2032 matches found
Microsoft Patch Tuesday for June 2021 — Snort rules and prominent vulnerabilities
By Jon Munshaw, with contributions from Edmund Brumaghin. Microsoft released its monthly security update Tuesday, disclosing 51 vulnerabilities across its suite of products, breaking last month’s 16-month record of the fewest vulnerabilities disclosed in a month by the company. There... This is...
Vulnerability Spotlight: Use-after-free vulnerability in WebKit
Marcin Towalski of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. The WebKit browser engine contains a use-after-free vulnerability in its GraphicsContext function. A malicious web page code could trigger a use-after-free error, which could lead to a potential information...
Necro Python bot adds new exploits and Tezos mining to its bag of tricks
By Vanja Svajcer, with contributions from Caitlin Huey and Kendall McKay. News summarySome malware families stay static in terms of their functionality. But a newly discovered malware campaign utilizing the Necro Python bot shows this actor is adding new functionality and improving its chances...
Intelligence-driven disruption of ransomware campaigns
By Neil Jenkins and Matthew Olney. Note: Our guest co-author, Neil Jenkins, is the Chief Analytic Officer at the Cyber Threat Alliance. He leads the CTA's analytic efforts, focusing on the development of threat profiles, adversary playbooks and other analysis using the threat intelligence in the...
Threat Roundup for May 28 to June 4
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between May 28 and June 4. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...
Threat Source newsletter (June 3, 2021)
Newsletter compiled by Jon Munshaw.Good afternoon, Talos readers. If you didn't catch us live yesterday, we've uploaded the full version of our stream on Discord and Slack malware to our YouTube page. Chris Neal from Talos Outreach walked through his recent research into these campaigns... This i...
Vulnerability Spotlight: A deep dive into macOS SMB server
By Aleksandar Nikolich.Executive summary Cisco Talos recently discovered multiple vulnerabilities in macOS’s implementation of SMB server. An adversary could exploit these vulnerabilities to carry out a variety of malicious actions, including revealing sensitive information on the server,...
Vulnerability Spotlight: Multiple vulnerabilities in Accusoft ImageGear
Emmanuel Tacheau of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered multiple vulnerabilities in Accusoft ImageGear. The ImageGear library is a document-imaging developer toolkit that allows users to create, edit, annotate and convert various...
Threat Roundup for May 21 to May 28
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between May 21 and May 28. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...
Talos Takes Ep. #55: How Transparent Tribe could evolve in the future
By Jon Munshaw. The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. We recently covered how the Transparent Tribe APT added another RAT to its arsenal. Where might they go from here? In...
Threat Source newsletter (May 27, 2021)
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. We're used to referring to attackers as either APTs or not APTs. And when something is an APT, it sounds a lot scarier and sexier. But it's our belief that that isn't going to cut it anymore. Therefore, we propose in a... This is...
Elizabethan England has nothing on modern-day Russia
This post was authored by Warren Mercer and Vitor Ventura The threat landscape is changing. Organizations need to defend against an ever-evolving tranche of threat actors. For a long time, the lines that distinguish state-sponsored and crimeware groups were well-defined. We believe this is... Thi...
Vulnerability Spotlight: Multiple vulnerabilities in Trend Micro Home Network Security Station
Carl Hurd and Kelly Leuschner of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered multiple vulnerabilities in Trend Micro’s Home Network Security Station. The Home Network Security Station is a device that monitors and protects home... This is only t...
Threat Roundup for May 14 to May 21
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between May 14 and May 21. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...
Talos Takes Ep. #54: Incident response is just as much about the relationships as anything else
By Jon Munshaw. The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. Brad Garnett, Cisco Talos Incident Response's fearless leader, joins the show this week to expound more on his recent...
Threat Source newsletter (May 20, 2021)
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. We know a lot of you may be tired of "content" after RSA week. But we have some more for you! And specifically related to RSA, Cisco Talos Incident Response has new case studies out detailing a few recent engagements... This is on...
Vulnerability Spotlight: Heap-based buffer overflow in Google Chrome could lead to code execution
Marcin “Icewall” Noga of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered an exploitable heap-based buffer overflow vulnerability in Google Chrome. Google Chrome is a cross-platform web browser — and Chromium is the open-source... This is only the...
Vulnerability Spotlight: Information disclosure vulnerability in macOS SMB server
Aleksandar Nikolic of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered an exploitable integer overflow vulnerability in Apple macOS’ SMB server that could lead to information disclosure. Server Message Block SMB is a network... This is only the...
Talos is hiring for several positions — Join our world-class security organization
Cisco Talos continues to build an elite threat intelligence and research group, and we are looking for driven, innovative and diverse security enthusiasts to join us. We are currently hiring for several positions, including multiple security engineer roles and a senior vulnerability... This is on...
Beers with Talos Ep. #104: Supply chain has Matt hopping mad like a kangaroo
Beers with Talos BWT Podcast episode No. 104 is now available. Download this episode and subscribe to Beers with Talos:Apple Podcasts Google PodcastsSpotify StitcherIf iTunes and Google Play aren't your thing, click here. By Mitch Neff. Recorded March 30,... This is only the beginning! Please vis...
Case Study: Incident Response is a relationship-driven business
Proof that incident response is "the ultimate team sport" By Brad Garnett. Introduction As a seasoned incident responder, and now IR business leader here at Cisco Talos Incident Response CTIR, I have always said that incident response is the ultimate team sport. People are... This is only the...
Threat Roundup for May 7 to May 14
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between May 7 and May 14. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...
Talos Takes Ep. #53: The broader lesson of those air fryer vulnerabilities
By Jon Munshaw. The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. It seemed like everyone on security Twitter had a joke when we disclosed a vulnerability in a WiFi-connected air fryer...
Threat Source Newsletter (May 13, 2021)
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. In case you missed the Friday news drop last week, we have an update on the Lemon Duck cryptocurrency miner. It's not as eye-catching as the ransomware attacks that make the news, but Lemon Duck's... This is only the beginning!...
Transparent Tribe APT expands its Windows malware arsenal
By Asheer Malhotra, Justin Thattil and Kendall McKay. Transparent Tribe, also known as APT36 and Mythic Leopard, continues to create fake domains mimicking legitimate military and defense organizations as a core component of their operations. Cisco Talos' previous research has mainly linked this...
Vulnerability Spotlight: Code execution vulnerability in Adobe Acrobat Reader
Aleksandar Nikolic of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered an arbitrary code execution vulnerability in Adobe Acrobat Reader. Adobe Acrobat Reader is one of the most popular and feature-rich PDF readers on the market.... This is only the...
Microsoft Patch Tuesday for May 2021 — Snort rules and prominent vulnerabilities
By Jon Munshaw, with contributions from Chris Neal. Microsoft released its monthly security update Tuesday, disclosing 55 vulnerabilities across its suite of products, the fewest in any month since January 2020. There are only three critical vulnerabilities patched in this month, while... This is...
Lemon Duck spreads its wings: Actors target Microsoft Exchange servers, incorporate new TTPs
By Caitlin Huey and Andrew Windsor with contributions from Edmund Brumaghin. Lemon Duck continues to refine and improve upon their tactics, techniques and procedures as they attempt to maximize the effectiveness of their campaigns.Lemon Duck remains relevant as the operators begin to target... Th...
Threat Roundup for April 30 to May 7
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between April 30 and May 7. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral...
Talos Takes Ep. #52: Celebrating World Password Day by talking about getting rid of passwords
By Jon Munshaw. The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. The internet celebrated World Password Day on Thursday. To celebrate, we had Dave Lewis on the latest episode of Talos...
Threat Source Newsletter (May 6, 2021)
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. COVID-19 has changed everything about our lives — no surprise there. So it also shouldn't be shocking that it's changing the way Americans view Tax Day this year. The deadline to file taxes is about a month later... This is only t...
Vulnerability Spotlight: Use-after-free vulnerability in Foxit PDF Reader
Aleksandar Nikolic of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered a use-after-free vulnerability in the Foxit PDF Reader. Foxit PDF Reader is one of the most popular PDF document readers currently available. As a complete... This is only the...
Threat Roundup for April 23 to April 30
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between April 23 and April 30. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral... This is on...
Talos Takes Ep. #51: COVID and Tax Day have perfectly aligned for spammers
By Jon Munshaw. The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. We see tax scams every year — people offering to do your taxes for you, finding a larger return, etc. But this... This is...
Threat Source Newsletter (April 29, 2021)
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. Ransomware is not just financial extortion. It is crime that transcends business, academic and geographic boundaries. Talos was proud to assist with a newly released report from the international Ransomware Task... This is only th...
Vulnerability Spotlight: Information disclosure vulnerability in the Linux Kernel
Lilith and Claudio Bozzato of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered an information disclosure vulnerability in the Linux Kernel. The Linux Kernel is the free and open-source core of Unix-like operating systems.... This is only the beginnin...
Threat Roundup for April 16 to April 23
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between April 16 and April 23. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral... This is on...
Talos Takes Ep. #50: Just like us, attackers are using Slack and Discord now more than ever
By Jon Munshaw. The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. With more workers than ever going remote due to the COVID-19 pandemic, the popularity of collaboration apps like... This i...
Threat Source Newsletter (April 22, 2021)
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. We went viral this week! Everyone seemed to love to joke about these vulnerabilities we discovered in a WiFi-connected air fryer. An attacker, if they had physical access to the device, could exploit these... This is only the...
Threat Advisory: Pulse Secure Connect Coverage
Pulse Secure announced that a critical vulnerability CVE-2021-22893 was discovered in their VPN service "Pulse Secure Connect" in a recent security advisory. The advisory states that, "a vulnerability was discovered under Pulse Connect Secure PCS. This includes an authentication by-pass... This i...
A year of Fajan evolution and Bloomberg themed campaigns
By Vanja Svajcer. News summarySome malware campaigns are designed to spread malware to as many people as possible — while some others carefully choose their targets. Cisco Talos recently discovered a malware campaign that does not fit in any of the two categories. This actor has a relatively low...
Beers with Talos Ep. #103: ICS/SCADA Security — The permanence and people problems
Beers with Talos BWT Podcast episode No. 103 is now available. Download this episode and subscribe to Beers with Talos:Apple Podcasts Google PodcastsSpotify StitcherIf iTunes and Google Play aren't your thing, click here. By Mitch Neff. Recorded March 2021 ICS and SCADA... This is only the...
Vulnerability Spotlight: Code execution vulnerabilities in PrusaSlicer
Lilith of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered two out-of-bounds write vulnerabilities in Prusa Research’s PrusaSlicer. Prusa Slicer is an open-source 3-D printer slicing program forked off Slic3r that can convert various 3-D... This i...
Vulnerability Spotlight: Multiple vulnerabilities in Synology DiskStation Manager
Claudio Bozzato of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered multiple vulnerabilities in Synology DiskStation Manager. DSM is the Linux-based operating system for every Synology network-attached storage device NAS. The... This is only the...
Threat Advisory: NSA SVR Advisory Coverage
The U.S. National Security Agency released an advisory outlining several vulnerabilities that the Russian Foreign Intelligence Services SVR is exploiting in the wild. The U.S. formally attributed the recent SolarWinds supply chain attack to the SVR group in this advisory and detailed more of the...
Vulnerability Spotlight: Remote code execution vulnerabilities in Cosori smart air fryer
Dave McDaniel of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered two code execution vulnerabilities in the Cosori smart air fryer. The Cosori Smart Air Fryer is a WiFi-enabled kitchen appliance that cooks food with a variety of... This is only the...
Threat Roundup for April 9 to April 16
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between April 9 and April 16. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral...
Talos Takes Ep. #49: LodaRAT keeps growing....and growing
By Jon Munshaw. The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. Chris Neal from Talos Outreach has followed LodaRAT for years now. It’s gone from a fairly small threat to a full-on... Th...
Threat Source Newsletter (April 15, 2021)
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. If you missed our webinar last week, we've got you covered. We've uploaded an extended version to our YouTube page that includes the scripts used in the presentation. This video will show you how to reverse-engineer and... This is...
Vulnerability Spotlight: Multiple remote code execution vulnerabilities in Microsoft Azure Sphere
Claudio Bozzato and Lilith of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos researchers recently discovered multiple vulnerabilities in Microsoft’s Azure Sphere, a cloud-connected and custom SoC platform designed specifically with IoT application security... This ...