Lucene search
+L
TalosblogMost viewed

2041 matches found

Talos Blog
Talos Blog
added 2019/06/24 8:31 a.m.323 views

Threat Roundup for June 14 to June 21

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between June 14 and June 21. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...

7.2AI score
Exploits0
Talos Blog
Talos Blog
added 2019/11/01 10:31 a.m.314 views

Threat Roundup for October 25 to November 1

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Oct. 25 and Nov. 1. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

10CVSS10AI score0.99999EPSS
Exploits123
Talos Blog
Talos Blog
added 2017/09/14 7:30 a.m.312 views

Vulnerability Spotlight: YAML Parsing Remote Code Execution Vulnerabilities in Ansible Vault and Tablib

Vulnerabilities discovered by Cory Duplantis of Talos.Talos is disclosing the presences of remote code execution vulnerabilities in the processing of Yet Another Markup Language YAML content in Ansible Vault and Tablib. Attackers can exploit these vulnerabilities through supplying malicious YAML...

7.5CVSS1.7AI score0.0487EPSS
Exploits3
Talos Blog
Talos Blog
added 2021/08/12 4:16 p.m.311 views

Vice Society Leverages PrintNightmare In Ransomware Attacks

By Edmund Brumaghin, Joe Marshall, and Arnaud Zobec. Executive Summary Another threat actor is actively exploiting the so-called PrintNightmare vulnerability CVE-2021-1675 / CVE-2021-34527 in Windows' print spooler service to spread laterally across a victim's network as part of a recent... This ...

9.3CVSS4.6AI score0.99759EPSS
Exploits75
Talos Blog
Talos Blog
added 2019/01/08 11:40 a.m.307 views

Microsoft Patch Tuesday — January 2019: Vulnerability disclosures and Snort coverage

Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 49 vulnerabilities, seven of which are rated “critical,” 40 that are considered “important” and one that is “moderate.” This release also...

10CVSS0.9AI score0.82902EPSS
Exploits39
Talos Blog
Talos Blog
added 2019/05/21 2:25 p.m.305 views

Talos releases coverage for 'wormable' Microsoft vulnerability

Last night, Cisco Talos released the latest SNORT® rule update, which includes coverage for the critical Microsoft vulnerability CVE-2019-0708. The company disclosed this vulnerability last week as part of its monthly security update. This particular bug exists in Remote Desktop Services — former...

10CVSS1.4AI score0.99999EPSS
Exploits123
Talos Blog
Talos Blog
added 2019/01/25 11:52 a.m.301 views

Threat Roundup for Jan. 18 to Jan. 25

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Jan. 18 and Jan. 25. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...

8AI score
Exploits0
Talos Blog
Talos Blog
added 2019/07/12 10:34 a.m.299 views

Threat Roundup for July 5 to July 12

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between July 5 and July 12. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

7.5AI score
Exploits0
Talos Blog
Talos Blog
added 2019/05/21 6:0 a.m.298 views

Microsoft Patch Tuesday — May 2019: Vulnerability disclosures and Snort coverage

Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 79 vulnerabilities, 22 of which are rated “critical," 55 that are considered "important" and one "moderate." This release also includes two...

10CVSS0.8AI score0.99999EPSS
Exploits125
Talos Blog
Talos Blog
added 2019/01/16 7:55 a.m.297 views

Dynamic Data Resolver (DDR) - IDA Plugin

This blog post was authored by Holger Unterbrink Executive Summary Static reverse-engineering in IDA can often be problematic. Certain values are calculated at run time, which makes it difficult to understand what a certain basic block is doing. But, if you try to perform dynamic analysis by...

7AI score
Exploits0
Talos Blog
Talos Blog
added 2022/09/30 9:16 p.m.291 views

Threat Advisory: Microsoft warns of actively exploited vulnerabilities in Exchange Server

Cisco Talos has released new coverage to detect and prevent the exploitation of two recently disclosed vulnerabilities collectively referred to as "ProxyNotShell," affecting Microsoft Exchange Servers 2013, 2016 and 2019. One of these vulnerabilities could allow an attacker to execute remote code...

0.1AI score0.9997EPSS
Exploits16
Talos Blog
Talos Blog
added 2019/09/05 8:5 a.m.289 views

GhIDA: Ghidra decompiler for IDA Pro

By Andrea Marcelli Executive Summary Cisco Talos is releasing two new tools for IDA Pro: GhIDA and Ghidraaas. GhIDA is an IDA Pro plugin that integrates the Ghidra decompiler in the IDA workflow, giving users the ability to rename and highlight symbols and improved navigation and comments. GhIDA...

0.1AI score
Exploits0
Talos Blog
Talos Blog
added 2019/07/26 10:13 a.m.288 views

Threat Roundup for July 19 to July 26

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between July 19 and July 26. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...

7.5AI score
Exploits0
Talos Blog
Talos Blog
added 2018/07/10 10:36 a.m.281 views

Microsoft Patch Tuesday - July 2018

Microsoft released its monthly set of security advisories today for vulnerabilities that have been identified and addressed in various products. This month's release addresses 53 new vulnerabilities, 17 of which are rated critical, 34 are rated important, one is rated moderate, and one is rated a...

7.6CVSS0.7AI score0.75339EPSS
Exploits14
Talos Blog
Talos Blog
added 2017/12/07 10:6 a.m.277 views

The Mutiny Fuzzing Framework and Decept Proxy

This blog post is authored by James Spadaro of Cisco ASIG and Lilith Wyatt of Cisco Talos. Imagine a scenario where you, as a vulnerability researcher, are tasked with auditing a network application to identify vulnerabilities. By itself, the task may not seem too daunting until you learn of a...

5CVSS8.1AI score0.03742EPSS
Exploits0
Talos Blog
Talos Blog
added 2019/08/16 9:44 a.m.275 views

Threat Roundup for August 9 to August 16

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Aug. 9 and Aug. 16. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

10CVSS0.99999EPSS
Exploits123
Talos Blog
Talos Blog
added 2019/01/24 10:39 a.m.274 views

Cisco AMP tracks new campaign that delivers Ursnif

This blog post was authored by John Arneson of Cisco Talos Executive Summary Cisco Talos once again spotted the Ursnif malware in the wild. We tracked this information stealer after Cisco's Advanced Malware Protection AMP Exploit Prevention engine alerted us to these Ursnif infections. Thanks to...

0.6AI score
Exploits0
Talos Blog
Talos Blog
added 2019/10/11 8:45 a.m.262 views

Threat Roundup for October 4 to October 11

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Oct. 4 and Oct. 11. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

10CVSS10AI score0.99999EPSS
Exploits123
Talos Blog
Talos Blog
added 2018/01/09 8:12 a.m.254 views

Vulnerability Spotlight: Multiple Vulnerabilities in the CPP and Parity Ethereum Client

Vulnerabilities discovered by Marcin Noga of Cisco Talos. Overview Talos is disclosing the presence of multiple vulnerabilities in the CPP and the Parity Ethereum clients. TALOS-2017-0503 / CVE-2017-14457 describes a denial of service vulnerability and potential memory leak in libevm. The functio...

6.8CVSS8.4AI score0.02086EPSS
Exploits8
Talos Blog
Talos Blog
added 2019/07/08 7:35 a.m.253 views

Threat Roundup for June 28 to July 5

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between June 28 and July 5. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

0.1AI score
Exploits0
Talos Blog
Talos Blog
added 2017/09/12 3:41 p.m.248 views

Microsoft Patch Tuesday - September 2017

Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 81 new vulnerabilities with 27 of them rated critical, 52 rated important, and 2 rated moderate. These...

9.3CVSS1.8AI score0.88698EPSS
Exploits59
Talos Blog
Talos Blog
added 2022/11/08 6:22 p.m.246 views

Microsoft Patch Tuesday for November 2022 — Snort rules and prominent vulnerabilities

Microsoft released its monthly security update on Tuesday, disclosing 62 vulnerabilities. Of these vulnerabilities, 8 are classified as "Critical" and the rest are classified as "Important." Three of the critical entries are remote code execution RCE vulnerabilities for Windows Point-to-Point...

1AI score0.77326EPSS
Exploits4
Talos Blog
Talos Blog
added 2021/07/08 1:25 p.m.243 views

PrintNightmare: Here’s what you need to know and Talos’ coverage

Over the past several weeks, there's been a lot of discussion about a particular privilege escalation vulnerability in Windows affecting the print spooler, dubbed PrintNightmare. The vulnerability CVE-2021-1675/CVE-2021-34527 has now been patched multiple times but is believed to still be... This...

9.3CVSS1.9AI score0.99759EPSS
Exploits75
Talos Blog
Talos Blog
added 2017/06/19 8:45 a.m.240 views

Vulnerability Spotlight: Multiple Foscam C1 Vulnerabilities Come in to Focus

Executive SummaryThe Foscam C1 is a webcam that is marketed for use in a variety of applications including home security monitoring. As an indoor webcam, it is designed to be set up inside of a building and features the ability to be accessed remotely via a web interface or from within a mobile...

7.5CVSS1.6AI score0.26248EPSS
Exploits29
Talos Blog
Talos Blog
added 2018/02/02 8:27 a.m.238 views

Flash 0-Day In The Wild: Group 123 At The Controls

This blog post is authored by Warren Mercer and Paul Rascagneres. Executive Summary The 1st of February, Adobe published an advisory concerning a Flash vulnerability CVE-2018-4878. This vulnerability is a use after free that allows Remote Code Execute through a malformed Flash object. Additionall...

7.5CVSS9.4AI score0.89532EPSS
Exploits19
Talos Blog
Talos Blog
added 2023/01/19 1:0 p.m.237 views

Following the LNK metadata trail

Adversaries shift toward Shell Link LNK files, likely sparked by Microsofts decision to block macros, provides the opportunity to capitalize on information that can be provided by LNK metadata. Cisco Talos analyzed metadata in LNK files and correlated it with threat actors tactics techniques and...

9.3CVSS7.8AI score0.71075EPSS
Exploits16
Talos Blog
Talos Blog
added 2020/02/07 11:56 a.m.237 views

Threat Roundup for January 31 to February 7

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Jan. 31 and Feb. 7. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

10CVSS10AI score0.99999EPSS
Exploits123
Talos Blog
Talos Blog
added 2019/09/19 10:13 a.m.231 views

New Cisco Talos web reputation verdicts

Cisco Talos has updated and expanded the Talos Threat Levels used to describe our web reputation verdicts. As you will see in the chart below, we are increasing the amount of reputation verdicts from three to five. We are retaining the Unknown category, just as before. Cisco Security products wil...

0.1AI score
Exploits0
Talos Blog
Talos Blog
added 2019/10/15 1:33 a.m.228 views

Checkrain fake iOS jailbreak leads to click fraud

By Warren Mercer and Paul Rascagneres. Introduction Attackers are capitalizing on the recent discovery of a new vulnerability that exists across legacy iOS hardware. Cisco Talos recently discovered a malicious actor using a fake website that claims to give iPhone users the ability to jailbreak...

0.5AI score
Exploits0
Talos Blog
Talos Blog
added 2019/09/06 11:33 a.m.227 views

Threat Roundup for August 30 to September 6

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Aug. 30 and Sept. 6. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...

10CVSS10AI score0.99999EPSS
Exploits123
Talos Blog
Talos Blog
added 2017/09/14 12:38 p.m.225 views

Deep Dive in MarkLogic Exploitation Process via Argus PDF Converter

This post authored by Marcin Noga with contributions from William LargentTalos discovers and responsibly discloses software vulnerabilities on a regular basis. Occasionally we publish a deep technical analysis of how the vulnerability was discovered or its potential impact. In a previous post Tal...

6.8CVSS8.6AI score0.02062EPSS
Exploits2
Talos Blog
Talos Blog
added 2021/04/22 10:29 a.m.223 views

Threat Advisory: Pulse Secure Connect Coverage

Pulse Secure announced that a critical vulnerability CVE-2021-22893 was discovered in their VPN service "Pulse Secure Connect" in a recent security advisory. The advisory states that, "a vulnerability was discovered under Pulse Connect Secure PCS. This includes an authentication by-pass... This i...

7.5CVSS2.6AI score0.47172EPSS
Exploits9
Talos Blog
Talos Blog
added 2019/05/30 9:47 a.m.220 views

10 years of virtual dynamite: A high-level retrospective of ATM malware

Executive summary It has been 10 years since the discovery of Skimer, first malware specifically designed to attack automated teller machines ATMs. At the time, the learning curve for understanding its functionality was rather steep and analysis required specific knowledge of a manufacturer's ATM...

Exploits0
Talos Blog
Talos Blog
added 2019/08/30 6:0 a.m.219 views

Vulnerability Spotlight: Multiple vulnerabilities in Aspose APIs

Marcin Noga of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered multiple remote code execution vulnerabilities in various Aspose APIs. Aspose provides a series of APIs for manipulating or converting a large family of document formats. These vulnerabilities exist in AP...

6.8CVSS0.9AI score0.03282EPSS
Exploits1
Talos Blog
Talos Blog
added 2018/04/17 7:59 a.m.213 views

Vulnerability Spotlight: Foscam IP Video Camera Firmware Recovery Unsigned Image Vulnerability

This vulnerability was discovered by Claudio Bozzato of Cisco Talos. Executive Summary The Foscam C1 Indoor HD Camera is a network-based camera that is marketed for a variety of uses, including as a home security monitoring device. Talos recently identified 32 vulnerabilities present in these...

5.8CVSS0.4AI score0.01106EPSS
Exploits2
Talos Blog
Talos Blog
added 2017/05/23 6:5 a.m.213 views

Modified Zyklon and plugins from India

IntroductionStreams of malicious emails Talos inspects every day usually consist of active spamming campaigns for various ransomware families, phishing campaigns and the common malware family suspects such as banking Trojans and bots.. It is however often more interesting to analyze campaigns...

9.3CVSS7.9AI score0.84971EPSS
Exploits8
Talos Blog
Talos Blog
added 2019/01/18 3:13 p.m.211 views

Threat Roundup for Jan. 11 to Jan. 18

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Jan. 11 and Jan. 18. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...

7.2AI score
Exploits0
Talos Blog
Talos Blog
added 2018/04/02 8:48 a.m.210 views

Fake AV Investigation Unearths KevDroid, New Android Malware

This blog post is authored by Warren Mercer, Paul Rascagneres, Vitor Ventura and with contributions from Jungsoo An. Summary Several days ago, EST Security published a post concerning a fake antivirus malware targeting the Android mobile platform. In the Korean media, it was mentioned that there...

9.3CVSS7.5AI score0.99945EPSS
Exploits39
Talos Blog
Talos Blog
added 2021/10/26 1:13 p.m.208 views

Malicious campaign uses a barrage of commodity RATs to target Afghanistan and India

Cisco Talos recently discovered a threat actor using political and government-themed malicious domains to target entities in India and Afghanistan.These attacks use dcRAT and QuasarRAT for Windows delivered via malicious documents exploiting CVE-2017-11882 — a memory corruption vulnerability in...

9.3CVSS3.5AI score0.99945EPSS
Exploits33
Talos Blog
Talos Blog
added 2017/11/14 11:54 a.m.206 views

Microsoft Patch Tuesday - November 2017

Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 53 new vulnerabilities with 19 of them rated critical, 31 of them rated important and 3 of them rated moderate...

9.3CVSS9.6AI score0.99945EPSS
Exploits68
Talos Blog
Talos Blog
added 2019/08/23 1:21 p.m.205 views

Threat Roundup for August 16 to August 23

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Aug. 16 and Aug. 23. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...

10CVSS10AI score0.99999EPSS
Exploits123
Talos Blog
Talos Blog
added 2019/09/27 7:22 a.m.204 views

Threat Roundup for September 20 to September 27

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Sept. 20 and Sept. 27. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral...

10CVSS10AI score0.99999EPSS
Exploits123
Talos Blog
Talos Blog
added 2018/10/09 11:38 a.m.204 views

Microsoft Patch Tuesday — October 18: Vulnerability disclosures and Snort coverage

Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 49 vulnerabilities, 12 of which are rated "critical," 34 that are rated "important,” two that are considered to have “moderate” severity and on...

9.3CVSS0.9AI score0.69833EPSS
Exploits33
Talos Blog
Talos Blog
added 2019/09/30 11:0 a.m.202 views

Divergent: "Fileless" NodeJS Malware Burrows Deep Within the Host

Update 09/27/2019: Additional information regarding the malware interaction with various online advertisements has been included to highlight the click-fraud related network communications associated with Divergent. Executive summary Cisco Talos recently discovered a new malware loader being used...

0.9AI score
Exploits0
Talos Blog
Talos Blog
added 2019/11/22 9:57 a.m.201 views

Threat Roundup for November 15 to November 22

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Nov. 15 and Nov. 22. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...

10CVSS10AI score0.99999EPSS
Exploits123
Talos Blog
Talos Blog
added 2019/09/20 12:16 p.m.200 views

Threat Roundup for September 13 to September 20

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Sept. 13 and Sept. 20. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral...

10CVSS10AI score0.99999EPSS
Exploits123
Talos Blog
Talos Blog
added 2019/08/14 9:55 a.m.198 views

Microsoft Patch Tuesday — Aug. 2019: Vulnerability disclosures and Snort coverage

Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 97 vulnerabilities, 31 of which are rated “critical," 65 that are considered "important" and one "moderate." This month’s security update cover...

10CVSS0.4AI score0.83433EPSS
Exploits7
Talos Blog
Talos Blog
added 2018/01/08 9:16 a.m.198 views

Meltdown and Spectre

Cisco Talos is aware of three new vulnerabilities impacting Intel, AMD, Qualcomm and ARM processors used by almost all computers. We are investigating these issues and although we have not observed exploitation of these vulnerabilities in the wild, that does not mean that it has not occurred. We...

4.7CVSS7.4AI score0.93838EPSS
Exploits13
Talos Blog
Talos Blog
added 2019/12/13 10:3 a.m.197 views

Threat Roundup for December 6 to December 13

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Dec. 6 and Dec. 13. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

10CVSS10AI score0.99999EPSS
Exploits123
Talos Blog
Talos Blog
added 2018/09/26 7:59 a.m.197 views

VPNFilter III: More Tools for the Swiss Army Knife of Malware

Summary VPNFilter — a multi-stage, modular framework that has infected hundreds of thousands of network devices across the globe — is now known to possess even greater capabilities. Cisco Talos recently discovered seven additional third-stage VPNFilter modules that add significant functionality t...

5CVSS0.96087EPSS
Exploits24
Total number of security vulnerabilities2041