Lucene search
K
TalosblogMost viewed

2032 matches found

Talos Blog
Talos Blog
added 2019/02/04 8:0 a.m.18222 views

ExileRAT shares C2 with LuckyCat, targets Tibet

Warren Mercer, Paul Rascagneres and Jaeson Schultz authored this post. Executive summary Cisco Talos recently observed a malware campaign delivering a malicious Microsoft PowerPoint document using a mailing list run by the Central Tibetan Administration CTA, an organization officially representin...

9.3CVSS8.4AI score0.99933EPSS
Exploits29
Talos Blog
Talos Blog
added 2018/12/18 8:33 a.m.3591 views

Connecting the dots between recently active cryptominers

Post authored by David Liebenberg and Andrew Williams. Executive Summary Through Cisco Talos' investigation of illicit cryptocurrency mining campaigns in the past year, we began to notice that many of these campaigns shared remarkably similar TTPs, which we at first mistakenly interpreted as bein...

9.3CVSS8.9AI score0.99993EPSS
Exploits41
Talos Blog
Talos Blog
added 2019/11/04 7:43 a.m.2747 views

The latest on BlueKeep and DejaBlue vulnerabilities — Using Firepower to defend against encrypted DejaBlue

Update 11/04/2019: There have been several public reports of active exploitation of CVE-2019-0708, commonly referred to as “BlueKeep.” Preliminary reports indicate that the vulnerability is being exploited by adversaries who are leveraging access to compromised systems to install cryptocurrency...

10CVSS10AI score0.99999EPSS
Exploits123
Talos Blog
Talos Blog
added 2019/10/25 9:33 a.m.2291 views

Threat Roundup for October 18 to October 25

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Oct. 18 and Oct. 25. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...

10CVSS10AI score0.99999EPSS
Exploits123
Talos Blog
Talos Blog
added 2018/01/15 9:57 p.m.2149 views

Korea In The Crosshairs

This blog post is authored by Warren Mercer and Paul Rascagneres and with contributions from Jungsoo An. A one year review of campaigns performed by an actor with multiple campaigns mainly linked to South Korean targets. Executive Summary This article exposes the malicious activities of Group 123...

9.3CVSS8.4AI score0.99933EPSS
Exploits29
Talos Blog
Talos Blog
added 2019/04/18 4:8 p.m.1918 views

DNS Hijacking Abuses Trust In Core Internet Service

Authors: Danny Adamitis, David Maynor, Warren Mercer, Matthew Olney and Paul Rascagneres. Update 4/18: A correction has been made to our research based on feedback from Packet Clearing House, we thank them for their assistance Preface This blog post discusses the technical details of a...

10CVSS0.6AI score0.99999EPSS
Exploits251
Talos Blog
Talos Blog
added 2019/06/27 1:27 p.m.1912 views

Welcome Spelevo: New exploit kit full of old tricks

Nick Biasini authored this post with contributions from Caitlyn Hammond. Executive summary Exploit kits are an ever-present and often forgotten threat on the landscape today. Their popularity seemed to peak several years ago with the success and eventual downfall of some of the best compromise...

10CVSS9AI score0.87814EPSS
Exploits21
Talos Blog
Talos Blog
added 2018/01/31 7:58 a.m.1774 views

Ransom Where? Malicious Cryptocurrency Miners Takeover, Generating Millions

The Dark Side of the Digital Gold Rush This post was authored by Nick Biasini, Edmund Brumaghin, Warren Mercer and Josh Reynolds with contributions from Azim Khodijbaev and David Liebenberg. Executive Summary The threat landscape is constantly changing; over the last few years malware threat...

5.8CVSS8.9AI score0.99993EPSS
Exploits46
Talos Blog
Talos Blog
added 2018/10/15 9:0 a.m.1711 views

Old dog, new tricks - Analysing new RTF-based campaign distributing Agent Tesla, Loki with PyREbox

This blog post was authored by Edmund Brumaghin and Holger Unterbrink with contributions from Emmanuel Tacheau. Executive Summary Cisco Talos has discovered a new malware campaign that drops the sophisticated information-stealing trojan called "Agent Tesla," and other malware such as the Loki...

9.3CVSS8.6AI score0.99945EPSS
Exploits62
Talos Blog
Talos Blog
added 2018/06/20 8:0 a.m.1587 views

My Little FormBook

This blog post is authored by Warren Mercer and Paul Rascagneres. Summary Cisco Talos has been tracking a new campaign involving the FormBook malware since May 2018 that utilizes four different malicious documents in a single phishing email. FormBook is an inexpensive stealer available as "malwar...

9.3CVSS8.5AI score0.99945EPSS
Exploits62
Talos Blog
Talos Blog
added 2019/02/06 8:19 a.m.1499 views

2018 in Snort Rules

This blog post was authored by Benny Ketelslegers of Cisco Talos The cybersecurity field shifted quite a bit in 2018. With the boom of cryptocurrency, we saw a transition from ransomware to cryptocurrency miners. Talos researchers identified APT campaigns including VPNFilter, predominantly...

10CVSS9.6AI score0.99999EPSS
Exploits68
Talos Blog
Talos Blog
added 2019/06/10 9:37 a.m.1464 views

Using Firepower to defend against encrypted RDP attacks like BlueKeep

This blog was authored by Brandon Stultz Microsoft recently released fixes for a critical pre-authentication remote code execution vulnerability in Remote Desktop Protocol Services RDP. Identified as CVE-2019-0708 in May's Patch Tuesday, the vulnerability caught the attention of researchers and t...

10CVSS0.99999EPSS
Exploits123
Talos Blog
Talos Blog
added 2019/05/29 12:19 p.m.1370 views

Beers with Talos Ep. #54: Patch after listening, RDP and wild 0-days

Beers with Talos BWT Podcast Ep. 54 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Recorded May 24, 2019 — There is another BlueX to talk about and guess what? YES, YOU STILL NEED TO PATCH. We talk about RDP, the...

10CVSS10AI score0.99999EPSS
Exploits123
Talos Blog
Talos Blog
added 2017/12/06 8:2 a.m.1291 views

Recam Redux - DeConfusing ConfuserEx

This post is authored by Holger Unterbrink and Christopher MarczewskiOverviewThis report shows how to deobfuscate a custom .NET ConfuserEx protected malware. We identified this recent malware campaign in our Advanced Malware Protection AMP telemetry. Initial infection is via a malicious Word...

7.4AI score
Exploits0
Talos Blog
Talos Blog
added 2019/05/01 12:37 p.m.1257 views

Sodinokibi ransomware exploits WebLogic Server vulnerability

This blog was authored by Pierre Cadieux, Colin Grady, Jaeson Schultz and Matt Valites Attackers are actively exploiting a recently disclosed vulnerability in Oracle WebLogic to install a new variant of ransomware called "Sodinokibi." Sodinokibi attempts to encrypt data in a user's directory and...

7.5CVSS0.7AI score0.99964EPSS
Exploits35
Talos Blog
Talos Blog
added 2019/02/26 10:56 a.m.1200 views

Cisco Talos Honeypot Analysis Reveals Rise in Attacks on Elasticsearch Clusters

Christopher Evans of Cisco Talos conducted the research for this post. Executive Summary Cisco Talos warns users that they need to keep a close eye on unsecured Elasticsearch clusters. We have recently observed a spike in attacks from multiple threat actors targeting these clusters. These attacke...

7.5CVSS0.2AI score0.99993EPSS
Exploits129
Talos Blog
Talos Blog
added 2020/01/19 2:58 a.m.1183 views

JhoneRAT: Cloud based python RAT targeting Middle Eastern countries

By Warren Mercer, Paul Rascagneres and Vitor Ventura with contributions from Eric Kuhla. Updated January 17th: the documents do not exploit the CVE-2017-0199 vulnerability. Executive Summary Today, Cisco Talos is unveiling the details of a new RAT we have identified we're calling "JhoneRAT." This...

9.3CVSS0.4AI score0.99933EPSS
Exploits29
Talos Blog
Talos Blog
added 2017/09/18 12:51 a.m.1163 views

CCleanup: A Vast Number of Machines at Risk

This post was authored by: Edmund Brumaghin, Ross Gibb, Warren Mercer, Matthew Molyett, and Craig WilliamsUpdate 9/18: CCleaner Cloud version 1.07.3191 is also reported to be affectedUpdate 9/19: This issue was discovered and reported by both Morphisec and Cisco in separate in-field cases and...

7.6AI score
Exploits0
Talos Blog
Talos Blog
added 2018/07/31 9:38 a.m.1160 views

Multiple Cobalt Personality Disorder

Introduction Despite the notion that modern cybersecurity protocols have stopped email-based attacks, email continues to be one of the primary attack vectors for malicious actors — both for widespread and targeted operations. Recently, Cisco Talos has observed numerous email-based attacks that ar...

9.3CVSS0.99945EPSS
Exploits79
Talos Blog
Talos Blog
added 2018/12/14 8:30 a.m.1068 views

Cisco Coverage for Shamoon 2 & 3

Update Dec. 14, 2018 10:30 CST: Added new Shamoon 3 IOCs Shamoon is a type of destructive malware that has been previously associated with attacks against various organizations in the oil and gas industry that we've been tracking since 2012. A new variant of this threat, identified as Shamoon 2,...

1.3AI score
Exploits0
Talos Blog
Talos Blog
added 2019/07/16 5:47 a.m.1025 views

SWEED: Exposing years of Agent Tesla campaigns

By Edmund Brumaghin and other Cisco Talos researchers. Executive summary Cisco Talos recently identified a large number of ongoing malware distribution campaigns linked to a threat actor we're calling "SWEED," including such notable malware as Formbook, Lokibot and Agent Tesla. Based on our...

9.3CVSS0.99945EPSS
Exploits47
Talos Blog
Talos Blog
added 2018/08/30 8:26 a.m.914 views

Rocke: The Champion of Monero Miners

This post was authored by David Liebenberg. Summary Cryptocurrency miners are becoming an increasingly significant part of the threat landscape. These malicious miners steal CPU cycles from compromised devices to mine cryptocurrencies and bring in income for the threat actor. In this post, we loo...

7.5CVSS8.5AI score0.99993EPSS
Exploits51
Talos Blog
Talos Blog
added 2018/07/24 10:24 p.m.862 views

Advanced Mobile Malware Campaign in India uses Malicious MDM - Part 2

This blog post is authored by Warren Mercer and Paul Rascagneres and Andrew Williams. Summary Since our initial post on malicious mobile device management MDM platforms, we have gathered more information about this actor that we believe shows it is part of a broader campaign targeting multiple...

9.3CVSS7.9AI score0.93289EPSS
Exploits7
Talos Blog
Talos Blog
added 2018/01/29 11:37 a.m.749 views

2017 in Snort Signatures.

This post was written by Martin Lee and Vanja Svajcer. 2017 was an eventful year for cyber security with high profile vulnerabilities that allowed self-replicating worm attacks such as WannaCry and BadRabbit to impact organizations throughout the world. In 2017, Talos researchers discovered many...

10CVSS9.9AI score0.99999EPSS
Exploits45
Talos Blog
Talos Blog
added 2017/09/15 1:10 p.m.742 views

Threat Round Up For Sept 8 - Sept 15

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between September 08 and September 15. As with previous round-ups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavior...

9.3CVSS0.8AI score0.99933EPSS
Exploits29
Talos Blog
Talos Blog
added 2019/04/16 11:45 a.m.741 views

New HawkEye Reborn Variant Emerges Following Ownership Change

Edmund Brumaghin and Holger Unterbrink authored this blog post. Executive summary Malware designed to steal sensitive information has been a threat to organizations around the world for a long time. The emergence of the greyware market and the increased commercialization of keyloggers, stealers,...

9.3CVSS8.7AI score0.99945EPSS
Exploits33
Talos Blog
Talos Blog
added 2017/08/14 9:55 a.m.741 views

When combining exploits for added effect goes wrong

IntroductionSince public disclosure in April 2017, CVE-2017-0199 has been frequently used within malicious Office documents. The vulnerability allows attackers to include Ole2Link objects within RTF documents to launch remote code when HTA applications are opened and parsed by Microsoft Word.In...

9.3CVSS8AI score0.99966EPSS
Exploits41
Talos Blog
Talos Blog
added 2019/08/30 11:42 a.m.727 views

Threat Roundup for August 23 to August 30

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Aug. 23 and Aug. 30. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...

10CVSS10AI score0.99999EPSS
Exploits123
Talos Blog
Talos Blog
added 2019/09/17 8:9 a.m.718 views

Cryptocurrency miners aren’t dead yet: Documenting the voracious but simple “Panda”

By Christopher Evans and David Liebenberg. Executive summary A new threat actor named "Panda" has generated thousands of dollars worth of the Monero cryptocurrency through the use of remote access tools RATs and illicit cryptocurrency-mining malware. This is far from the most sophisticated actor...

10CVSS9.8AI score0.99999EPSS
Exploits118
Talos Blog
Talos Blog
added 2019/07/09 11:51 a.m.672 views

Microsoft Patch Tuesday — July 2019: Vulnerability disclosures and Snort coverage

Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 77 vulnerabilities, 16 of which are rated “critical," 60 that are considered "important" and one "moderate." This month’s security update cover...

9.3CVSS8.9AI score0.70966EPSS
Exploits10
Talos Blog
Talos Blog
added 2019/10/18 9:44 a.m.635 views

Threat Roundup for October 11 to October 18

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Oct. 11 and Oct. 18. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...

10CVSS0.2AI score0.99999EPSS
Exploits123
Talos Blog
Talos Blog
added 2019/08/27 8:14 a.m.630 views

China Chopper still active 9 years later

By Paul Rascagneres and Vanja Svajcer. Introduction Threats will commonly fade away over time as they're discovered, reported on, and detected. But China Chopper has found a way to stay relevant, active and effective nine years after its initial discovery. China Chopper is a web shell that allows...

7.2CVSS0.562EPSS
Exploits55
Talos Blog
Talos Blog
added 2020/01/15 11:41 a.m.624 views

New Snort rules protect against recently discovered Citrix vulnerability

By Edmund Brumaghin, with contributions from Dalton Schaadt. Executive Summary Recently, the details of a critical vulnerability affecting Citrix Application Delivery Controller and Citrix Gateway servers were publicly disclosed. This vulnerability is currently being tracked using CVE-2019-19781....

7.5CVSS2AI score0.99999EPSS
Exploits48
Talos Blog
Talos Blog
added 2019/05/10 7:16 p.m.598 views

Threat Roundup for May 3 to May 10

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between May 03 and May 10. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

7AI score
Exploits0
Talos Blog
Talos Blog
added 2017/09/07 3:42 p.m.575 views

Another Apache Struts Vulnerability Under Active Exploitation

This post authored by Nick Biasini with contributions from Alex Chiu.Earlier this week, a critical vulnerability in Apache Struts was publicly disclosed in a security advisory. This new vulnerability, identified as CVE-2017-9805, manifests due to the way the REST plugin uses XStreamHandler with a...

10CVSS0.7AI score0.99999EPSS
Exploits66
Talos Blog
Talos Blog
added 2019/06/05 12:45 a.m.544 views

It's alive: Threat actors cobble together open-source pieces into monstrous Frankenstein campaign

This blog was authored by Danny Adamitis, David Maynor and Kendall McKay. Executive summary Cisco Talos recently identified a series of documents that we believe are part of a coordinated series of cyber attacks that we are calling the "Frankenstein" campaign. We assess that the attackers carried...

9.3CVSS8.8AI score0.99945EPSS
Exploits33
Talos Blog
Talos Blog
added 2019/08/02 8:36 a.m.526 views

Threat Roundup for July 26 to Aug. 2

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between July 26 and Aug. 2. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

10CVSS10AI score0.99999EPSS
Exploits123
Talos Blog
Talos Blog
added 2021/03/08 10:18 a.m.504 views

Threat Advisory: HAFNIUM and Microsoft Exchange zero-day

Microsoft released patches for four vulnerabilities in Exchange Server on March 2, disclosing that these vulnerabilities were being exploited by a previously unknown threat actor, referred to as HAFNIUM. The vulnerabilities in question — CVE-2021-26855, CVE-2021-26857, CVE-2021-26858 and...

7.5CVSS1.2AI score0.99999EPSS
Exploits66
Talos Blog
Talos Blog
added 2020/02/21 10:43 a.m.466 views

Threat Roundup for February 14 to February 21

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Feb. 14 and Feb. 21. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...

10CVSS10AI score0.99999EPSS
Exploits123
Talos Blog
Talos Blog
added 2020/01/31 12:51 p.m.441 views

Threat Roundup for January 24 to January 31

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Jan. 24 and Jan. 31. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...

10CVSS10AI score0.99999EPSS
Exploits123
Talos Blog
Talos Blog
added 2020/02/12 12:8 p.m.424 views

Loda RAT Grows Up

By Chris Neal. Over the past several months, Cisco Talos has observed a malware campaign that utilizes websites hosting a new version of Loda, a remote access trojan RAT written in AutoIT. These websites also host malicious documents that begin a multi-stage infection chain which ultimately serve...

9.3CVSS8.4AI score0.99945EPSS
Exploits33
Talos Blog
Talos Blog
added 2019/07/02 3:56 p.m.424 views

RATs and stealers rush through “Heaven’s Gate” with new loader

By Holger Unterbrink and Edmund Brumaghin. Executive summary Malware is constantly finding new ways to avoid detection. This doesn't mean that some will never be detected, but it does allow adversaries to increase the period of time between initial release and detection. Flying under the radar fo...

9.3CVSS8.2AI score0.99945EPSS
Exploits33
Talos Blog
Talos Blog
added 2019/07/26 6:20 a.m.406 views

Threat Roundup for July 12 to July 19

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between July 12 and July 19. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...

7.2AI score
Exploits0
Talos Blog
Talos Blog
added 2022/07/21 12:0 p.m.375 views

Attackers target Ukraine using GoMet backdoor

Executive summary Since the Russian invasion of Ukraine began, Ukrainians have been under a nearly constant barrage of cyber attacks. Working jointly with Ukrainian organizations, Cisco Talos has discovered a fairly uncommon piece of malware targeting Ukraine — this time aimed at a large software...

10CVSS0.4AI score0.99999EPSS
Exploits69
Talos Blog
Talos Blog
added 2022/10/11 6:11 p.m.367 views

Microsoft Patch Tuesday for October 2022 — Snort rules and prominent vulnerabilities

By Jon Munshaw and Vanja Svajcer. Microsoft released its monthly security update Tuesday, disclosing 83 vulnerabilities across the company’s hardware and software line, including seven critical issues in Windows’ point-to-point tunneling protocol. October's security update features 11 critical...

0.02618EPSS
Exploits4
Talos Blog
Talos Blog
added 2019/10/04 8:37 a.m.354 views

Threat Roundup for September 27 to October 4

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Sept. 27 and Oct. 4. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...

10CVSS10AI score0.99999EPSS
Exploits123
Talos Blog
Talos Blog
added 2019/09/13 2:6 p.m.353 views

Threat Roundup for September 6 to September 13

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Sept. 6 and Sept. 13. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristic...

10CVSS10AI score0.99999EPSS
Exploits123
Talos Blog
Talos Blog
added 2018/12/14 9:57 a.m.344 views

Bitcoin Bomb Scare Associated with Sextortion Scammers

This blog was written by Jaeson Schultz. Organizations across the country are on edge today after a flurry of phony bomb threats hit several public entities Thursday, such as universities, schools and news outlets, among others. The attackers distributed malicious emails claiming to have placed...

1.3AI score
Exploits0
Talos Blog
Talos Blog
added 2019/06/20 6:8 a.m.339 views

Vulnerability Spotlight: Multiple vulnerabilities in Schneider Electric Modicon M580

Jared Rittle of Cisco Talos discovered these vulnerabilities. Executive summary There are several vulnerabilities in the Schneider Electric Modicon M580 that could lead to a variety of conditions, including denial of service and the disclosure of sensitive information. The Modicon M580 is the...

7.5CVSS8.7AI score0.35039EPSS
Exploits17
Talos Blog
Talos Blog
added 2018/11/13 10:53 a.m.333 views

Microsoft Patch Tuesday — November 2018: Vulnerability disclosures and Snort coverage

Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 53 vulnerabilities, 11 of which are rated "critical," 40 that are rated "important” and one “moderate” and “low” vulnerability, each. The...

10CVSS1.8AI score0.63294EPSS
Exploits20
Total number of security vulnerabilities2032