of personal and sensitive data, such as names, emails, addresses, private messages, bank details, and even credentials under certain circumstances," according to a Salt Labs blog post on the research.

A separate but just as dangerous vulnerability found on the Business Insider website can meanwhile be exploited to perform an cross-site scripting (XSS) attack and take over accounts on that site, which has millions of global users.

More worrisome, the same combination of problems is likely widespread and lurking on whole swathes of the Internet, the researchers warned.

**A Modern Authentication Standard Meets an Old Flaw**

OAuth is a relatively new standard increasingly being used for seamless cross-website authentication, familiar to many as the engine behind the "log in with Facebook" or "log in with Google" functionality included in many websites. The standard drives the mechanism responsible for the authentication handoff between the sites, allowing user data to be shared between them. It's been known to be misconfigured upon implementation in ways that create serious vulnerabilities that span numerous sites.

XSS, meanwhile, is one of the most oft-exploited and oldest Web vulnerabilities. It allows an attacker to inject malicious code into a legitimate Web page or application in order to execute scripts in a website visitor's browser for data theft and more.

An attacker who successfully exploits an attack vector that combines the two "will gain the same permissions and functionality as the victim, and therefore, the risk will be parallel to what can actually be done by a normal system user," Yaniv Balmas, vice president of research at Salt, tells Dark Reading.

Salt Labs discovered the vulnerability on the Business Insider site on March 20 and immediately informed the company, which fixed the flaws by March 30. The Hotjar flaw was discovered on April 17, and, upon disclosure, mitigated two days later.

However, Salt researchers believe that flaws that allow attackers to exploit this combo of OAuth and XSS are likely lurking undetected on other sites, thus exposing millions of unsuspecting users to potential account takeover.

"We strongly believe this is a very common issue, and most chances are that many other online services suffer from the same issue," Balmas says.

**Hotjar Attack**

Given that XSS has been around so long, most websites have built-in protections against attacks that exploit this vulnerability. Salt researchers were able to get around them using OAuth in two separate instances on both Hotjar and the Business Insider website.

On the former, the researchers manipulated the social login aspect of Hotjar, which redirects to Google to receive a secret token through OAuth to complete authentication on Hotjar. That token is a URL that contains secret code, which is something that JavaScript code can read, creating an XSS flaw.

"To combine XSS with this new social-login feature and achieve working exploitation, we use a JavaScript code that starts a new OAuth login flow in a new window and then reads the token from that window," according to the post. "With this method, the JavaScript code opens a new tab to Google, and Google automatically redirects the user back to \[the Hotjar site\] with the OAuth code in the URL."

The code reads the URL from the new tab and extracts the OAuth credentials from it. Once the attackers have a victim's code, they can start a new login flow in Hotjar, replacing their code with the victim code and leading to a full account takeover and thus potential exposure of all the personal data collected by Hotjar.

**Exploiting Mobile Logins**

The researchers also managed to exploit the social sign-in feature integrated into the code of the Business Insider website, specifically through mobile authentication, which opens a new Web browser to authenticate the user. After the user completes the authentication on the Web, they are then redirected to an endpoint with their credentials as parameters that are sent from the Web to the mobile site.

"This endpoint, created only to support authentication using the mobile application, is vulnerable to XSS," according to the post. Thus, if an attacker can read the credentials from the URL, they can achieve account takeover.

"What we need to do is write JavaScript code that starts a login flow, wait for the token to be visible in the URL, and then read that URL," according to the post. "If a victim clicks on that link, their credentials will be passed to a malicious domain."

Though the flaws specifically found on Hotjar and Business Insider have been mitigated, the potential for exploit on other sites means site administrators need to be careful in how they implement OAuth, lest it be used in similar attack scenarios, Balmas says.

"As always, when implementing any new technology, many things need to be considered, including, of course, security," he says. "A solid implementation that considers all possible options should be secure and will not allow an attacker an opportunity to abuse this attack vector."

**About the Author(s)**

Elizabeth Montalbano is a freelance writer, journalist, and therapeutic writing mentor with more than 25 years of professional experience. Her areas of expertise include technology, business, and culture. Elizabeth previously lived and worked as a full-time journalist in Phoenix, San Francisco, and New York City; she currently resides in a village on the southwest coast of Portugal. In her free time, she enjoys surfing, hiking with her dogs, traveling, playing music, yoga, and cooking.

OAuth+XSS Attack Threatens Millions of Web Users With Account Takeover

Seeing a “blue screen of death,” often with code that looks indecipherable, has been ingrained into our heads that it’s a “hack."

Thursday, July 25, 2024 14:00

You’re not going to believe this, but there was a lot of misinformation on social media over the weekend after the massive CrowdStrike/Microsoft outage.  

As airlines cancelled flights, hospitals had to reschedule patients and some companies just flat-out couldn’t work on Friday, people were quick to assume that the outage, which was actually caused by a faulty CrowdStrike Falcon update, was a cyber attack. 

Media headlines posed the question: “Cyber attack, or outage?” Social posters quickly assumed this was some sort of “hack.”  

On the one hand, I get it. Seeing a “blue screen of death,” often with code that looks indecipherable, has been ingrained into our heads that it’s a “hack,” because that’s how they’ve always been displayed in works of fiction or as the generic image of a “hack” anytime there is actually a real cyber attack.  

That’s not to say there aren’t many lessons to be learned from this outage, and at some point, we’ll be ready to dig into those. But also calling this a cyber attack can spread unnecessary FUD, especially when threat actors are trying to capitalize on the outage to spread malware in _actual_ cyber attacks.  

**The one big thing **

Business email compromise (BEC) and ransomware were the top threats observed by Cisco Talos Incident Response (Talos IR) in the second quarter of 2024, accounting for 60 percent of engagements. Although there was a decrease in BEC engagements from last quarter, it was still a major threat for the second quarter in a row. There was a slight increase in ransomware where Talos IR responded to Mallox and Underground Team ransomware for the first time this quarter, as well as the previously seen Black Basta and BlackSuit ransomware operations.   

**Why do I care? **

Within BEC attacks, adversaries will compromise legitimate business email accounts and use them to send phishing emails to obtain sensitive information, such as account credentials. Adversaries can also use compromised accounts to send emails with fraudulent financial requests, such as changing bank account information related to payroll or vendor invoices. Targeting employees’ personal mobile devices can be an effective method for initial access because they may not have the same security controls as their corporate devices. Organizations should ensure SMS phishing scams are included in security awareness training for employees.    

**So now what? **

The lack of MFA remains one of the biggest impediments for enterprise security. All organizations should implement some form of MFA, such as Cisco Duo. The implementation of MFA and a single sign-on system can ensure only trusted parties are accessing corporate email accounts to prevent the spread of BEC. 

**Top security headlines of the week **

**A false narrative spread over the weekend that Southwest Airlines was using a very old version of Windows, which allowed it to escape the CrowdStrike-related outage.** Many news outlets reported that Southwest’s system relies on Windows 3.1, released more than 20 years ago. However, this does not actually appear to be the case, though Southwest’s systems may still be outdated compared to its competitors. Instead, Southwest may have been largely unaffected by the outage simply because it doesn’t use CrowdStrike. Delta, American, Spirit, Frontier, United and Allegiant airlines all reported that they were affected by the outage, forcing the cancellation of thousands of flights across the globe. The source of the story that Southwest uses Windows 3.1 appears to come from posts on social media, the original one of which provided no sources, links or background information to back this statement up. Another popular piece of fake news that made the rounds during the widespread outage was that the Las Vegas Sphere was a victim of the outage, with a fake image spreading online appearing to show the “blue screen of death” on the outside of the concert and event venue. (Kotaku, OSNews) 

**U.K. police arrested a teenager suspected of being a member of the Scattered Spider hacking group and a perpetrator of the massive MGM ransomware attack last year.** The arrest is part of a larger investigation conducted by the National Crime Agency in the U.K. and the U.S.’s FBI into a hacking group that is known to breach networks, steal data and deploy ransomware. While not named explicitly in the arrest announcement, this group is largely known as Scattered Spider. The group breached MGM’s network last year, taking hotel and casino services offline for several days, even just forcing some casino operations to stop altogether. MGM eventually paid a multi-million dollar ransomware to the attackers. Scattered Spider is a group of English-speaking threat actors, some of whom are as young as 16, and commonly communicate via Telegram channels and Discord servers. An English detective involved in the operation stated that the 17-year-old in question was part of a group that “targeted well-known organizations with ransomware, and they have successfully targeted multiple victims around the world, taking from them significant amounts of money.” (Bleeping Computer, Dark Reading) 

**Russian state-sponsored actors or hacktivist groups are likely to try and disrupt the upcoming Olympic games in France via cyber attacks, misinformation campaigns and deepfake photos and videos.** Russia has been excluded from the Summer Olympics because of its involvement in an alleged doping scheme with its athletes and has been increasingly hostile toward the West for its support of Ukraine. Russian threat actors have already been spreading disinformation, with Microsoft warning that some actors have been deploying influencers deploying artificial intelligence to “denigrate the reputation of the \[International Olympic Committee\]” and “creating the expectation of violence” at the Olympics. French authorities have also already arrested a Russian national who the government alleges was planning various events to “destabilize” the games. Researchers from FortiGuard Labs have also reported that there has been a spike of dark web activity among known Russian adversaries, including Cyber Army Russia Reborn and LulzSec, specifically saying they plan to target the Olympics. Russia may also seek to use its influence on hacktivist groups to do its bidding so that the Russian government has plausible deniability in any activities. (Forbes, Financial Times) 

**Can't get enough Talos?**

**Upcoming events where you can find Talos **

**_BlackHat USA_** **_(Aug. 3 – 8)_** 

_Las Vegas, Nevada_ 

**_Defcon_** **_(Aug. 8 – 11)_** 

_Las Vegas, Nevada_ 

**_BSides Krakow_** **_(Sept. 14)_**  

_Krakow, Poland_ 

**Most prevalent malware files from Talos telemetry over the past week **

**SHA 256:** 9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507  
**MD5:** 2915b3f8b703eb744fc54c81f4a9c67f f  
**Typical Filename:** VID001.exe  
**Claimed Product:** N/A  
**Detection Name:** Win.Worm.Coinminer::1201

**SHA 256:** c67b03c0a91eaefffd2f2c79b5c26a2648b8d3c19a22cadf35453455ff08ead0  
**MD5:** 8c69830a50fb85d8a794fa46643493b2  
**Typical Filename:** AAct.exe  
**Claimed Product:** N/A  
**Detection Name:** PUA.Win.Dropper.Generic::1201

**SHA 256:** 161937ed1502c491748d055287898dd37af96405aeff48c2500b834f6739e72d  
**MD5:** fd743b55d530e0468805de0e83758fe9  
**Typical Filename:** KMSAuto Net.exe  
**Claimed Product:** KMSAuto Net  
**Detection Name:** W32.File.MalParent

**SHA 256:** 24283c2eda68c559f85db7bf7ccfe3f81e2c7dfc98a304b2056f1a7c053594fe  
**MD5:** 49ae44d48c8ff0ee1b23a310cb2ecf5a  
**Typical Filename:** nYzVlQyRnQmDcXk  
**Claimed Product:** N/A  
**Detection Name:** Win.Dropper.Scar::tpd

**SHA 256:** bea312ccbc8a912d4322b45ea64d69bb3add4d818fd1eb7723260b11d76a138a  
**MD5:** 200206279107f4a2bb1832e3fcd7d64c  
**Typical Filename:** lsgkozfm.bat  
**Claimed Product:** N/A  
**Detection Name:** Win.Dropper.Scar::tpd

Tag

#cisco