2033 matches found
Vulnerability Spotlight: Multiple vulnerabilities in Nitro Pro PDF reader
Cisco Talos researchers discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered multiple code execution vulnerabilities in the Nitro Pro PDF reader. Nitro PDF allows users to save, read, sign and edit PDFs on their computers. The software contains vulnerabilities th...
Vulnerability Spotlight: Memory corruption in Google PDFium
Aleksandar Nikolic of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Google Chrome's PDFium feature could be exploited by an adversary to corrupt memory and potentially execute remote code. Chrome is a popular, free web browser available on all operating systems. PDFium allows...
Threat Roundup for September 4 to September 11
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Sept. 4 and Sept. 11. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristic...
Threat Source newsletter for Sept. 10, 2020
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. In our continued research on election security, we have a new video roundtable discussion up on our YouTube page. In this Q&A-style format, I ask our researchers questions about the work they’ve done researching disinformation aka...
Roundtable video: Disinformation and election security
By Jon Munshaw. In our continued coverage of election security, we decided to sit down with four Talos and Cisco researchers to discuss disinformation. As we outlined in our recent research paper, disinformation is one of the cornerstones of threat actors' efforts to disrupt the American election...
Vulnerability Spotlight: Privilege escalation in Windows 10 CLFS driver
Marcin “Icewall” Noga of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered a privilege escalation vulnerability in the Windows 10 Common Log File System. CLFS is a general-purpose logging service that can be used by software clients running in user-mo...
Microsoft Patch Tuesday for Sept. 2020 — Snort rules and prominent vulnerabilities
By Jon Munshaw. Microsoft released its monthly security update Tuesday, disclosing more than 120 vulnerabilities across its array of products. Twenty-three of the vulnerabilities are considered “critical" while the vast remainder are ranked as “important.” Users of all Microsoft and Windows...
Threat Roundup for August 28 to September 4
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Aug. 28 and Sept. 4. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...
Threat Source newsletter for Sept. 3, 2020
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. We recently uncovered a series of email campaigns utilizing links to malicious documents hosted on legitimate file-sharing platforms to spread malware. The campaigns distributed various malware payloads including Gozi ISFB, ZLoade...
Salfram: Robbing the place without removing your name tag
By Holger Unterbrink and Edmund Brumaghin. Threat summary Cisco Talos recently uncovered a series of email campaigns utilizing links to malicious documents hosted on legitimate file-sharing platforms to spread malware.The campaigns distributed various malware payloads including Gozi ISFB, ZLoader...
Quarterly Report: Incident Response trends in Summer 2020
By David Liebenberg and Caitlin Huey. For the fifth quarter in a row, Cisco Talos Incident Response CTIR observed ransomware dominating the threat landscape. Infections involved a wide variety of malware families including Ryuk, Maze, LockBit, and Netwalker, among others. In a continuation of...
Better email classification, courtesy of you
Cisco customers with Email Security Appliances ESA or Cloud Email Security CES accounts already know the benefits of Cisco’s email filtering. Every day, millions of malicious emails are automatically sent to the trash bin. Cisco encourages customers to participate in honing those filters by...
Beers with Talos ep. #91: Get the FUD out
Beers with Talos BWT Podcast episode No. 91 is now available. Download this episode and subscribe to Beers with Talos:Apple Podcasts Google PodcastsSpotify StitcherIf iTunes and Google Play aren't your thing, click here. By Mitch Neff. Recorded Aug. 14, 2020 Let’s talk about FUD. It’s not enough ...
Vulnerability Spotlight: Code execution, memory corruption vulnerabilities in Accusoft ImageGear
Emmanuel Tacheau of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered two vulnerabilities in Accusoft ImageGear. The ImageGear library is a document-imaging developer toolkit to assist users with image conversion, creation, editing and more. There...
Vulnerability Spotlight: Multiple SQL, code injection vulnerabilities in OpenSIS
Yuri Kramarz and Yves Younan discovered these vulnerabilities. Blog by Jon Munshaw Cisco Talos researchers recently discovered multiple vulnerabilities in the OpenSIS software family. OpenSIS is a student information management system for K-12 students. It is available in commercial and open-sour...
Threat Roundup for August 21 to August 27
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Aug. 21 and Aug. 27. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...
Threat Source newsletter for Aug. 27, 2020
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. As part of our continued look at election security ahead of the November election, we have another research paper out this week. This time, we’re taking a closer look at disinformation campaigns, popularly known as “fake news.” Th...
Vulnerability Spotlight: Remote code execution, privilege escalation bugs in Microsoft Azure Sphere
Claudio Bozzato, Lilith and Dave McDaniel of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos researchers recently discovered multiple vulnerabilities in Microsoft’s Azure Sphere, a cloud-connected and custom SoC platform designed specifically with IoT application...
What to expect when you're electing: The building blocks of disinformation campaigns
By Nick Biasini, Kendall McKay and Matt Valites. As Cisco Talos discovered during our four-year investigation into election security, securing elections is an extremely difficult, complex task. In the first paper in our election series, “What to expect when you’re electing,” Talos outlined how th...
Vulnerability Spotlight: Use-after-free vulnerability in Google Chrome WebGL could lead to code execution
Marcin Towalski of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. The Google Chrome web browser contains a use-after-free vulnerability in its WebGL component that could allow a user to execute arbitrary code in the context of the browser process. This vulnerability specifically...
Threat Roundup for August 14 to August 21
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Aug. 14 and Aug. 21. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...
Vulnerability Spotlight: Internet Systems Consortium BIND server DoS
Emanuel Almeida of Cisco Systems discovered this vulnerability. Blog by Jon Munshaw. The Internet Systems Consortium’s BIND server contains a denial-of-service vulnerability that exists when processing TCP traffic through the libuv library. An attacker can exploit this vulnerability by flooding t...
Threat Source newsletter for Aug. 20, 2020
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. Hactivism always seems to cool and noble in the movies. Video games and TV shows have no shortage of their “hacker heroes,” too. But what are the real-world consequences of users who release sensitive information or carry out data...
Beers with Talos Ep. #90: Hacktivism – Understanding the real-world consequences
Beers with Talos BWT Podcast episode No. 90 is now available. Download this episode and subscribe to Beers with Talos:Apple Podcasts Google PodcastsSpotify StitcherIf iTunes and Google Play aren't your thing, click here. By Mitch Neff. Recorded July 31, 2020 This week in BWT land, we’re discussin...
Beers with Talos Ep. #89: What to do when you're the pwnd one
Beers with Talos BWT Podcast episode No. 89 is now available. Download this episode and subscribe to Beers with Talos:Apple Podcasts Google PodcastsSpotify StitcherIf iTunes and Google Play aren't your thing, click here. By Mitch Neff. Recorded July 17, 2020 The gang's all back this week, and we...
Attribution: A Puzzle
By Martin Lee, Paul Rascagneres and Vitor Ventura. Introduction The attribution of cyber attacks is hard. It requires collecting diverse intelligence, analyzing it and deciding who is responsible. Rarely does the evidence available to researchers reach a level of proof that would be acceptable in...
Threat Roundup for August 7 to August 14
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Aug. 7 and Aug. 14. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...
Threat Source newsletter for Aug. 13, 2020
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. It’s really tough to attribute cyber attacks. We know it. You know it. But why is that, exactly? And why do we want to attribute attacks so badly anyway? In our latest blog post, we look at why attribution is challenging, and what...
Microsoft Patch Tuesday for Aug. 2020 — Snort rules and prominent vulnerabilities
By Jon Munshaw. Microsoft released its monthly security update Tuesday, disclosing 120 vulnerabilities across its array of products. Sixteen of the vulnerabilities are considered “critical,” including one that Microsoft says is currently being exploited in the wild. Users of all Microsoft and...
Barbervisor: Journey developing a snapshot fuzzer with Intel VT-x
By Cory Duplantis. One of the ways vulnerability researchers find bugs is with fuzzing. At a high level, fuzzing is the process of generating and mutating random inputs for a given target to crash it. In 2017, I started developing a bare metal hypervisor for the purposes of snapshot fuzzing:...
Threat Roundup for July 31 to August 7
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between July 31 and Aug. 7. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...
Threat Source newsletter for Aug. 6, 2020
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. We spend a lot of time talking about what you should do to keep your data safe, and how other organizations should be prepared for the worst. But what happens if the worst happens to you? In the latest Beers with Talos episode, we...
Vulnerability Spotlight: Microsoft issues security update for Azure Sphere
Claudio Bozzato, Lilith and Dave McDaniel of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos researchers recently discovered seven vulnerabilities in Microsoft’s Azure Sphere, a cloud-connected SoC platform designed specifically with IoT application security in mind...
Threat Roundup for July 17 to July 24
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between July 17 and July 24. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...
Threat Roundup for July 24 to July 31
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between July 24 and July 31. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...
Vulnerability Spotlight: Two vulnerabilities in SoftPerfect RAM Disk
A Cisco Talos researcher discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos researchers recently discovered that a specific driver in the SoftPerfect RAM disk could allow an adversary to delete files on an arbitrary basis and disclose sensitive information. SoftPerfect RAM Disk is a...
Prometei botnet and its quest for Monero
By Vanja Svajcer. NEWS SUMMARYWe are used to ransomware attacks and big-game hunting making the headlines, but there are still methods adversaries use to monetize their efforts in less intrusive ways.Cisco Talos recently discovered a cryptocurrency-mining botnet attack we're calling "Prometei"...
Threat Source newsletter for July 30, 2020
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. Adversaries love to use headlines as part of their spam campaigns. From COVID-19, to Black Lives Matter and even Black Friday every year, the bad guys are wanting to capitalize on current events. Why is this the case, and when do...
Adversarial use of current events as lures
By Nick Biasini. The goal of malicious activity is to compromise the system to install some unauthorized software. Increasingly that goal is tied to one thing: the user. Over the past several years, we as an industry improved exploit mitigation and the value of working exploits has increased...
Vulnerability Spotlight: Multiple vulnerabilities in RemoteFX affects, AMD, Intel chips
Piotr Bania of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered multiple vulnerabilities in Intel’s Graphics Accelerator Driver and in an AMD Radeon driver. The Intel driver was released in 2019 and is used in multiple Intel integrated and...
Threat Source newsletter for July 23, 2020
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. While ransomware attacks continue to hog all the headlines, cryptocurrency miners are still running the background, sapping computing power from unsuspecting victims. We have what we believe is the first documentation of a new...
Beers with Talos Ep. #88: It’s not about the vote, it’s about trust
Beers with Talos BWT Podcast episode No. 88 is now available. Download this episode and subscribe to Beers with Talos:Apple Podcasts Google PodcastsSpotify StitcherIf iTunes and Google Play aren't your thing, click here. By Mitch Neff. Recorded July 7, 2020 Nigel is out this week, but we have a...
Beers with Talos Ep. #87: Happy 3rd birthday BWT — It’s story time!
Beers with Talos BWT Podcast episode No. 87 is now available. Download this episode and subscribe to Beers with Talos:Apple Podcasts Google PodcastsSpotify StitcherIf iTunes and Google Play aren't your thing, click here. By Mitch Neff. Recorded June 24, 2020 Has it been three years already? We ha...
Threat Roundup for July 10 to July 17
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between July 10 and July 17. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...
Threat Source newsletter for July 16, 2020
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. If you haven’t already, we highly recommend you read our in-depth research paper on election security. This paper represents four years of hands-on research, interviews and insight into how things have changed since 2016, and what...
What to expect when you’re electing: Talos’ 2020 election security primer
By Jon Munshaw and Matt Olney. After the 2016 General Election, the talk was all around foreign meddling. Rumors swirled that some votes may have been changed or influenced by state-sponsored actors. Sanctions and accusations followed. Four years later, is the U.S. any more prepared to protect th...
Microsoft Patch Tuesday for July 2020 — Snort rules and prominent vulnerabilities
By Jon Munshaw. Microsoft released its monthly security update Tuesday, disclosing more than 120 vulnerabilities across its array of products. While only a few vulnerabilities are considered critical, users of all Microsoft and Windows products are urged to update their software as soon as possib...
Threat Roundup for July 3 to July 10
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between July 3 and July 10. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...
Vulnerability Spotlight: SQL injection vulnerability in Glacies IceHRM
Yuri Kramarz of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos researchers recently discovered that the Glacies' IceHRM software contains a vulnerability that could allow an adversary to inject SQL. IceHRM is a human resource management tool, allowing users to create...
WastedLocker Goes "Big-Game Hunting" in 2020
By Ben Baker, Edmund Brumaghin, JJ Cummings and Arnaud Zobec. Threat summary After initially compromising corporate networks, the attacker behind WastedLocker performs privilege escalation and lateral movement prior to activating ransomware and demanding ransom payment.The use of "dual-use" tools...