Lucene search
K
TalosblogRecent

2033 matches found

Talos Blog
Talos Blog
added 2021/10/12 7:49 a.m.13 views

Vulnerability Spotlight: Vulnerabilities in Anker Eufy Homebase could lead to code execution, buffer overflows

Lilith of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered two vulnerabilities in the Anker Eufy Homebase. The Eufy Homebase 2 is the video storage and networking gateway that works with Anker’s Eufy Smarthome ecosystem. All Eufy... This is only the...

1AI score
Exploits0
Talos Blog
Talos Blog
added 2021/10/08 10:14 a.m.11 views

Threat Roundup for October 1 to October 8

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Oct. 1 and Oct. 8. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

1AI score
Exploits0
Talos Blog
Talos Blog
added 2021/10/08 7:50 a.m.28 views

Threat Advisory: Apache HTTP Server zero-day vulnerability opens door for attackers

A recently discovered vulnerability in Apache HTTP Server CVE-2021-41733 is being actively exploited in the wild. This vulnerability is a path traversal and file disclosure vulnerability that could allow an attacker to map URLs outside of the document root. It could also result in the exposure...

1.4AI score0.00718EPSS
Exploits1
Talos Blog
Talos Blog
added 2021/10/08 5:45 a.m.15 views

Talos Takes Ep. #71 (NCSAM edition): Reflecting on ransomware in 2021

By Jon Munshaw. The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. We are from the first or last people to say this, but 2021 is the year of ransomware. It’s by far the biggest story... Thi...

2.1AI score
Exploits0
Talos Blog
Talos Blog
added 2021/10/07 11:0 a.m.11 views

Threat Source newsletter (Oct. 7, 2021)

Newsletter compiled by Jon Munshaw.Good afternoon, Talos readers. Every day, we see mountains and mountains of data. So how do we comb through all of it to find out what's important to customers and users? Well, there are many ways, but we wanted to give readers and researchers a look... This is...

3AI score
Exploits0
Talos Blog
Talos Blog
added 2021/10/06 6:44 a.m.13 views

Threat hunting in large datasets by clustering security events

By Tiago Pereira. Security tools can produce very large amounts of data that even the most sophisticated organizations may struggle to manage. Big data processing tools, such as spark, can be a powerful tool in the arsenal of security teams.This post walks through threat hunting on large...

1.3AI score
Exploits0
Talos Blog
Talos Blog
added 2021/10/01 2:7 p.m.11 views

Threat Roundup for September 24 to October 1

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Sept. 24 and Oct. 1. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral...

0.8AI score
Exploits0
Talos Blog
Talos Blog
added 2021/10/01 6:0 a.m.13 views

Talos Takes Ep. #70: Let's put a positive spin on this whole working from home thing for once

By Jon Munshaw. The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. As part of National Cybersecurity Awareness Month, we're releasing a special series of Talos Takes episodes focused on...

0.4AI score
Exploits0
Talos Blog
Talos Blog
added 2021/09/30 11:0 a.m.14 views

Threat Source newsletter (Sept. 30, 2021)

Newsletter compiled by Jon Munshaw.Good afternoon, Talos readers. In the latest example of attackers trying to capitalize on current headlines, we've spotted a group using the recent fervor around the Pegasus spyware to spread malware. We've detailed a campaign in which the... This is only the...

2.7AI score
Exploits0
Talos Blog
Talos Blog
added 2021/09/30 6:22 a.m.28 views

A wolf in sheep's clothing: Actors spread malware by leveraging trust in Amnesty International and fear of Pegasus

By Vitor Ventura and Arnaud Zobec. Threat actors are impersonating the group Amnesty International and promising to protect against the Pegasus spyware as part of a scheme to deliver malware. Amnesty International recently made international headlines when it released a groundbreaking report on...

1.6AI score
Exploits0
Talos Blog
Talos Blog
added 2021/09/24 10:7 a.m.11 views

Threat Roundup for September 17 to September 24

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Sept. 17 and Sept. 24. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral... This is on...

0.7AI score
Exploits0
Talos Blog
Talos Blog
added 2021/09/24 8:52 a.m.10 views

Talos Takes Ep. #69: Our armadillo in shining armor

By Jon Munshaw. The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. We also preach the importance of multi-factor authentication. But what happens when the bad guys start going after... This...

1.4AI score
Exploits0
Talos Blog
Talos Blog
added 2021/09/23 11:0 a.m.14 views

Threat Source newsletter (Sept. 23, 2021)

Newsletter compiled by Jon Munshaw.Good afternoon, Talos readers. The Russian APT Turla is one of the most notorious threat actors out there today. And they aren't stopping, recently adding a new backdoor to their arsenal that serves as a "last chance" to retain a foothold on victim... This is on...

3.9AI score
Exploits0
Talos Blog
Talos Blog
added 2021/09/23 10:45 a.m.25 views

Operation “Armor Piercer:” Targeted attacks in the Indian subcontinent using commercial RATs

By Asheer Malhotra, Vanja Svajcer and Justin Thattil. Cisco Talos is tracking a campaign targeting government personnel in India using themes and tactics similar to APT36 aka Mythic Leopard and Transparent Tribe.This campaign distributes malicious documents and archives to deliver the Netwire...

2.9AI score
Exploits0
Talos Blog
Talos Blog
added 2021/09/23 8:0 a.m.19 views

Vulnerability Spotlight: Information disclosure vulnerability in D-LINK DIR-3040 mesh router

Dave McDaniel of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered an exploitable information disclosure vulnerability in the D-LINK DIR-3040 smart WiFi mesh router that could allow an adversary to eventually turn off the device or remove other... Thi...

1.6AI score
Exploits0
Talos Blog
Talos Blog
added 2021/09/22 3:10 a.m.26 views

TinyTurla - Turla deploys new malware to keep a secret backdoor on victim machines

News summary Cisco Talos recently discovered a new backdoor used by the Russian Turla APT group.We have seen infections in the U.S., Germany and, more recently, in Afghanistan. It is likely used as a stealth second-chance backdoor to keep access to infected devicesIt can be used to download,...

1.7AI score
Exploits0
Talos Blog
Talos Blog
added 2021/09/17 1:28 p.m.15 views

Threat Roundup for September 10 to September 17

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Sept. 10 and Sept. 17. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral... This is on...

0.7AI score
Exploits0
Talos Blog
Talos Blog
added 2021/09/17 7:39 a.m.15 views

Talos Takes Ep. #68: The various pivots and pitfalls in a malware investigation

By Jon Munshaw. The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. On this week's episode, Vitor Ventura from our research team walks through his recent work on connecting several... This i...

1.7AI score
Exploits0
Talos Blog
Talos Blog
added 2021/09/16 11:0 a.m.13 views

Threat Source newsletter (Sept. 16, 2021)

Newsletter compiled by Jon Munshaw.Good afternoon, Talos readers. It's a bird, it's a plane, it's a rat! We've been tracking a series of trojans targeting the aviation industry, and trying to lure victims in by sending them spam related to flight itineraries and other transportation... This is on...

3.9AI score
Exploits0
Talos Blog
Talos Blog
added 2021/09/16 10:48 a.m.39 views

Operation Layover: How we tracked an attack on the aviation industry to five years of compromise

By Tiago Pereira and Vitor Ventura. Cisco Talos linked the recent aviation targeting campaigns to an actor who has been targeting the aviation industry for two years.The same actor has been running successful malware campaigns for more than five years.Although always using commodity malware, the...

5.5AI score
Exploits0
Talos Blog
Talos Blog
added 2021/09/14 10:33 a.m.21 views

Microsoft Patch Tuesday for Sept. 2021 — Snort rules and prominent vulnerabilities

By Jon Munshaw, with contributions from Holger Unterbrink. Microsoft released its monthly security update Tuesday, disclosing 85 vulnerabilities across the company’s firmware and software. This month’s release is headlined by an official patch for the critical remote code execution... This is onl...

2.4AI score
Exploits0
Talos Blog
Talos Blog
added 2021/09/14 6:23 a.m.17 views

Downtime on Talos Intelligence

TalosIntelligence.com will be down for a short time on Sept. 17 around 10 a.m. ET while we perform some routine maintenance on the site. We apologize for any inconvenience this may cause. We expect the interruption will only last for about 30 minutes. This is only the beginning! Please visit the...

2.1AI score
Exploits0
Talos Blog
Talos Blog
added 2021/09/13 7:12 a.m.10 views

Vulnerability Spotlight: Code execution vulnerability in Nitro Pro PDF

A Cisco Talos team member discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered a vulnerability in the Nitro Pro PDF reader that could allow an attacker to execute code in the context of the application. Nitro Pro PDF is part of Nitro Software’s... This is only th...

2.1AI score
Exploits0
Talos Blog
Talos Blog
added 2021/09/10 12:3 p.m.14 views

Threat Roundup for September 3 to September 10

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Sept. 3 and Sept. 10. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral...

0.8AI score
Exploits0
Talos Blog
Talos Blog
added 2021/09/10 7:20 a.m.14 views

Talos Takes Ep. #67: What a leaked playbook tells us about the Conti ransomware group

By Jon Munshaw. The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. There's a lot to take apart in the recently leaked Conti ransomware playbook. After a disgruntled member of the... This is...

1.3AI score
Exploits0
Talos Blog
Talos Blog
added 2021/09/09 12:57 p.m.10 views

Talos release protection against zero-day vulnerability in Microsoft MSHTML

Cisco Talos released new SNORT® rules Thursday to protect against the exploitation of a zero-day vulnerability in Microsoft MSHTML that the company warns is being actively exploited in the wild. Users are encouraged to deploy SIDs 58120 – 58129, Snort 3 SID 300049 and ClamAV... This is only the...

2.1AI score
Exploits0
Talos Blog
Talos Blog
added 2021/09/09 11:0 a.m.14 views

Threat Source newsletter (Sept. 9, 2021)

Newsletter compiled by Jon Munshaw.Good afternoon, Talos readers. The biggest security news this week is no doubt another Microsoft zero-day. On the heels of PrintNightmare and multiple Exchange Server vulnerabilities comes a code execution vulnerability in MSHTML, the rendering engine... This is...

2.3AI score
Exploits0
Talos Blog
Talos Blog
added 2021/09/07 8:56 a.m.12 views

Vulnerability Spotlight: Heap buffer overflow vulnerability in Ribbonsoft dxflib library

Lilith of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered an exploitable heap-based buffer overflow vulnerability in Ribbonsoft’s dxflib library that could lead to code execution. The dxflib library is a C++ library utilized by... This is only the...

1.9AI score
Exploits0
Talos Blog
Talos Blog
added 2021/09/03 9:57 a.m.13 views

Threat Roundup for August 27 to September 3

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Aug. 27 and Sept. 3. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral...

0.9AI score
Exploits0
Talos Blog
Talos Blog
added 2021/09/03 6:9 a.m.16 views

Talos Takes Ep. #66: Dude, where's my bandwidth?

By Jon Munshaw. The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. “Proxyware” sounds like a complicated topic that you’re too afraid to ask about. But really, it’s just software that... Th...

1.8AI score
Exploits0
Talos Blog
Talos Blog
added 2021/09/02 1:33 p.m.12 views

Beers with Talos, Ep. #109: We have not secured our society — Or, working out a conference talk in realtime

Beers with Talos BWT Podcast episode No. 109 is now available. Download this episode and subscribe to Beers with Talos:Apple Podcasts Google PodcastsSpotify StitcherIf iTunes and Google Play aren't your thing, click here. Most of the Beers with Talos guys got a chance to take... This is only the...

1.7AI score
Exploits0
Talos Blog
Talos Blog
added 2021/09/02 11:0 a.m.13 views

Threat Source newsletter (Sept. 2, 2021)

Newsletter compiled by Jon Munshaw.Good afternoon, Talos readers. If you haven't seen already, our blog has a lot of cool and new stuff this week. We first dove into the world of proxyware on Tuesday aka internet-sharing applications. Attackers are hiding in this newly popular... This is only the...

2.4AI score
Exploits0
Talos Blog
Talos Blog
added 2021/09/02 6:0 a.m.11 views

Attracting flies with Honey(gain): Adversarial abuse of proxyware

By Edmund Brumaghin and Vitor Ventura. With internet-sharing applications, or "proxyware," users download software that allows them to share a percentage of their bandwidth with other internet users for a fee, with the companies that created this software acting as a go-between.As proxyware has...

4.6AI score
Exploits0
Talos Blog
Talos Blog
added 2021/09/02 5:29 a.m.37 views

Translated: Talos' insights from the recently leaked Conti ransomware playbook

By Caitlin Huey, David Liebenberg, Azim Khodjibaev, and Dmytro Korzhevin. Executive summary Cisco Talos recently became aware of a leaked playbook that has been attributed to the ransomware-as-a-service RaaS group Conti. Talos has a team of dedicated, native-level speakers that translated these...

3.1AI score
Exploits0
Talos Blog
Talos Blog
added 2021/08/27 11:44 a.m.20 views

Threat Roundup for August 20 to August 27

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Aug. 20 and Aug. 27. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral...

1.1AI score
Exploits0
Talos Blog
Talos Blog
added 2021/08/27 4:33 a.m.14 views

Talos Takes Ep: #65: How several RAT campaigns in Latin America are connected

By Jon Munshaw. The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. As more people around the world start to get vaccinated against COVID-19, travel is becoming easier, especially during...

2AI score
Exploits0
Talos Blog
Talos Blog
added 2021/08/26 11:0 a.m.18 views

Threat Source newsletter (Aug. 26, 2021)

Newsletter compiled by Jon Munshaw.Good afternoon, Talos readers. We have RATs on RATs on RATs over the past few weeks. And last week, we found a few more heading to Latin America to target users and try to steal their login credentials. The threat actor in this case has some compelling... This i...

2.2AI score
Exploits0
Talos Blog
Talos Blog
added 2021/08/24 7:0 a.m.12 views

Malicious Campaign Targets Latin America: The seller, The operator and a curious link

By Asheer Malhotra and Vitor Ventura, with contributions from Vanja Svajcer. Cisco Talos has observed a new malware campaign delivering commodity RATs, including njRAT and AsyncRAT.The campaign targets travel and hospitality organizations in Latin America.Techniques utilized in this campaign...

2.2AI score
Exploits0
Talos Blog
Talos Blog
added 2021/08/20 11:23 a.m.23 views

Threat Roundup for August 13 to August 20

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Aug. 13 and Aug. 20. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral...

1.1AI score
Exploits0
Talos Blog
Talos Blog
added 2021/08/19 11:0 a.m.26 views

Threat Source newsletter (Aug. 19, 2021)

Newsletter compiled by Jon Munshaw.Good afternoon, Talos readers. I'm writing this on Tuesday morning on account of vacation again, so apologies if we miss any major stories. You certainly don't want to miss our latest blog post on the Neurevt remote access trojan that's... This is only the...

3.4AI score
Exploits0
Talos Blog
Talos Blog
added 2021/08/17 10:35 a.m.43 views

Neurevt trojan takes aim at Mexican users

By Chetan Raghuprasad, with contributions from Vanja Svajcer. News summaryCisco Talos discovered a new version of the Neurevt trojan with spyware and backdoor capabilities in June 2021 using Cisco Secure Endpoint product telemetry.This version of Neurevt appears to target users of Mexican...

3.6AI score
Exploits0
Talos Blog
Talos Blog
added 2021/08/17 10:2 a.m.37 views

Vulnerability Spotlight: Memory corruption vulnerability in Daemon Tools Pro

Piotr Bania of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered a memory corruption vulnerability in Disc Soft Ltd.'s Daemon Tools Pro. Daemon Tools Pro is a professional emulation software that works with disc images and virtual... This is only the...

1.7AI score
Exploits0
Talos Blog
Talos Blog
added 2021/08/16 6:37 a.m.34 views

Vulnerability Spotlight: Multiple integer overflow vulnerabilities in GPAC Project on Advanced Content

A Cisco Talos team member discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered multiple integer overflow vulnerabilities in the GPAC Project on Advanced Content that could lead to memory corruption. The GPAC Project on Advanced Content is an open-source... This i...

2AI score
Exploits0
Talos Blog
Talos Blog
added 2021/08/13 10:12 a.m.33 views

Threat Roundup for August 6 to August 13

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Aug. 6 and Aug. 13. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral...

1.1AI score
Exploits0
Talos Blog
Talos Blog
added 2021/08/13 7:0 a.m.38 views

Talos Takes Ep. #64: Back 2 Skool edition

By Jon Munshaw. The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. There's no shortage of complications leading into this new school year. Students, parents, teachers and admins alike... Th...

1.9AI score
Exploits0
Talos Blog
Talos Blog
added 2021/08/12 4:16 p.m.310 views

Vice Society Leverages PrintNightmare In Ransomware Attacks

By Edmund Brumaghin, Joe Marshall, and Arnaud Zobec. Executive Summary Another threat actor is actively exploiting the so-called PrintNightmare vulnerability CVE-2021-1675 / CVE-2021-34527 in Windows' print spooler service to spread laterally across a victim's network as part of a recent... This ...

9.3CVSS4.6AI score0.99759EPSS
Exploits75
Talos Blog
Talos Blog
added 2021/08/12 11:0 a.m.33 views

Threat Source newsletter (Aug. 12, 2021)

Newsletter compiled by Jon Munshaw.Good afternoon, Talos readers. No, that's not Ratatouille. It's ServHelper, who is much more dangerous albeit just as cute as the cartoon chef. We have a new blog post out today detailing this RAT, run by the threat actor Group TA505, that is... This is only the...

2.4AI score
Exploits0
Talos Blog
Talos Blog
added 2021/08/12 5:1 a.m.47 views

Signed MSI files, Raccoon and Amadey are used for installing ServHelper RAT

By Vanja Svajcer. News summaryGroup TA505 has been active for at least seven years, making wide-ranging connections with other threat actors involved in ransomware, stealing credit card numbers and exfiltrating data. One of the common tools in TA505's arsenal is ServHelper. In mid-June, Cisco...

3AI score
Exploits0
Talos Blog
Talos Blog
added 2021/08/11 7:10 a.m.38 views

Talos Incident Response quarterly threat report — The top malware families and TTPs used in Q2 2021

By David Liebenberg and Caitlin Huey. Last quarter, ransomware was not the most dominant threat for the first time since we began compiling these reports. We theorized that this was due to a huge uptick in Microsoft Exchange exploitation, which temporarily became a primary focus for Cisco... This...

0.2AI score
Exploits0
Talos Blog
Talos Blog
added 2021/08/10 10:36 a.m.18 views

Microsoft Patch Tuesday for August 2021 — Snort rules and prominent vulnerabilities

By Jon Munshaw, with contributions from Martin Lee. Microsoft released its monthly security update Tuesday, disclosing 44 vulnerabilities in the company’s firmware and software. This is the fewest amount of vulnerabilities Microsoft has patched in a month in more than two years. There... This is...

2.5AI score
Exploits0
Total number of security vulnerabilities2033