Lucene search
K

716 matches found

Talos Blog
Talos Blog
added 2018/06/15 12:8 p.m.123 views

Threat Roundup for June 1-15

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between June 01 and June 15. As with previous round-ups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristic...

0.5AI score
Exploits0
Talos Blog
Talos Blog
added 2018/05/26 12:21 p.m.25 views

Threat Roundup for May 18-25

Welcome to Cisco Talos' weekly Threat Roundup, where we go over some of the most prevalent malware and vulnerabilities we've seen over the past week. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by...

6.9AI score
Exploits0
Talos Blog
Talos Blog
added 2018/05/11 12:48 p.m.25 views

Threat Roundup for May 04 - 11

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between May 4 and May 11. As with previous round-ups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

7AI score
Exploits0
OpenVAS
OpenVAS
added 2018/04/26 12:0 a.m.137 views

Orangeworm Kwampirs Trojan Detection

The script tries to detect the Orangeworm Kwampirs Trojan via various known Indicators of Compromise IOC. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

7AI score
Exploits0References2
Talos Blog
Talos Blog
added 2018/04/13 1:11 p.m.18 views

Threat Roundup for April 6 - 13

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between April 6 and 13. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

0.1AI score
Exploits0
n0where
n0where
added 2018/03/18 6:45 a.m.430 views

Simple IOC and Incident Response Scanner: Loki

LOKI is a free and simple IOC scanner, a complete rewrite of main analysis modules of our full featured APT Scanner THOR. IOC stands for „Indicators of Compromise“. These indicators can be derived from published incident reports, forensic analyses or malware sample collections in your Lab. LOKI...

0.1AI score
Exploits0References5
The Hacker News
The Hacker News
added 2018/03/07 9:11 a.m.90 views

Leaked NSA Dump Also Contains Tools Agency Used to Track Other Hackers

A years ago when the mysterious hacking group 'The Shadow Brokers' dumped a massive trove of sensitive data stolen from the US intelligence agency NSA, everyone started looking for secret hacking tools and zero-day exploits. A group of Hungarian security researchers from CrySyS Lab and Ukatemi ha...

6.7AI score
Exploits0
Talos Blog
Talos Blog
added 2018/02/16 9:55 a.m.58 views

Threat Round Up for Feb 9 - Feb 16

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between February 9 and February 16. As with previous round-ups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavior...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/02/05 8:55 p.m.155 views

New Flash Player zero-day comes inside Office document

Update 2018-02-06: Adobe has released a patch for this vulnerability. More information is available here. We tested this zero-day with a proof-of concept that was made available. Rather than launching it from within Office, we turned it into a drive-by download attack. The animation below shows...

8.8AI score0.89618EPSS
Exploits19
Malwarebytes
Malwarebytes
added 2018/02/05 5:57 p.m.10 views

Boomerang spam bombs Malwarebytes forum—not a smart move

Tech support scammers are generally not the best and brightest. As such, they will occasionally post ads for their fake companies in the comment sections here or on the Malwarebytes forums. Last week, however, scammers struggled with configuring their spambots, resulting in spam bombs on the foru...

6.7AI score
Exploits0
n0where
n0where
added 2018/02/03 2:32 a.m.136 views

Generic Signature Format for SIEM Systems: Sigma

Sigma is a generic and open signature format that allows you to describe relevant log events in a straight forward manner. The rule format is very flexible, easy to write and applicable to any type of log file. The main purpose of this project is to provide a structured form in which researchers ...

7.4AI score
Exploits0References3
Circl
Circl
added 2017/12/08 3:22 p.m.8 views

CVE-2017-11937

creationtimestamp| type| source ---|---|--- 2017-12-08 15:22:22+00:00| seen| https://t.me/antichat/401 2017-12-08 16:20:55+00:00| seen| https://t.me/alexmakus/1515...

9.3CVSS7.8AI score0.28441EPSS
Exploits0References2
Talos Blog
Talos Blog
added 2017/11/17 8:7 a.m.124 views

Threat Round Up for Nov 10 - Nov 17

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between November 10 and November 17. As with previous round-ups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavior...

6.8AI score
Exploits0
n0where
n0where
added 2017/11/14 7:15 p.m.17 views

Open Source Threat Intelligence Gathering & Processing Framework: GOSINT

The GOSINT framework is a project used for collecting, processing, and exporting high quality indicators of compromise IOCs. GOSINT allows a security analyst to collect and standardize structured and unstructured threat intelligence. Applying threat intelligence to security operations enriches...

6.8AI score
Exploits0References2
Information Security Automation
Information Security Automation
added 2017/11/10 8:29 p.m.33 views

Vulnerability Management vendors and massive Malware attacks (following the Bad Rabbit)

After the latest Bad Rabbit ransomware attack all Top VM vendors Qualys, Tenable, Rapid7 wrote blog posts on this topic on the same day. Two days later Tripwire also published own review. Why do they care? They do not make antiviruses, endpoint protection or firewalls - the common tools against...

7AI score
Exploits0
Node.js
Node.js
added 2017/10/04 11:28 p.m.75 views

Exfiltrates data on installation

Overview The coffescript package is a piece of malware that steals sensitive data such as a user's private SSH key and bash history, sending them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation If you have found coffescript installed in...

5CVSS3.8AI score0.01123EPSS
Exploits0Affected Software1
n0where
n0where
added 2017/10/02 12:9 a.m.24 views

Malware Triage Tool: pftriage

pftriage is a tool to help analyze files during malware triage. It allows an analyst to quickly view and extract properties of a file to help during the triage process. The tool also has an analyze function which can detect common malicious indicators used by malware. Dependencies pefile filemagi...

1.3AI score
Exploits0References1
Malwarebytes
Malwarebytes
added 2017/08/31 8:4 p.m.970 views

RIG exploit kit distributes Princess ransomware

We have identified a new drive-by download campaign that distributes the Princess ransomware AKA PrincessLocker, leveraging compromised websites and the RIG exploit kit. This is somewhat of a change for those tracking malvertising campaigns and their payloads. We had analyzed the PrincessLocker...

9.3CVSS8.9AI score0.94996EPSS
Exploits59
Malwarebytes
Malwarebytes
added 2017/08/31 4:9 p.m.34 views

Locky ransomware adds anti sandbox feature (updated)

By Marcelo Rivero and Jérôme Segura The Locky ransomware has been very active since its return which we documented in a previous blog post. There are several different Locky campaigns going on at the same time, the largest being the one from affiliate ID 3 which comes with malicious ZIP containin...

7AI score
Exploits0
FireEye
FireEye
added 2017/08/22 10:0 a.m.334 views

Hiking Club Malvertisements Drop Monero Miners Via Neptune Exploit Kit

Exploit kit EK activity has been on the decline ever since Angler Exploit Kit was shut down in 2016. Fewer people using Internet Explorer and a drop in browser support for Adobe Flash – two primary targets of many exploit kits – have also contributed to this decline. Additionally, some popular...

9.3CVSS9AI score0.94996EPSS
Exploits50
Rows per page
Query Builder