2032 matches found
Microsoft Patch Tuesday for April 2021 — Snort rules and prominent vulnerabilities
By Jon Munshaw, with contributions from Vanja Svajcer. Microsoft released its monthly security update Tuesday, disclosing 108 vulnerabilities across its suite of products, the most in any month so far this year. Four new remote code execution vulnerabilities in Microsoft Exchange Server are... Th...
Vulnerability Spotlight: Multiple vulnerabilities in OpenClinic’s GA web portal
Yuri Kramarz of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered multiple vulnerabilities in OpenClinic’s GA web portal. OpenClinic GA is an open-source, fully integrated hospital management solution. The web portal allows users to manage... This ...
Recording: Analyzing Android Malware — From triage to reverse-engineering
It's easy to get wrapped up worry about large-scale ransomware attacks on the threat landscape. These are the types of attacks that make headlines and strike fear into the hearts of CISOs everywhere. But if you want to defend the truly prolific and widespread threats that target some of the...
Threat Roundup for April 2 to April 9
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between April 2 and April 9. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral...
Talos Takes Ep. #48: The complete history of ObliqueRAT
By Jon Munshaw. The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. After researching and writing about ObliqueRAT for several months now, Asheer Malhotra joins Talos Takes for... This is on...
Threat Source Newsletter (April 8, 2021)
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. We've all heard about spam coming through your email or those robocalls we all hate. But during the COVID-19 pandemic, attackers are now turning to chat rooms and gaming servers to spread spam. Talos researchers this... This is on...
Beers with Talos Ep. #102: Twitter has questions for us
Beers with Talos BWT Podcast episode No. 102 is now available. Download this episode and subscribe to Beers with Talos:Apple Podcasts Google PodcastsSpotify StitcherIf iTunes and Google Play aren't your thing, click here. By Mitch Neff. Recorded Feb. 23, 2021 We’ve been... This is only the...
Sowing Discord: Reaping the benefits of collaboration app abuse
By Nick Biasini, Edmund Brumaghin, and Chris Neal with contributions from Paul Eubanks. As telework has become the norm throughout the COVID-19 pandemic, attackers are modifying their tactics to take advantage of the changes to employee workflows.Attackers are leveraging collaboration platforms,...
Threat Roundup for March 26 to April 2
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between March 26 and April 2. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral...
Talos Takes Ep. #47: Looking back at the Masslogger trojan
By Jon Munshaw. The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. We return to our usual formatting this week to discuss the Masslogger trojan. We covered this threat earlier this year...
Threat Source Newsletter (April 1, 2021)
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. We hope you’re enjoying Cisco Live this week and only reading this after you’ve caught up on your sessions for the day. No April Fool’s jokes here thankfully — we are just excited to tell you that applications... This is only the...
Vulnerability Spotlight: Out-of-bounds write vulnerabilities in Accusoft ImageGear
Emmanuel Tacheau of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered multiple out-of-bounds write vulnerabilities in Accusoft ImageGear that an adversary could exploit to corrupt memory on the targeted machine. The ImageGear library is a... This i...
Cheating the cheater: How adversaries are using backdoored video game cheat engines and modding tools
By Nick Lister and Holger Unterbrink, with contributions from Vanja Svajcer. News summary Cisco Talos recently discovered a new campaign targeting video game players and other PC modders.Talos detected a new cryptor used in several different malware campaigns hidden in seemingly legitimate files...
Threat Source newsletter (March 18, 2021)
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. Start spreading the word now, the Snort scholarship is back for 2021! This year, we’re giving away two $10,000 awards to two college students who are studying cybersecurity or another IT-related field. Applications open on April 1...
Threat Roundup for March 5 to March 12
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between March 5 and March 12. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristic...
Talos Takes Ep. #44: A roundtable discussion on SolarWinds
The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. Welcome to the first-ever XL edition of Talos Takes. This one is a little longer than usual, but we promise you it’s worth it. We recently...
Hafnium Update: Continued Microsoft Exchange Server Exploitation
Update 3/11: The following OSQuery detects active commands being run through webshells observed used by actors on compromised Exchange servers. While systems may have been patched to defend against Hafnium and others, threat actors may have leveraged these vulnerabilities to establish additional...
Threat Source newsletter (March 11, 2021) — Featuring new SolarWinds roundtable
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. We have a special edition of the Threat Source newsletter to bring you this week, because we’re premiering a new video for you right now! Below, you’ll find a full roundtable we put together discussing the SolarWinds supply chain...
Vulnerability Spotlight: Use-after-free vulnerability in 3MF Consortium lib3mf
Lilith of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. 3MF Consortium’s lib3mf library is vulnerable to a use-after-free vulnerability that could allow an adversary to execute remote code on the victim machine. The lib3mf library is an open-source implementation of the 3MF file...
Microsoft Patch Tuesday for March 2021 — Snort rules and prominent vulnerabilities
By Jon Munshaw, with contributions from Nick Biasini. Microsoft released its monthly security update Tuesday, disclosing 89 vulnerabilities across its suite of products, the most in any month so far this year. There are 14 critical vulnerabilities as part of this release and one considered of “lo...
Threat Advisory: HAFNIUM and Microsoft Exchange zero-day
Microsoft released patches for four vulnerabilities in Exchange Server on March 2, disclosing that these vulnerabilities were being exploited by a previously unknown threat actor, referred to as HAFNIUM. The vulnerabilities in question — CVE-2021-26855, CVE-2021-26857, CVE-2021-26858 and...
Domain dumpster diving
By Jaeson Schultz. Dumpster diving — searching through the trash looking for items of value — has long been a staple of hacking culture. In the 1995 movie "Hackers," Acid Burn and Crash Override are seen dumpster diving for information they can use to help them "hack the Gibson." Of course, not a...
Threat Roundup for February 26 to March 5
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Feb. 26 and March 5. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...
Talos Takes Ep. #43: What you should know about the Microsoft Exchange Server zero-days
The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. We put this episode together quickly this week to address the zero-day vulnerabilities Microsoft disclosed earlier this week in Exchange...
Threat Source newsletter (March 4, 2021)
Newsletter compiled by Jon Munshaw. Of course, we will start things off talking about the Microsoft Exchange Server zero-day vulnerabilities disclosed earlier this week. Microsoft said in a statement that a threat actor is exploiting these vulnerabilities in the wild to steal users’ emails,...
Vulnerability Spotlight: Remote code execution vulnerability in WebKit WebAudio API
Marcin “Icewall” Noga of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. The WebKit browser engine contains a remote code execution vulnerability in its WebAudio API interface. A malicious web page code could trigger a use-after-free error, which could lead to arbitrary code...
Vulnerability Spotlight: Password reset vulnerability in Epignosis eFront
Richard Dean, CX security advisory, EMEAR, discovered this vulnerability. Blog by Jon Munshaw. Epignosis eFront contains a vulnerability that could allow an adversary to reset the password of any account of their choosing. eFront is a learning management system platform that allows users to creat...
Vulnerability Spotlight: Memory corruption vulnerability in Accusoft ImageGear
Emmanuel Tacheau discovered this vulnerability. Blog by Jon Munshaw. Accusoft ImageGear contains a vulnerability that could allow an attacker to corrupt the software's memory, potentially allowing them to execute arbitrary code on the victim machine. The ImageGear library is a document-imaging...
Masslogger campaigns exfiltrates user credentials
By Vanja Svajcer. News summary As protection techniques develop, attackers are finding it harder to successfully attack their targets and must find creative ways to succeed. Cisco Talos recently discovered a campaign utilizing a variant of the Masslogger trojan designed to retrieve and exfiltrate...
ObliqueRAT returns with new campaign using hijacked websites
By Asheer Malhotra. Cisco Talos has observed another malware campaign that utilizes malicious Microsoft Office documents maldocs to spread the remote access trojan RAT ObliqueRAT. This campaign targets organizations in South Asia.ObliqueRAT has been linked to the Transparent Tribe APT group in th...
Threat Roundup for February 19 to February 26
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Feb. 19 and Feb. 26. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...
Talos Takes Ep. #42: Seriously folks, save your logs
The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. When Pierre Cadieux steps into a Cisco Talos Incident Response engagement, the first thing he wants to do is check out the customer's logs...
Threat Source newsletter (Feb. 25, 2021)
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. We all think of APTs as these wide-reaching, silent threat groups who are backed by a nation-state. But our recent research into Gamaredon shows that not all APTs are created equal. We’ve spotted this actor carrying out several...
Beers with Talos Ep. #101: Is security the career you really want?
Beers with Talos BWT Podcast episode No. 101 is now available. Download this episode and subscribe to Beers with Talos:Apple Podcasts Google PodcastsSpotify StitcherIf iTunes and Google Play aren't your thing, click here. By Mitch Neff. Recorded Jan. 22, 2020 – We get a lot of questions in Talos...
Vulnerability Spotlight: Out-of-bounds read vulnerability in Slic3r could lead to information disclosure
Lilith of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered an out-of-bounds read vulnerability in Slic3r's library. Slic3r is an open-source 3-D printing toolbox, mainly utilized for translating assorted 3-D printing model file types into machine cod...
Gamaredon - When nation states don’t pay all the bills
By Warren Mercer and Vitor Ventura. Update 02/22: The IOC section has been updated Gamaredon is a threat actor, active since at least 2013, that has long been associated with pro-Russian activities in several reports throughout the years. It is extremely aggressive and is usually not associated...
Threat Roundup for February 12 to February 19
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Feb. 12 and Feb. 19. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...
Threat Source newsletter (Feb. 18, 2021)
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. Whether you want to read Talos’ research or listen to it, we’ve got plenty of options for you this week. Beers with Talos hit its 100th episode last week. To celebrate, we brought Nigel back out of retirement to update us on the...
Vulnerability Spotlight: Two vulnerabilities in Advantech WebAccess/SCADA
Yuri Kramarz of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered two vulnerabilities in the Advantech WebAccess/SCADA software package. An adversary could exploit each of these vulnerabilities to disclose sensitive information and elevate their...
Threat Roundup for February 5 to February 12
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Feb. 5 and Feb. 12. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...
Talos Takes Ep. #41: The tl;dr of Snort 3
The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. This week's episode is for all our SNORTⓇ lovers out there. To celebrate last month's release of the Snort 3 GA, we have Nicholas Mavis on...
Threat Source newsletter (Feb. 11, 2021)
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. We have an update on LodaRAT, a trojan we’ve been following for years. This threat has a new version targeting Android devices, looking to infect devices and steal user’s credentials and monitor things like their phone calls and...
Beers with Talos Ep. #100: The supersized centennial episode
Beers with Talos BWT Podcast episode No. 100 is now available. Download this episode and subscribe to Beers with Talos:Apple Podcasts Google PodcastsSpotify StitcherIf iTunes and Google Play aren't your thing, click here. By Mitch Neff. Recorded Jan. 8, 2020. It’s hard to believe that we have mad...
Kasablanka Group's LodaRAT improves espionage capabilities on Android and Windows
By Warren Mercer, Chris Neal and Vitor Ventura. The developers of LodaRAT have added Android as a targeted platform.A new iteration of LodaRAT for Windows has been identified with improved sound recording capabilities.The operators behind LodaRAT tied to a specific campaign targeting Bangladesh,...
Vulnerability Spotlight: Accusoft ImageGear vulnerabilities could lead to code execution
Marcin Towalski, Emmanuel Tacheau and another Cisco Talos team member discovered these vulnerabilities. Blog by Jon Munshaw. Accusoft ImageGear contains two remote code execution vulnerabilities. ImageGear is a document and imaging library from Accusoft that developers can use to build their...
Microsoft Patch Tuesday for Feb. 2021 — Snort rules and prominent vulnerabilities
By Jon Munshaw, with contributions from Bill Largent. Microsoft released its monthly security update Tuesday, disclosing 56 vulnerabilities across its suite of products. This is the smallest amount of vulnerabilities Microsoft has disclosed in a month since January 2020. There are only 11 critica...
A ransomware primer
Ransomware defenseCyber security is continually a relevant topic for Cisco customers and other stakeholders. Ransomware is quickly becoming one of the hottest topics in the technology space as these malware families target high-leverage companies and organizations. We at Cisco are often contacted...
Threat Roundup for January 29 to February 5
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Jan. 29 and Feb. 5. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threatsx we've observed by highlighting key behavioral characteristics...
Talos Takes Ep. #40: Takeaways from interviewing a ransomware operator
The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. This week, we have two guests on a Talos Takes first! to discuss our recent research paper on the LockBit ransomware. Two of the authors,...
Threat Source newsletter (Feb. 4, 2021)
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. We are excited to finally share this LockBit research paper with you all after months of work. Some of our researchers spoke to a ransomware operator, which provided us insight into a threat actor’s day-to-day goals and tactics. T...