2041 matches found
Threat Roundup for June 14 to June 21
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between June 14 and June 21. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...
Threat Roundup for October 25 to November 1
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Oct. 25 and Nov. 1. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...
Vulnerability Spotlight: YAML Parsing Remote Code Execution Vulnerabilities in Ansible Vault and Tablib
Vulnerabilities discovered by Cory Duplantis of Talos.Talos is disclosing the presences of remote code execution vulnerabilities in the processing of Yet Another Markup Language YAML content in Ansible Vault and Tablib. Attackers can exploit these vulnerabilities through supplying malicious YAML...
Vice Society Leverages PrintNightmare In Ransomware Attacks
By Edmund Brumaghin, Joe Marshall, and Arnaud Zobec. Executive Summary Another threat actor is actively exploiting the so-called PrintNightmare vulnerability CVE-2021-1675 / CVE-2021-34527 in Windows' print spooler service to spread laterally across a victim's network as part of a recent... This ...
Microsoft Patch Tuesday — January 2019: Vulnerability disclosures and Snort coverage
Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 49 vulnerabilities, seven of which are rated “critical,” 40 that are considered “important” and one that is “moderate.” This release also...
Talos releases coverage for 'wormable' Microsoft vulnerability
Last night, Cisco Talos released the latest SNORT® rule update, which includes coverage for the critical Microsoft vulnerability CVE-2019-0708. The company disclosed this vulnerability last week as part of its monthly security update. This particular bug exists in Remote Desktop Services — former...
Threat Roundup for Jan. 18 to Jan. 25
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Jan. 18 and Jan. 25. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...
Threat Roundup for July 5 to July 12
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between July 5 and July 12. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...
Microsoft Patch Tuesday — May 2019: Vulnerability disclosures and Snort coverage
Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 79 vulnerabilities, 22 of which are rated “critical," 55 that are considered "important" and one "moderate." This release also includes two...
Dynamic Data Resolver (DDR) - IDA Plugin
This blog post was authored by Holger Unterbrink Executive Summary Static reverse-engineering in IDA can often be problematic. Certain values are calculated at run time, which makes it difficult to understand what a certain basic block is doing. But, if you try to perform dynamic analysis by...
Threat Advisory: Microsoft warns of actively exploited vulnerabilities in Exchange Server
Cisco Talos has released new coverage to detect and prevent the exploitation of two recently disclosed vulnerabilities collectively referred to as "ProxyNotShell," affecting Microsoft Exchange Servers 2013, 2016 and 2019. One of these vulnerabilities could allow an attacker to execute remote code...
GhIDA: Ghidra decompiler for IDA Pro
By Andrea Marcelli Executive Summary Cisco Talos is releasing two new tools for IDA Pro: GhIDA and Ghidraaas. GhIDA is an IDA Pro plugin that integrates the Ghidra decompiler in the IDA workflow, giving users the ability to rename and highlight symbols and improved navigation and comments. GhIDA...
Threat Roundup for July 19 to July 26
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between July 19 and July 26. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...
Microsoft Patch Tuesday - July 2018
Microsoft released its monthly set of security advisories today for vulnerabilities that have been identified and addressed in various products. This month's release addresses 53 new vulnerabilities, 17 of which are rated critical, 34 are rated important, one is rated moderate, and one is rated a...
The Mutiny Fuzzing Framework and Decept Proxy
This blog post is authored by James Spadaro of Cisco ASIG and Lilith Wyatt of Cisco Talos. Imagine a scenario where you, as a vulnerability researcher, are tasked with auditing a network application to identify vulnerabilities. By itself, the task may not seem too daunting until you learn of a...
Threat Roundup for August 9 to August 16
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Aug. 9 and Aug. 16. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...
Cisco AMP tracks new campaign that delivers Ursnif
This blog post was authored by John Arneson of Cisco Talos Executive Summary Cisco Talos once again spotted the Ursnif malware in the wild. We tracked this information stealer after Cisco's Advanced Malware Protection AMP Exploit Prevention engine alerted us to these Ursnif infections. Thanks to...
Threat Roundup for October 4 to October 11
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Oct. 4 and Oct. 11. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...
Vulnerability Spotlight: Multiple Vulnerabilities in the CPP and Parity Ethereum Client
Vulnerabilities discovered by Marcin Noga of Cisco Talos. Overview Talos is disclosing the presence of multiple vulnerabilities in the CPP and the Parity Ethereum clients. TALOS-2017-0503 / CVE-2017-14457 describes a denial of service vulnerability and potential memory leak in libevm. The functio...
Threat Roundup for June 28 to July 5
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between June 28 and July 5. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...
Microsoft Patch Tuesday - September 2017
Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 81 new vulnerabilities with 27 of them rated critical, 52 rated important, and 2 rated moderate. These...
Microsoft Patch Tuesday for November 2022 — Snort rules and prominent vulnerabilities
Microsoft released its monthly security update on Tuesday, disclosing 62 vulnerabilities. Of these vulnerabilities, 8 are classified as "Critical" and the rest are classified as "Important." Three of the critical entries are remote code execution RCE vulnerabilities for Windows Point-to-Point...
PrintNightmare: Here’s what you need to know and Talos’ coverage
Over the past several weeks, there's been a lot of discussion about a particular privilege escalation vulnerability in Windows affecting the print spooler, dubbed PrintNightmare. The vulnerability CVE-2021-1675/CVE-2021-34527 has now been patched multiple times but is believed to still be... This...
Vulnerability Spotlight: Multiple Foscam C1 Vulnerabilities Come in to Focus
Executive SummaryThe Foscam C1 is a webcam that is marketed for use in a variety of applications including home security monitoring. As an indoor webcam, it is designed to be set up inside of a building and features the ability to be accessed remotely via a web interface or from within a mobile...
Flash 0-Day In The Wild: Group 123 At The Controls
This blog post is authored by Warren Mercer and Paul Rascagneres. Executive Summary The 1st of February, Adobe published an advisory concerning a Flash vulnerability CVE-2018-4878. This vulnerability is a use after free that allows Remote Code Execute through a malformed Flash object. Additionall...
Following the LNK metadata trail
Adversaries shift toward Shell Link LNK files, likely sparked by Microsofts decision to block macros, provides the opportunity to capitalize on information that can be provided by LNK metadata. Cisco Talos analyzed metadata in LNK files and correlated it with threat actors tactics techniques and...
Threat Roundup for January 31 to February 7
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Jan. 31 and Feb. 7. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...
New Cisco Talos web reputation verdicts
Cisco Talos has updated and expanded the Talos Threat Levels used to describe our web reputation verdicts. As you will see in the chart below, we are increasing the amount of reputation verdicts from three to five. We are retaining the Unknown category, just as before. Cisco Security products wil...
Checkrain fake iOS jailbreak leads to click fraud
By Warren Mercer and Paul Rascagneres. Introduction Attackers are capitalizing on the recent discovery of a new vulnerability that exists across legacy iOS hardware. Cisco Talos recently discovered a malicious actor using a fake website that claims to give iPhone users the ability to jailbreak...
Threat Roundup for August 30 to September 6
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Aug. 30 and Sept. 6. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...
Deep Dive in MarkLogic Exploitation Process via Argus PDF Converter
This post authored by Marcin Noga with contributions from William LargentTalos discovers and responsibly discloses software vulnerabilities on a regular basis. Occasionally we publish a deep technical analysis of how the vulnerability was discovered or its potential impact. In a previous post Tal...
Threat Advisory: Pulse Secure Connect Coverage
Pulse Secure announced that a critical vulnerability CVE-2021-22893 was discovered in their VPN service "Pulse Secure Connect" in a recent security advisory. The advisory states that, "a vulnerability was discovered under Pulse Connect Secure PCS. This includes an authentication by-pass... This i...
10 years of virtual dynamite: A high-level retrospective of ATM malware
Executive summary It has been 10 years since the discovery of Skimer, first malware specifically designed to attack automated teller machines ATMs. At the time, the learning curve for understanding its functionality was rather steep and analysis required specific knowledge of a manufacturer's ATM...
Vulnerability Spotlight: Multiple vulnerabilities in Aspose APIs
Marcin Noga of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered multiple remote code execution vulnerabilities in various Aspose APIs. Aspose provides a series of APIs for manipulating or converting a large family of document formats. These vulnerabilities exist in AP...
Vulnerability Spotlight: Foscam IP Video Camera Firmware Recovery Unsigned Image Vulnerability
This vulnerability was discovered by Claudio Bozzato of Cisco Talos. Executive Summary The Foscam C1 Indoor HD Camera is a network-based camera that is marketed for a variety of uses, including as a home security monitoring device. Talos recently identified 32 vulnerabilities present in these...
Modified Zyklon and plugins from India
IntroductionStreams of malicious emails Talos inspects every day usually consist of active spamming campaigns for various ransomware families, phishing campaigns and the common malware family suspects such as banking Trojans and bots.. It is however often more interesting to analyze campaigns...
Threat Roundup for Jan. 11 to Jan. 18
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Jan. 11 and Jan. 18. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...
Fake AV Investigation Unearths KevDroid, New Android Malware
This blog post is authored by Warren Mercer, Paul Rascagneres, Vitor Ventura and with contributions from Jungsoo An. Summary Several days ago, EST Security published a post concerning a fake antivirus malware targeting the Android mobile platform. In the Korean media, it was mentioned that there...
Malicious campaign uses a barrage of commodity RATs to target Afghanistan and India
Cisco Talos recently discovered a threat actor using political and government-themed malicious domains to target entities in India and Afghanistan.These attacks use dcRAT and QuasarRAT for Windows delivered via malicious documents exploiting CVE-2017-11882 — a memory corruption vulnerability in...
Microsoft Patch Tuesday - November 2017
Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 53 new vulnerabilities with 19 of them rated critical, 31 of them rated important and 3 of them rated moderate...
Threat Roundup for August 16 to August 23
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Aug. 16 and Aug. 23. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...
Threat Roundup for September 20 to September 27
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Sept. 20 and Sept. 27. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral...
Microsoft Patch Tuesday — October 18: Vulnerability disclosures and Snort coverage
Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 49 vulnerabilities, 12 of which are rated "critical," 34 that are rated "important,” two that are considered to have “moderate” severity and on...
Divergent: "Fileless" NodeJS Malware Burrows Deep Within the Host
Update 09/27/2019: Additional information regarding the malware interaction with various online advertisements has been included to highlight the click-fraud related network communications associated with Divergent. Executive summary Cisco Talos recently discovered a new malware loader being used...
Threat Roundup for November 15 to November 22
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Nov. 15 and Nov. 22. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...
Threat Roundup for September 13 to September 20
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Sept. 13 and Sept. 20. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral...
Microsoft Patch Tuesday — Aug. 2019: Vulnerability disclosures and Snort coverage
Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 97 vulnerabilities, 31 of which are rated “critical," 65 that are considered "important" and one "moderate." This month’s security update cover...
Meltdown and Spectre
Cisco Talos is aware of three new vulnerabilities impacting Intel, AMD, Qualcomm and ARM processors used by almost all computers. We are investigating these issues and although we have not observed exploitation of these vulnerabilities in the wild, that does not mean that it has not occurred. We...
Threat Roundup for December 6 to December 13
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Dec. 6 and Dec. 13. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...
VPNFilter III: More Tools for the Swiss Army Knife of Malware
Summary VPNFilter — a multi-stage, modular framework that has infected hundreds of thousands of network devices across the globe — is now known to possess even greater capabilities. Cisco Talos recently discovered seven additional third-stage VPNFilter modules that add significant functionality t...