Lucene search
K
TalosblogRecent

2032 matches found

Talos Blog
Talos Blog
added 2021/02/03 10:0 a.m.23 views

Vulnerability Spotlight: Multiple vulnerabilities in SoftMaker Office PlanMaker

Discovered by a Cisco Talos researcher. Blog by Jon Munshaw. SoftMaker's Office PlanMaker contains multiple vulnerabilities that could allow an adversary to cause a variety of malicious conditions in the software. SoftMaker's flagship product, SoftMaker Office, is supported on a variety of...

0.6AI score
Exploits0
Talos Blog
Talos Blog
added 2021/02/03 6:13 a.m.23 views

Vulnerability Spotlight: Allen-Bradley Flex I/O vulnerable to denial of service

Jared Rittle of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. The Rockwell Automation Allen-Bradley Flex I/O input/output device is vulnerable to a denial-of-service vulnerability. FLEX I/O provides a wide range of input/output operations while keeping a smaller form factor. Use...

1.5AI score
Exploits0
Talos Blog
Talos Blog
added 2021/02/02 7:8 a.m.15 views

Interview with a LockBit ransomware operator

By Azim Khodjibaev, Dymtro Korzhevin and Kendall McKay. Ransomware is still highly prevalent in our current threat landscape — it's one of the top threats Cisco Talos Incident Response responds to. One such ransomware family we encounter is called LockBit, a ransomware-as-a-service RaaS platform...

1.3AI score
Exploits0
Talos Blog
Talos Blog
added 2021/01/29 12:5 p.m.13 views

Threat Roundup for January 22 to January 29

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Jan. 22 and Jan. 29. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...

1.1AI score
Exploits0
Talos Blog
Talos Blog
added 2021/01/29 9:33 a.m.28 views

Talos Takes Ep. #39: SolarWinds' implications for IoT and OT

The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. This week, we're continuing our deep dive into the SolarWinds campaign. After Nick Biasini gave us a broad overview of supply chain attack...

2.2AI score
Exploits0
Talos Blog
Talos Blog
added 2021/01/28 11:0 a.m.36 views

Threat Source newsletter (Jan. 28, 2021)

Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. Unfortunately, I don’t have any stock tips to give you to help you get rich overnight. But I do have two Vulnerability Spotlights you should read so your network can stay safer. We disclosed multiple vulnerabilities in phpGACL and...

0.4AI score
Exploits0
Talos Blog
Talos Blog
added 2021/01/28 6:51 a.m.61 views

Changes to Cisco Talos’ Content and Threat Category lists

Cisco Talos is happy to announce the upcoming changes to our Content and Threat Category lists. Our goal is to provide you with sufficient intelligence details to allow you to make informed decisions to protect your network without disrupting your organization’s productivity. These changes will...

1.9AI score
Exploits0
Talos Blog
Talos Blog
added 2021/01/27 10:27 a.m.26 views

Vulnerability Spotlight: Multiple vulnerabilities in phpGACL class

Claudio Bozzato of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered multiple vulnerabilities in the phpGACL class. One of these vulnerabilities also affects OpenEMR, a medical practice management software written in PHP. phpGACL is a PHP library...

2.3AI score
Exploits0
Talos Blog
Talos Blog
added 2021/01/27 10:4 a.m.38 views

Nation-state campaign targets Talos researchers

Google's Threat Analysis Group published a blog Monday evening warning of an ongoing campaign attempting to compromise security researchers. Google TAG's blog outlines the attacker's motivations and various TTPs used in these attacks. We can confirm that multiple Cisco Talos researchers received...

1.8AI score
Exploits0
Talos Blog
Talos Blog
added 2021/01/26 11:57 a.m.29 views

Vulnerability Spotlight: Denial-of-service vulnerabilities in Micrium uc-HTTP’s HTTP server

Kelly Leuschner of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered two vulnerabilities in Micrium uc-HTTP’s HTTP server that could cause denial-of-service conditions. An attacker could trigger these vulnerabilities by targeting the user machine...

0.3AI score
Exploits0
Talos Blog
Talos Blog
added 2021/01/22 12:35 p.m.13 views

Threat Roundup for January 15 to January 22

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Jan. 15 and Jan. 22. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...

1.1AI score
Exploits0
Talos Blog
Talos Blog
added 2021/01/22 9:29 a.m.9 views

Talos Takes Ep. #37: What's with all this talk about supply chain attacks?

The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. The major SolarWinds campaign has been generating headlines for weeks now. And while its specific targets make this attack unique, this is...

0.5AI score
Exploits0
Talos Blog
Talos Blog
added 2021/01/21 11:0 a.m.12 views

Threat Source newsletter (Jan. 21, 2021)

Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. We know it’s hard to focus on anything happening outside of Washington, D.C. this week. But we would be remiss if we didn’t mention the exciting news that the Snort 3 GA is officially out now! This update has been literally years ...

2.6AI score
Exploits0
Talos Blog
Talos Blog
added 2021/01/19 12:26 p.m.17 views

Vulnerability Spotlight: Multiple vulnerabilities in PrusaSlicer

Lilith of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered two out-of-bounds write vulnerabilities in Prusa Research’s PrusaSlicer. Prusa Slicer is an open-source 3-D printer slicing program forked off Slic3r that can convert various 3-D model fil...

1.2AI score
Exploits0
Talos Blog
Talos Blog
added 2021/01/18 11:20 a.m.12 views

Beers with Talos Ep. #99: P@ssw0rds and closing out 2020

Beers with Talos BWT Podcast episode No. 99 is now available. Download this episode and subscribe to Beers with Talos:Apple Podcasts Google PodcastsSpotify StitcherIf iTunes and Google Play aren't your thing, click here. By Mitch Neff. Recorded late November 2020. We recorded this episode toward...

1.8AI score
Exploits0
Talos Blog
Talos Blog
added 2021/01/15 1:41 p.m.26 views

Beers with Talos Ep. #98: Why ransomware actors are (and aren’t) targeting health care

Beers with Talos BWT Podcast episode No. 98 is now available. Download this episode and subscribe to Beers with Talos:Apple Podcasts Google PodcastsSpotify StitcherIf iTunes and Google Play aren't your thing, click here. By Mitch Neff. Recorded early November 2020. This is an episode we recorded ...

0.4AI score
Exploits0
Talos Blog
Talos Blog
added 2021/01/15 11:46 a.m.10 views

Threat Roundup for January 8 to January 15

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Jan. 8 and Jan. 15. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

1.1AI score
Exploits0
Talos Blog
Talos Blog
added 2021/01/14 11:0 a.m.41 views

Threat Source newsletter (Jan. 14, 2021)

Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. Microsoft released its monthly security update this week, disclosing 83 vulnerabilities across its suite of products to kickoff 2021. Our blog post has the most important vulnerabilities you need to know about, along with our...

1.7AI score
Exploits0
Talos Blog
Talos Blog
added 2021/01/12 10:49 a.m.17 views

Microsoft Patch Tuesday for Jan. 2021 — Snort rules and prominent vulnerabilities

By Jon Munshaw, with contributions from Asheer Malhotra. Microsoft released its monthly security update Tuesday, disclosing 83 vulnerabilities across its suite of products to kick-off 2021. There are only 10 critical vulnerabilities as part of this release, while there are two moderate-severity...

1.6AI score
Exploits0
Talos Blog
Talos Blog
added 2021/01/07 12:7 p.m.28 views

Threat Source newsletter (Jan. 7, 2021)

Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers and welcome to the first Threat Source newsletter of 2021. We hit the ground running already this year with a new Beers with Talos episode. It was recorded back in 2020, but the lessons regarding ransomware attacks and how actors...

1.2AI score
Exploits0
Talos Blog
Talos Blog
added 2021/01/07 7:31 a.m.39 views

Vulnerability Spotlight: Denial-of-service vulnerability in Rockwell Automation RSLinx

Alexander Perez-Palma of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.Cisco Talos recently discovered a denial-of-service vulnerability in the Ethernet/IP server functionality of Rockwell Automation RSLinx Classic. An attacker could exploit this vulnerability by sending the targ...

1.9AI score
Exploits0
Talos Blog
Talos Blog
added 2021/01/06 6:19 a.m.45 views

A Deep Dive into Lokibot Infection Chain

By Irshad Muhammad, with contributions from Holger Unterbrink. News summary Lokibot is one of the most well-known information stealers on the malware landscape. In this post, we'll provide a technical breakdown of one of the latest Lokibot campaigns.Talos also has a new script to unpack the...

1.1AI score
Exploits0
Talos Blog
Talos Blog
added 2021/01/05 10:35 a.m.42 views

Vulnerability Spotlight: Multiple vulnerabilities in SoftMaker Office TextMaker

A Cisco Talos team member discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered multiple vulnerabilities in SoftMaker's TextMaker software. A user could trigger these vulnerabilities by opening an attacker-created, malicious document. An adversary could use these...

1.1AI score
Exploits0
Talos Blog
Talos Blog
added 2021/01/05 9:23 a.m.44 views

Vulnerability Spotlight: Multiple vulnerabilities in Genivia gSOAP

A Cisco Talos team member discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered multiple vulnerabilities in various Genivia gSOAP toolkit plugins. These vulnerabilities could allow an attacker to carry out a variety of malicious activities, including causing a...

2.2AI score
Exploits0
Talos Blog
Talos Blog
added 2020/12/22 2:35 p.m.104 views

Threat Advisory: SolarWinds supply chain attack

Update 12/21: IOC section updated to include new information and associated stage. Update 12/18: We have been able to verify the name server for the DGA domain was updated as far back as late February. Compromised binaries appear to have been available on the SolarWinds website until very recentl...

0.9AI score
Exploits0
Talos Blog
Talos Blog
added 2020/12/22 10:31 a.m.35 views

Talos Vulnerability Discovery Year in Review — 2020

While major attacks like ransomware and COVID-19-themed campaigns made headlines across the globe this year, many attacks were prevented through simple practices of finding, disclosing and patching vulnerabilities. Cisco Talos' Systems Vulnerability Research Team discovered 231 vulnerabilities th...

1.5AI score
Exploits0
Talos Blog
Talos Blog
added 2020/12/21 2:38 p.m.24 views

2020: The year in malware

By Jon Munshaw. Nothing was normal in 2020. Our ideas of working from offices, in-person meetings, hands-on learning and basically everything else was thrown into disarray early in the year. Since then, we defenders have had to adapt. But so have workers around the globe, and those IT and securit...

0.4AI score
Exploits0
Talos Blog
Talos Blog
added 2020/12/18 3:25 p.m.26 views

Threat Roundup for December 11 to December 18

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Dec. 11 and Dec. 18. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...

1.2AI score
Exploits0
Talos Blog
Talos Blog
added 2020/12/17 11:0 a.m.17 views

Threat Source newsletter (Dec. 17, 2020)

Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. This will be our last Threat Source newsletter of the year. We’ll be on a few-week break for the holidays until Jan. 7. Of course, all anyone wants to talk about this week is the SolarWinds supply chain attack. There are still man...

1.2AI score
Exploits0
Talos Blog
Talos Blog
added 2020/12/17 6:57 a.m.25 views

Talos tools of the trade

By Andrea Marcelli and Holger Unterbrink. If you're looking for something to keep you busy while we're all stuck inside during the holidays, Cisco Talos has a few tools for you you can play with in the coming days and weeks. We recently updated GhIDA to work with the latest version of IDA and we...

0.7AI score
Exploits0
Talos Blog
Talos Blog
added 2020/12/16 6:21 a.m.42 views

Vulnerability Spotlight: Multiple vulnerabilities in NZXT computer monitoring software

Carl Hurd of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. NZXT’s CAM computer monitoring software contains multiple vulnerabilities an attacker could use to carry out a range of malicious actions. CAM provides users information on their machines, such as fan speeds, temperature...

7AI score
Exploits0
Talos Blog
Talos Blog
added 2020/12/16 6:12 a.m.30 views

Vulnerability Spotlight: Two vulnerabilities in Lantronix XPort EDGE

Kelly Leuschner of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.Executive summary Cisco Talos recently discovered two vulnerabilities in the Web Manager functionality of Lantronix XPort EDGE. The XPort EDGE is a next-generation wired Ethernet gateway for providing secure...

1.5AI score
Exploits0
Talos Blog
Talos Blog
added 2020/12/14 6:18 a.m.44 views

FireEye Breach Detection Guidance

Update 12/14: Cisco Talos has implemented additional blocks in relation to the supply chain attack on SolarWinds® Orion® Platform. The U.S. Cybersecurity and Infrastructure Security Agency has issued Emergency Directive 21-01 due to this campaign. Talos is continuing to investigate this matter. I...

1.1AI score
Exploits0
Talos Blog
Talos Blog
added 2020/12/11 12:41 p.m.31 views

Threat Roundup for December 4 to December 11

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Dec. 4 and Dec. 11. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

1.2AI score
Exploits0
Talos Blog
Talos Blog
added 2020/12/10 11:0 a.m.23 views

Threat Source newsletter (Dec. 10, 2020)

Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. Cyber security firm FireEye recently disclosed an incident that was reported to have resulted in the inadvertent disclosure of various internally developed offensive security tools OSTs that were used across FireEye red-team...

1.8AI score
Exploits0
Talos Blog
Talos Blog
added 2020/12/10 7:59 a.m.33 views

Beers with Talos Ep. #97: Getting to better security outcomes (feat. Wendy Nather)

Beers with Talos BWT Podcast episode No. 97 is now available. Download this episode and subscribe to Beers with Talos:Apple Podcasts Google PodcastsSpotify StitcherIf iTunes and Google Play aren't your thing, click here. By Mitch Neff. Recorded Nov. 24, 2020 – On this episode, Mitch and Matt are...

0.9AI score
Exploits0
Talos Blog
Talos Blog
added 2020/12/09 8:31 a.m.20 views

Vulnerability Spotlight: Multiple vulnerabilities in Foxit PDF Reader JavaScript engine

Aleksandar Nikolic of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.Executive summary Cisco Talos recently discovered multiple vulnerabilities in Foxit PDF Reader’s JavaScript engine. Foxit PDF Reader is a commonly used PDF reader that contains many features, including the...

0.9AI score
Exploits0
Talos Blog
Talos Blog
added 2020/12/09 6:32 a.m.30 views

Quarterly Report: Incident Response trends from Fall 2020

By David Liebenberg and Caitlin Huey. For the sixth quarter in a row, Cisco Talos Incident Response CTIR observed ransomware dominating the threat landscape. However, for the first quarter since we began compiling these reports, no engagements that were closed out involved the ransomware Ryuk...

1.4AI score
Exploits0
Talos Blog
Talos Blog
added 2020/12/09 6:16 a.m.34 views

Vulnerability Spotlight: Remote code execution vulnerabilities in Schneider Electric EcoStruxure

Alexander Perez-Palma and Jared Rittle of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.Cisco Talos recently discovered two code execution vulnerabilities in Schneider Electric EcoStruxure. An attacker could exploit these vulnerabilities by sending the victim a specially crafted...

2.3AI score
Exploits0
Talos Blog
Talos Blog
added 2020/12/08 11:12 a.m.22 views

Microsoft Patch Tuesday (Dec. 2020) — Snort rules and notable vulnerabilities

By Jon Munshaw, with contributions from Bill Largent. Microsoft released its monthly security update Tuesday, disclosing 58 vulnerabilities across its suite of products, the lowest number of vulnerabilities in any Patch Tuesday since January. There are only 10 critical vulnerabilities as part of...

1.4AI score
Exploits0
Talos Blog
Talos Blog
added 2020/12/08 11:9 a.m.33 views

Vulnerability Spotlight: Code execution vulnerability in Microsoft Excel

Marcin “Icewall” Noga of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.Cisco Talos recently discovered a code execution vulnerability in some versions of Microsoft Excel. An attacker could exploit this vulnerability by tricking the victim into opening a specially crafted XLS file...

2.3AI score
Exploits0
Talos Blog
Talos Blog
added 2020/12/08 6:59 a.m.43 views

Xanthe - Docker aware miner

By Vanja Svajcer and Adam Pridgen, Cisco Incident Command NEWS SUMMARY Ransomware attacks and big-game hunting making the headlines, but adversaries use plenty of other methods to monetize their efforts in less intrusive ways.Cisco Talos recently discovered a cryptocurrency-mining botnet attack...

1.6AI score
Exploits0
Talos Blog
Talos Blog
added 2020/12/04 1:11 p.m.32 views

Threat Roundup for November 27 to December 4

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Nov. 27 and Dec. 4. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

1.2AI score
Exploits0
Talos Blog
Talos Blog
added 2020/12/03 11:0 a.m.24 views

Threat Source newsletter (Dec. 3, 2020)

Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. While ransomware has made all the headlines this year, that doesn’t mean cryptocurrency miners are going anywhere. We recently discovered a new actor we’re calling “Xanthe” that’s mining Monero on targets’ machines. The main...

1AI score
Exploits0
Talos Blog
Talos Blog
added 2020/12/02 1:21 p.m.26 views

Vulnerability Spotlight: DoS, code execution vulnerabilities in EIP Stack Group OpENer

Martin Zeiser and Jared Rittle of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.Executive summary Cisco Talos recently discovered two vulnerabilities in the Ethernet/IP function of EIP Stack Group OpENer. OpENer is an Ethernet/IP stack for I/O adapter devices. It supports...

1.5AI score
Exploits0
Talos Blog
Talos Blog
added 2020/12/02 12:56 p.m.71 views

Threat Source newsletter (Nov. 19, 2020)

Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. In case you hadn’t already realized, Snort somehow became a meme this week, so that was fun. As 2020 finally...or already...I can’t decide which comes to an end, we’re going to start doing a look back at the year that was in...

1.8AI score
Exploits0
Talos Blog
Talos Blog
added 2020/12/01 12:57 p.m.23 views

Beers with Talos Ep. #96: The boogeyman and QR codes

Beers with Talos BWT Podcast episode No. 96 is now available. Download this episode and subscribe to Beers with Talos:Apple Podcasts Google PodcastsSpotify StitcherIf iTunes and Google Play aren't your thing, click here. By Mitch Neff. We got delayed with Thanksgiving and PTO, but here is a...

0.4AI score
Exploits0
Talos Blog
Talos Blog
added 2020/12/01 12:7 p.m.51 views

Threat Roundup for November 13 to November 20

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Nov. 13 and Nov. 20. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...

1.1AI score
Exploits0
Talos Blog
Talos Blog
added 2020/11/30 9:26 a.m.26 views

Vulnerability Spotlight: Multiple vulnerabilities in WebKit

Marcin “Icewall” Noga of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.Executive summary The WebKit browser engine contains multiple vulnerabilities in various functions of the software. A malicious web page code could trigger multiple use-after-free errors, which could lead t...

2.3AI score
Exploits0
Talos Blog
Talos Blog
added 2020/11/18 10:21 a.m.15 views

Back from vacation: Analyzing Emotet’s activity in 2020

By Nick Biasini, Edmund Brumaghin, and Jaeson Schultz. Emotet is one of the most heavily distributed malware families today. Cisco Talos observes large quantities of Emotet emails being sent to individuals and organizations around the world on an almost daily basis. These emails are typically sen...

2.2AI score
Exploits0
Total number of security vulnerabilities2032