2032 matches found
Vulnerability Spotlight: Multiple vulnerabilities in SoftMaker Office PlanMaker
Discovered by a Cisco Talos researcher. Blog by Jon Munshaw. SoftMaker's Office PlanMaker contains multiple vulnerabilities that could allow an adversary to cause a variety of malicious conditions in the software. SoftMaker's flagship product, SoftMaker Office, is supported on a variety of...
Vulnerability Spotlight: Allen-Bradley Flex I/O vulnerable to denial of service
Jared Rittle of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. The Rockwell Automation Allen-Bradley Flex I/O input/output device is vulnerable to a denial-of-service vulnerability. FLEX I/O provides a wide range of input/output operations while keeping a smaller form factor. Use...
Interview with a LockBit ransomware operator
By Azim Khodjibaev, Dymtro Korzhevin and Kendall McKay. Ransomware is still highly prevalent in our current threat landscape — it's one of the top threats Cisco Talos Incident Response responds to. One such ransomware family we encounter is called LockBit, a ransomware-as-a-service RaaS platform...
Threat Roundup for January 22 to January 29
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Jan. 22 and Jan. 29. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...
Talos Takes Ep. #39: SolarWinds' implications for IoT and OT
The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. This week, we're continuing our deep dive into the SolarWinds campaign. After Nick Biasini gave us a broad overview of supply chain attack...
Threat Source newsletter (Jan. 28, 2021)
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. Unfortunately, I don’t have any stock tips to give you to help you get rich overnight. But I do have two Vulnerability Spotlights you should read so your network can stay safer. We disclosed multiple vulnerabilities in phpGACL and...
Changes to Cisco Talos’ Content and Threat Category lists
Cisco Talos is happy to announce the upcoming changes to our Content and Threat Category lists. Our goal is to provide you with sufficient intelligence details to allow you to make informed decisions to protect your network without disrupting your organization’s productivity. These changes will...
Vulnerability Spotlight: Multiple vulnerabilities in phpGACL class
Claudio Bozzato of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered multiple vulnerabilities in the phpGACL class. One of these vulnerabilities also affects OpenEMR, a medical practice management software written in PHP. phpGACL is a PHP library...
Nation-state campaign targets Talos researchers
Google's Threat Analysis Group published a blog Monday evening warning of an ongoing campaign attempting to compromise security researchers. Google TAG's blog outlines the attacker's motivations and various TTPs used in these attacks. We can confirm that multiple Cisco Talos researchers received...
Vulnerability Spotlight: Denial-of-service vulnerabilities in Micrium uc-HTTP’s HTTP server
Kelly Leuschner of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered two vulnerabilities in Micrium uc-HTTP’s HTTP server that could cause denial-of-service conditions. An attacker could trigger these vulnerabilities by targeting the user machine...
Threat Roundup for January 15 to January 22
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Jan. 15 and Jan. 22. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...
Talos Takes Ep. #37: What's with all this talk about supply chain attacks?
The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. The major SolarWinds campaign has been generating headlines for weeks now. And while its specific targets make this attack unique, this is...
Threat Source newsletter (Jan. 21, 2021)
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. We know it’s hard to focus on anything happening outside of Washington, D.C. this week. But we would be remiss if we didn’t mention the exciting news that the Snort 3 GA is officially out now! This update has been literally years ...
Vulnerability Spotlight: Multiple vulnerabilities in PrusaSlicer
Lilith of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered two out-of-bounds write vulnerabilities in Prusa Research’s PrusaSlicer. Prusa Slicer is an open-source 3-D printer slicing program forked off Slic3r that can convert various 3-D model fil...
Beers with Talos Ep. #99: P@ssw0rds and closing out 2020
Beers with Talos BWT Podcast episode No. 99 is now available. Download this episode and subscribe to Beers with Talos:Apple Podcasts Google PodcastsSpotify StitcherIf iTunes and Google Play aren't your thing, click here. By Mitch Neff. Recorded late November 2020. We recorded this episode toward...
Beers with Talos Ep. #98: Why ransomware actors are (and aren’t) targeting health care
Beers with Talos BWT Podcast episode No. 98 is now available. Download this episode and subscribe to Beers with Talos:Apple Podcasts Google PodcastsSpotify StitcherIf iTunes and Google Play aren't your thing, click here. By Mitch Neff. Recorded early November 2020. This is an episode we recorded ...
Threat Roundup for January 8 to January 15
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Jan. 8 and Jan. 15. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...
Threat Source newsletter (Jan. 14, 2021)
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. Microsoft released its monthly security update this week, disclosing 83 vulnerabilities across its suite of products to kickoff 2021. Our blog post has the most important vulnerabilities you need to know about, along with our...
Microsoft Patch Tuesday for Jan. 2021 — Snort rules and prominent vulnerabilities
By Jon Munshaw, with contributions from Asheer Malhotra. Microsoft released its monthly security update Tuesday, disclosing 83 vulnerabilities across its suite of products to kick-off 2021. There are only 10 critical vulnerabilities as part of this release, while there are two moderate-severity...
Threat Source newsletter (Jan. 7, 2021)
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers and welcome to the first Threat Source newsletter of 2021. We hit the ground running already this year with a new Beers with Talos episode. It was recorded back in 2020, but the lessons regarding ransomware attacks and how actors...
Vulnerability Spotlight: Denial-of-service vulnerability in Rockwell Automation RSLinx
Alexander Perez-Palma of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.Cisco Talos recently discovered a denial-of-service vulnerability in the Ethernet/IP server functionality of Rockwell Automation RSLinx Classic. An attacker could exploit this vulnerability by sending the targ...
A Deep Dive into Lokibot Infection Chain
By Irshad Muhammad, with contributions from Holger Unterbrink. News summary Lokibot is one of the most well-known information stealers on the malware landscape. In this post, we'll provide a technical breakdown of one of the latest Lokibot campaigns.Talos also has a new script to unpack the...
Vulnerability Spotlight: Multiple vulnerabilities in SoftMaker Office TextMaker
A Cisco Talos team member discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered multiple vulnerabilities in SoftMaker's TextMaker software. A user could trigger these vulnerabilities by opening an attacker-created, malicious document. An adversary could use these...
Vulnerability Spotlight: Multiple vulnerabilities in Genivia gSOAP
A Cisco Talos team member discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered multiple vulnerabilities in various Genivia gSOAP toolkit plugins. These vulnerabilities could allow an attacker to carry out a variety of malicious activities, including causing a...
Threat Advisory: SolarWinds supply chain attack
Update 12/21: IOC section updated to include new information and associated stage. Update 12/18: We have been able to verify the name server for the DGA domain was updated as far back as late February. Compromised binaries appear to have been available on the SolarWinds website until very recentl...
Talos Vulnerability Discovery Year in Review — 2020
While major attacks like ransomware and COVID-19-themed campaigns made headlines across the globe this year, many attacks were prevented through simple practices of finding, disclosing and patching vulnerabilities. Cisco Talos' Systems Vulnerability Research Team discovered 231 vulnerabilities th...
2020: The year in malware
By Jon Munshaw. Nothing was normal in 2020. Our ideas of working from offices, in-person meetings, hands-on learning and basically everything else was thrown into disarray early in the year. Since then, we defenders have had to adapt. But so have workers around the globe, and those IT and securit...
Threat Roundup for December 11 to December 18
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Dec. 11 and Dec. 18. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...
Threat Source newsletter (Dec. 17, 2020)
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. This will be our last Threat Source newsletter of the year. We’ll be on a few-week break for the holidays until Jan. 7. Of course, all anyone wants to talk about this week is the SolarWinds supply chain attack. There are still man...
Talos tools of the trade
By Andrea Marcelli and Holger Unterbrink. If you're looking for something to keep you busy while we're all stuck inside during the holidays, Cisco Talos has a few tools for you you can play with in the coming days and weeks. We recently updated GhIDA to work with the latest version of IDA and we...
Vulnerability Spotlight: Multiple vulnerabilities in NZXT computer monitoring software
Carl Hurd of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. NZXT’s CAM computer monitoring software contains multiple vulnerabilities an attacker could use to carry out a range of malicious actions. CAM provides users information on their machines, such as fan speeds, temperature...
Vulnerability Spotlight: Two vulnerabilities in Lantronix XPort EDGE
Kelly Leuschner of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.Executive summary Cisco Talos recently discovered two vulnerabilities in the Web Manager functionality of Lantronix XPort EDGE. The XPort EDGE is a next-generation wired Ethernet gateway for providing secure...
FireEye Breach Detection Guidance
Update 12/14: Cisco Talos has implemented additional blocks in relation to the supply chain attack on SolarWinds® Orion® Platform. The U.S. Cybersecurity and Infrastructure Security Agency has issued Emergency Directive 21-01 due to this campaign. Talos is continuing to investigate this matter. I...
Threat Roundup for December 4 to December 11
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Dec. 4 and Dec. 11. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...
Threat Source newsletter (Dec. 10, 2020)
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. Cyber security firm FireEye recently disclosed an incident that was reported to have resulted in the inadvertent disclosure of various internally developed offensive security tools OSTs that were used across FireEye red-team...
Beers with Talos Ep. #97: Getting to better security outcomes (feat. Wendy Nather)
Beers with Talos BWT Podcast episode No. 97 is now available. Download this episode and subscribe to Beers with Talos:Apple Podcasts Google PodcastsSpotify StitcherIf iTunes and Google Play aren't your thing, click here. By Mitch Neff. Recorded Nov. 24, 2020 – On this episode, Mitch and Matt are...
Vulnerability Spotlight: Multiple vulnerabilities in Foxit PDF Reader JavaScript engine
Aleksandar Nikolic of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.Executive summary Cisco Talos recently discovered multiple vulnerabilities in Foxit PDF Reader’s JavaScript engine. Foxit PDF Reader is a commonly used PDF reader that contains many features, including the...
Quarterly Report: Incident Response trends from Fall 2020
By David Liebenberg and Caitlin Huey. For the sixth quarter in a row, Cisco Talos Incident Response CTIR observed ransomware dominating the threat landscape. However, for the first quarter since we began compiling these reports, no engagements that were closed out involved the ransomware Ryuk...
Vulnerability Spotlight: Remote code execution vulnerabilities in Schneider Electric EcoStruxure
Alexander Perez-Palma and Jared Rittle of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.Cisco Talos recently discovered two code execution vulnerabilities in Schneider Electric EcoStruxure. An attacker could exploit these vulnerabilities by sending the victim a specially crafted...
Microsoft Patch Tuesday (Dec. 2020) — Snort rules and notable vulnerabilities
By Jon Munshaw, with contributions from Bill Largent. Microsoft released its monthly security update Tuesday, disclosing 58 vulnerabilities across its suite of products, the lowest number of vulnerabilities in any Patch Tuesday since January. There are only 10 critical vulnerabilities as part of...
Vulnerability Spotlight: Code execution vulnerability in Microsoft Excel
Marcin “Icewall” Noga of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.Cisco Talos recently discovered a code execution vulnerability in some versions of Microsoft Excel. An attacker could exploit this vulnerability by tricking the victim into opening a specially crafted XLS file...
Xanthe - Docker aware miner
By Vanja Svajcer and Adam Pridgen, Cisco Incident Command NEWS SUMMARY Ransomware attacks and big-game hunting making the headlines, but adversaries use plenty of other methods to monetize their efforts in less intrusive ways.Cisco Talos recently discovered a cryptocurrency-mining botnet attack...
Threat Roundup for November 27 to December 4
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Nov. 27 and Dec. 4. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...
Threat Source newsletter (Dec. 3, 2020)
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. While ransomware has made all the headlines this year, that doesn’t mean cryptocurrency miners are going anywhere. We recently discovered a new actor we’re calling “Xanthe” that’s mining Monero on targets’ machines. The main...
Vulnerability Spotlight: DoS, code execution vulnerabilities in EIP Stack Group OpENer
Martin Zeiser and Jared Rittle of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.Executive summary Cisco Talos recently discovered two vulnerabilities in the Ethernet/IP function of EIP Stack Group OpENer. OpENer is an Ethernet/IP stack for I/O adapter devices. It supports...
Threat Source newsletter (Nov. 19, 2020)
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. In case you hadn’t already realized, Snort somehow became a meme this week, so that was fun. As 2020 finally...or already...I can’t decide which comes to an end, we’re going to start doing a look back at the year that was in...
Beers with Talos Ep. #96: The boogeyman and QR codes
Beers with Talos BWT Podcast episode No. 96 is now available. Download this episode and subscribe to Beers with Talos:Apple Podcasts Google PodcastsSpotify StitcherIf iTunes and Google Play aren't your thing, click here. By Mitch Neff. We got delayed with Thanksgiving and PTO, but here is a...
Threat Roundup for November 13 to November 20
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Nov. 13 and Nov. 20. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...
Vulnerability Spotlight: Multiple vulnerabilities in WebKit
Marcin “Icewall” Noga of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.Executive summary The WebKit browser engine contains multiple vulnerabilities in various functions of the software. A malicious web page code could trigger multiple use-after-free errors, which could lead t...
Back from vacation: Analyzing Emotet’s activity in 2020
By Nick Biasini, Edmund Brumaghin, and Jaeson Schultz. Emotet is one of the most heavily distributed malware families today. Cisco Talos observes large quantities of Emotet emails being sent to individuals and organizations around the world on an almost daily basis. These emails are typically sen...