Lucene search
K
TalosblogRecent

2032 matches found

Talos Blog
Talos Blog
added 2020/11/18 8:37 a.m.26 views

Nibiru ransomware variant decryptor

Nikhil Hegde developed this tool. Weak encryptionThe Nibiru ransomware is a .NET-based malware family. It traverses directories in the local disks, encrypts files with Rijndael-256 and gives them a .Nibiru extension. Rijndael-256 is a secure encryption algorithm. However, Nibiru uses a hard-coded...

1.9AI score
Exploits0
Talos Blog
Talos Blog
added 2020/11/16 12:52 p.m.35 views

CRAT wants to plunder your endpoints

By Asheer Malhotra. Cisco Talos has observed a new version of a remote access trojan RAT family known as CRAT.Apart from the prebuilt RAT capabilities, the malware can download and deploy additional malicious plugins on the infected endpoint.One of the plugins is a ransomware known as "Hansom."CR...

0.8AI score
Exploits0
Talos Blog
Talos Blog
added 2020/11/13 11:24 a.m.27 views

Threat Roundup for November 6 to November 13

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Nov. 6 and Nov. 13. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

1.1AI score
Exploits0
Talos Blog
Talos Blog
added 2020/11/12 12:15 p.m.58 views

Vulnerability Spotlight: Multiple vulnerabilities in Pixar OpenUSD affects some versions of macOS

Aleksandar Nikolic of Cisco Talos discovered these vulnerabilities. Blog by Aleksandar Nikolic and Jon Munshaw. Pixar OpenUSD contains multiple vulnerabilities that attackers could exploit to carry out a variety of malicious actions. OpenUSD stands for “Open Universal Scene Descriptor.” Pixar use...

2.2AI score
Exploits0
Talos Blog
Talos Blog
added 2020/11/12 11:39 a.m.25 views

Threat Source newsletter (Nov. 12, 2020)

Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. We’re back after a few-week hiatus! And to celebrate, we just dropped some new research on the CRAT trojan that’s bringing some ransomware friends along with it. This blog post has all the details of this threat along with what yo...

1.3AI score
Exploits0
Talos Blog
Talos Blog
added 2020/11/10 1:33 p.m.12 views

Microsoft Patch Tuesday for Nov. 2020 — Snort rules and prominent vulnerabilities

By Jon Munshaw, with contributions from Joe Marshall. Microsoft released its monthly security update Tuesday, disclosing just over 110 vulnerabilities across its products. This is a slight jump from last month when Microsoft disclosed one of their lowest vulnerability totals in months. Eighteen o...

2AI score
Exploits0
Talos Blog
Talos Blog
added 2020/11/06 11:10 a.m.16 views

Threat Roundup for October 30 to November 6

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Oct. 30 and Nov. 6. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

1.2AI score
Exploits0
Talos Blog
Talos Blog
added 2020/11/05 2:1 p.m.11 views

Vulnerability Spotlight: Multiple JavaScript vulnerabilities in Adobe Acrobat Reader

Aleksandar Nikolic of Cisco Talos discovered these vulnerabilities. Blog by Joe Marshall Cisco Talos recently discovered an heap buffer overflow and a use after free vulnerability in Adobe Acrobat Reader. Adobe Acrobat Reader is one of the most popular and feature-rich PDF readers on the market. ...

0.9AI score
Exploits0
Talos Blog
Talos Blog
added 2020/11/02 7:12 a.m.22 views

Cisco Talos Advisory on Adversaries Targeting the Healthcare and Public Health Sector

BackgroundCisco Talos has become aware that an adversary is leveraging Trickbot banking trojan and Ryuk ransomware to target U.S. hospitals and healthcare providers at an increasing rate. Security journalists reported on October 28, 2020 that the adversary was preparing to encrypt systems at...

1.1AI score
Exploits0
Talos Blog
Talos Blog
added 2020/10/30 2:48 p.m.12 views

Threat Roundup for October 23 to October 30

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Oct. 23 and Oct. 30. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...

1.2AI score
Exploits0
Talos Blog
Talos Blog
added 2020/10/30 10:1 a.m.39 views

Vulnerability Spotlight: Multiple vulnerabilities in Synology SRM (Synology Router Manager)

Claudio Bozzato of Cisco Talos discovered these vulnerabilities. Blog by Claudio Bozzato and Jon Munshaw. Cisco Talos recently discovered multiple remote vulnerabilities in software that helps power Synology routers. The bugs exist in Synology Router Manager SRM — a Linux-based operating system f...

2.1AI score
Exploits0
Talos Blog
Talos Blog
added 2020/10/30 8:55 a.m.24 views

Beers with Talos ep. #95: Election 2020 – Advice for voters and election officials

Beers with Talos BWT Podcast episode No. 95 is now available. Download this episode and subscribe to Beers with Talos:Apple Podcasts Google PodcastsSpotify StitcherIf iTunes and Google Play aren't your thing, click here. By Mitch Neff. Recorded Oct. 9, 2020 We are running a short bench today afte...

1AI score
Exploits0
Talos Blog
Talos Blog
added 2020/10/29 5:22 a.m.25 views

DoNot’s Firestarter abuses Google Firebase Cloud Messaging to spread

By Warren Mercer, Paul Rascagneres and Vitor Ventura. The newly discovered Firestarter malware uses Google Firebase Cloud Messaging to notify its authors of the final payload location.Even if the command and control C2 is taken down, the DoNot team can still redirect the malware to another C2 usi...

0.8AI score
Exploits0
Talos Blog
Talos Blog
added 2020/10/28 12:12 p.m.30 views

Vulnerability Spotlight: A deep dive into WAGO’s cloud connectivity and the vulnerabilities that arise

Report and research by Kelly Leuschner. WAGO makes several programmable automation controllers that are used in many industries including automotive, rail, power engineering, manufacturing and building management. Cisco Talos discovered 41 vulnerabilities in their PFC200 and PFC100 controllers. I...

2.4AI score
Exploits0
Talos Blog
Talos Blog
added 2020/10/23 3:9 p.m.24 views

Threat Roundup for October 16 to October 23

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Oct. 16 and Oct. 23. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...

1.2AI score
Exploits0
Talos Blog
Talos Blog
added 2020/10/21 8:27 a.m.25 views

Vulnerability Spotlight: Code execution vulnerability in Google Chrome WebGL

Marcin Towalski of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. The Google Chrome web browser contains a vulnerability that could be exploited by an adversary to gain the ability to execute code on the victim machine. Chrome is one of the most popular web browsers currently...

2.2AI score
Exploits0
Talos Blog
Talos Blog
added 2020/10/21 8:18 a.m.20 views

What to expect when you’re electing: A recap

We’re roughly two weeks out from Election Day in America, although millions of early and mail-in votes have already been cast. In the coming days, there’s sure to be a flurry of news stories about disinformation, allegations of voter fraud, the back-and-forth between parties and talks of when the...

2.4AI score
Exploits0
Talos Blog
Talos Blog
added 2020/10/20 8:12 a.m.18 views

Dynamic Data Resolver - Version 1.0.1 beta

By Holger Unterbrink. Cisco Talos is releasing a new beta version of Dynamic Data Resolver DDR today. This release comes with a new architecture for samples using multi-threading. The process and thread tracing has been completely reimplemented. We also fixed a few bugs and memory leaks. Another...

2AI score
Exploits0
Talos Blog
Talos Blog
added 2020/10/16 1:26 p.m.10 views

Threat Roundup for October 9 to October 16

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Oct. 9 and Oct. 16. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

1.2AI score
Exploits0
Talos Blog
Talos Blog
added 2020/10/16 7:44 a.m.25 views

Beers with Talos ep. #94: Nigel is marching on, victorious and glorious

Beers with Talos BWT Podcast episode No. 94 is now available. Download this episode and subscribe to Beers with Talos:Apple Podcasts Google PodcastsSpotify StitcherIf iTunes and Google Play aren't your thing, click here. By Mitch Neff. Recorded Sept. 25, 2020 Today is Nigel’s last episode as a...

0.4AI score
Exploits0
Talos Blog
Talos Blog
added 2020/10/15 11:0 a.m.28 views

Threat Source newsletter (Oct. 15, 2020)

Newsletter compiled by Jon Munshaw.Good afternoon, Talos readers. In our latest entry into our election security series, we’re turning our attention to the professionals who are responsible for securing our elections. After months of research, we’ve compiled a series of recommendations for local,...

0.5AI score
Exploits0
Talos Blog
Talos Blog
added 2020/10/15 8:8 a.m.34 views

Vulnerability Spotlight: Code execution, information disclosure vulnerabilities in F2FS toolset

Vulnerabilities discovered by a Cisco Talos researcher. Blog by Jon Munshaw. Cisco Talos recently discovered multiple code execution and information disclosure vulnerabilities in various functions of the F2FS toolset. F2FS is a filesystem toolset commonly found in embedded devices that creates,...

1.7AI score
Exploits0
Talos Blog
Talos Blog
added 2020/10/15 6:31 a.m.36 views

What to expect when you're electing: How election officials can counter disinformation

By Matthew Olney and the communications and public relations professionals at Cisco. Editor's Note: For more on this topic, sign up for a Cisco Duo webinar on election security on Oct. 15 at 1 p.m. ET here. In our work with our partners in the election security space, the most difficult question...

1.2AI score
Exploits0
Talos Blog
Talos Blog
added 2020/10/14 5:13 a.m.22 views

Microsoft Patch Tuesday for Oct. 2020 — Snort rules and prominent vulnerabilities

By Jon Munshaw, with contributions from Alex McDonnell and Nick Biasini. Microsoft released its monthly security update Tuesday, disclosing just under 100 vulnerabilities across its array of products. Fourteen of the vulnerabilities are considered “critical" while the vast remainder are ranked as...

1.2AI score
Exploits0
Talos Blog
Talos Blog
added 2020/10/13 3:51 p.m.15 views

Vulnerability Spotlight: Denial of service in AMD ATIKMDAG.SYS driver

Piotr Bania of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.Cisco Talos recently discovered a denial-of-service vulnerability in the ATIKMDAG.SYS driver for some AMD graphics cards. An attacker could send the victim a specially crafted D3DKMTCreateAllocation API request to cause...

2.8AI score
Exploits0
Talos Blog
Talos Blog
added 2020/10/13 11:22 a.m.24 views

Vulnerability Spotlight: Information leak vulnerability in Google Chrome WebGL

Marcin Towalski of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. The Google Chrome web browser contains a vulnerability that could be exploited by an adversary to carry out a range of malicious actions. Chrome is one of the most popular web browsers currently available to users...

1.4AI score
Exploits0
Talos Blog
Talos Blog
added 2020/10/13 7:59 a.m.25 views

Lemon Duck brings cryptocurrency miners back into the spotlight

By Vanja Svajcer, with contributions from Caitlin Huey. We are used to ransomware attacks and big-game hunting making headlines, but there are still methods adversaries use to monetize their efforts in less intrusive ways.Cisco Talos recently recorded increased activity of the Lemon Duck...

2.3AI score
Exploits0
Talos Blog
Talos Blog
added 2020/10/13 6:12 a.m.23 views

Vulnerability Spotlight: Denial-of-service vulnerabilities in Allen-Bradley Flex I/O

Jared Rittle of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. The Allen-Bradley Flex input/output system contains multiple denial-of-service vulnerabilities in its ENIP request path data segment. These bugs exist specifically in the 1794-AENT FLEX I/O modular platform. It...

1.4AI score
Exploits0
Talos Blog
Talos Blog
added 2020/10/09 12:36 p.m.31 views

Threat Roundup for October 2 to October 9

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Oct. 2 and Oct. 9. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

1.2AI score
Exploits0
Talos Blog
Talos Blog
added 2020/10/08 11:0 a.m.27 views

Threat Source newsletter for Oct. 8, 2020

Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. We’ve been writing and talking about election security a ton lately. And as the U.S. presidential election draws closer, we decided it was time to summarize some things. So, we released this blog post with our formal recommendatio...

2AI score
Exploits0
Talos Blog
Talos Blog
added 2020/10/07 9:7 a.m.12 views

Vulnerability Spotlight: DoS vulnerability in ATIKMDAG.SYS AMD graphics driver

Piotr Bania of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.Cisco Talos recently discovered a denial-of-service vulnerability in the ATIKMDAG.SYS driver for some AMD graphics cards. An attacker could send the victim a specially crafted D3DKMTCreateAllocation API request to cause...

2.1AI score
Exploits0
Talos Blog
Talos Blog
added 2020/10/07 6:20 a.m.21 views

What to expect when you’re electing: Voter recommendations

By Amy Henderson. Information operations have been around for millennia, yet with the advent of the internet and the democratization of content creation, the barriers to entry have lowered to a point that anyone can play now. In the course of our latest research on disinformation, with an eye...

2.4AI score
Exploits0
Talos Blog
Talos Blog
added 2020/10/06 2:6 p.m.36 views

PoetRAT: Malware targeting public and private sector in Azerbaijan evolves

By Warren Mercer, Paul Rascagneres and Vitor Ventura. The Azerbaijan public sector and other important organizations are still targeted by new versions of PoetRAT.This actor leverages malicious Microsoft Word documents alleged to be from the Azerbaijan government.The attacker has moved from Pytho...

3AI score
Exploits0
Talos Blog
Talos Blog
added 2020/10/06 12:37 p.m.23 views

90 days, 16 bugs, and an Azure Sphere Challenge

Cisco Talos reports 16 vulnerabilities in Microsoft Azure Sphere's sponsored research challenge. By Claudio Bozzato, Lilith --; and Dave McDaniel. On May 15, 2020, Microsoft kicked off the Azure Sphere Security Research Challenge, a three-month initiative aimed at finding bugs in Azure Sphere...

2AI score
Exploits0
Talos Blog
Talos Blog
added 2020/10/06 9:55 a.m.30 views

What to expect when you're electing: Information hygiene and the human levers of disinformation

Editor's note: Related reading on Talos election security research: https://blog.talosintelligence.com/2020/07/what-to-expect-when-youre-electing.html https://blog.talosintelligence.com/2020/09/election-roundtable-video.html...

0.7AI score
Exploits0
Talos Blog
Talos Blog
added 2020/10/02 5:40 p.m.12 views

Threat Roundup for September 25 to October 2

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Sept. 25 and Oct. 2. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...

1AI score
Exploits0
Talos Blog
Talos Blog
added 2020/10/01 2:4 p.m.12 views

Beers with Talos Ep. #93: “More Secure” myths and misconceptions

Beers with Talos BWT Podcast episode No. 93 is now available. Download this episode and subscribe to Beers with Talos:Apple Podcasts Google PodcastsSpotify StitcherIf iTunes and Google Play aren't your thing, click here. By Mitch Neff. Recorded Sept. 11, 2020 On today’s show, we take several of t...

1.4AI score
Exploits0
Talos Blog
Talos Blog
added 2020/10/01 11:0 a.m.22 views

Threat Source newsletter for Oct. 1, 2020

Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. In the past, we’ve covered what disinformation otherwise known as “fake news” is and who spreads it. Now, we’re diving into why it works, and why it’s so easy for people to spread. Check out our full paper here to gain a lot of...

1.5AI score
Exploits0
Talos Blog
Talos Blog
added 2020/09/30 12:37 p.m.29 views

Vulnerability Spotlight: Remote code execution bugs in NVIDIA D3D10 driver

Piotr Bania of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered multiple remote code execution vulnerabilities in the NVIDIA D3D10 driver. This driver supports multiple GPUs that NVIDIA produces. An adversary could exploit these vulnerabilities by...

3.1AI score
Exploits0
Talos Blog
Talos Blog
added 2020/09/29 11:32 a.m.15 views

LodaRAT Update: Alive and Well

By Chris Neal. During our continuous monitoring of LodaRAT, Cisco Talos observed changes in the threat that add new functionality. Multiple new versions of LodaRAT have been spotted being used in the wild.These new versions of LodaRAT abandoned their previous obfuscation techniques.Direct...

2.8AI score
Exploits0
Talos Blog
Talos Blog
added 2020/09/29 9:4 a.m.92 views

Microsoft Netlogon exploitation continues to rise

Cisco Talos is tracking a spike in exploitation attempts against the Microsoft vulnerability CVE-2020-1472, an elevation of privilege bug in Netlogon, outlined in the August Microsoft Patch Tuesday report. The vulnerability stems from a flaw in a cryptographic authentication scheme used by the...

9.3CVSS1.9AI score0.99512EPSS
Exploits75
Talos Blog
Talos Blog
added 2020/09/25 1:23 p.m.27 views

Threat Roundup for September 18 to September 25

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Sept. 18 and Sept. 25. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral...

0.9AI score
Exploits0
Talos Blog
Talos Blog
added 2020/09/24 11:0 a.m.15 views

Threat Source newsletter for Sept. 24, 2020

Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. After months years? in beta, an official release candidate is out now for Snort 3. Stay tuned for an officially official release in about a month. In other Snort rules, we also have a deep dive into our detection and prevention of...

3.3AI score
Exploits0
Talos Blog
Talos Blog
added 2020/09/24 9:45 a.m.26 views

The Internet did my homework

By Jaeson Schultz and Matt Valites. As students return to school for in-person and virtual learning, Cisco Talos discovered an increase in DNS requests coming into Umbrella resolving domains we classify as "academic fraud." Data from Pew Research on back-to-school dates aligns with the growth we...

1.2AI score
Exploits0
Talos Blog
Talos Blog
added 2020/09/20 9:1 p.m.29 views

New Snort, ClamAV coverage strikes back against Cobalt Strike

By Nick Mavis. Editing by Joe Marshall and Jon Munshaw. Cisco Talos is releasing a new research paper called “The Art and Science of Detecting Cobalt Strike.” We recently released a more granular set of updated SNORTⓇ and ClamAVⓇ detection signatures to detect attempted obfuscation and exfiltrati...

2.6AI score
Exploits0
Talos Blog
Talos Blog
added 2020/09/18 2:47 p.m.30 views

Beers with Talos ep. #92: Trending in Your Network — Disinformation

Beers with Talos BWT Podcast episode No. 92 is now available. Download this episode and subscribe to Beers with Talos:Apple Podcasts Google PodcastsSpotify StitcherIf iTunes and Google Play aren't your thing, click here. By Mitch Neff. Recorded Aug. 26, 2020 Disinformation is front and center rig...

1.2AI score
Exploits0
Talos Blog
Talos Blog
added 2020/09/18 1:10 p.m.15 views

Threat Roundup for September 11 to September 18

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Sept. 11 and Sept. 18. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral...

0.9AI score
Exploits0
Talos Blog
Talos Blog
added 2020/09/17 11:0 a.m.16 views

Threat Source newsletter for Sept. 17, 2020

Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. We’ve got a couple of vulnerabilities you should know about. Monday, we disclosed a bug in Google Chrome’s PDFium feature that opens the door for an adversary to execute remote code. Our researchers also discovered several...

3.7AI score
Exploits0
Talos Blog
Talos Blog
added 2020/09/17 7:21 a.m.23 views

Vulnerability Spotlight: Remote code execution vulnerability Apple Safari

Marcin "Icewall" Noga of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. The Apple Safari web browser contains a remote code execution vulnerability in its Webkit feature. Specifically, an attacker could trigger a use-after-free condition in WebCore, the DOM-rendering system for...

2.4AI score
Exploits0
Talos Blog
Talos Blog
added 2020/09/15 10:30 a.m.19 views

Vulnerability Spotlight: Multiple vulnerabilities in Nitro Pro PDF reader

Cisco Talos researchers discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered multiple code execution vulnerabilities in the Nitro Pro PDF reader. Nitro PDF allows users to save, read, sign and edit PDFs on their computers. The software contains vulnerabilities th...

2.8AI score
Exploits0
Total number of security vulnerabilities2032