Lucene search
K
TalosblogRecent

2032 matches found

Talos Blog
Talos Blog
added 2020/07/02 11:0 a.m.12 views

Threat Source newsletter for July 2, 2020

Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. Our latest research you should catch up on is the Valak malware. This information-stealer sneaks its way onto victim machines by hijacking legitimate email threads. The threat actors send their phishing emails and attachments in...

1.6AI score
Exploits0
Talos Blog
Talos Blog
added 2020/07/02 9:13 a.m.16 views

Vulnerability Spotlight: Google Chrome PDFium memory corruption vulnerability

Aleksandar Nikolic of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. The PDF renderer inside Google Chrome, known as PDFium, contains a memory corruption vulnerability that could be exploited by an adversary. PDFium is open-source software that is utilized in the Chrome browser a...

2.4AI score
Exploits0
Talos Blog
Talos Blog
added 2020/07/02 9:8 a.m.18 views

Threat Source newsletter for June 25, 2020

Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. We recently decided to replace our use of the terms "blacklist" and "whitelist" with "block list" and "allow list.” Even though these terms are commonly in use in the security industry, we will not go along with casually assigning...

2.7AI score
Exploits0
Talos Blog
Talos Blog
added 2020/07/02 6:52 a.m.17 views

Beers with Talos Ep. #86: It’s just an exploit popularity contest...

Beers with Talos BWT Podcast episode No. 85 is now available. Download this episode and subscribe to Beers with Talos:Apple Podcasts Google PodcastsSpotify StitcherIf iTunes and Google Play aren't your thing, click here. By Mitch Neff. Recorded June 5, 2020 Prod. Note: The team decided to hold ba...

1.6AI score
Exploits0
Talos Blog
Talos Blog
added 2020/07/01 1:7 p.m.14 views

Vulnerability Spotlight: Remote code execution vulnerabilities in LEADTOOLS 20

Cory Duplantis of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered a remote code execution vulnerability in the LEADTOOLS line of imaging toolkits. LEADTOOLS is a collection of toolkits designed to perform a variety of functions aimed at integrating...

2AI score
Exploits0
Talos Blog
Talos Blog
added 2020/07/01 12:51 p.m.12 views

Vulnerability Spotlight: Information disclosure vulnerability in Mozilla Firefox

Marcin "Icewall" Noga of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered an information disclosure vulnerability in Mozilla Firefox. An attacker can exploit this bug by tricking a user into visiting a specially crafted web page through the browser. ...

1.3AI score
Exploits0
Talos Blog
Talos Blog
added 2020/07/01 8:21 a.m.23 views

Threat Spotlight: Valak Slithers Its Way Into Manufacturing and Transportation Networks

By Nick Biasini, Edmund Brumaghin and Mariano Graziano. Threat summary Attackers are actively distributing the Valak malware family around the globe, with enterprises, in particular, being targeted.These campaigns make use of existing email threads from compromised accounts to greatly increase...

2.6AI score
Exploits0
Talos Blog
Talos Blog
added 2020/06/30 1:28 p.m.19 views

Beers with Talos Ep. #85: The In-Between, Vol. 5

Beers with Talos BWT Podcast episode No. 85 is now available. Download this episode and subscribe to Beers with Talos:Apple Podcasts Google Podcasts Spotify Stitcher If iTunes and Google Play aren't your thing, click here. By Mitch Neff. Recorded May 29, 2020 Prod. Note: Things are a hot mess rig...

0.1AI score
Exploits0
Talos Blog
Talos Blog
added 2020/06/29 11:54 a.m.31 views

PROMETHIUM extends global reach with StrongPity3 APT

By Warren Mercer, Paul Rascagneres and Vitor Ventura. News summaryThe threat actor behind StrongPity is not deterred despite being exposed multiple times over the past four years.They continue to expand their victimology and attack seemingly non related countries.This kind of continuous improveme...

1.1AI score
Exploits0
Talos Blog
Talos Blog
added 2020/06/26 1:4 p.m.10 views

Threat Roundup for June 19 to June 26

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between June 19 and June 26. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...

1.2AI score
Exploits0
Talos Blog
Talos Blog
added 2020/06/24 12:53 p.m.26 views

Vulnerability Spotlight: Denial-of-service vulnerability in NVIDIA driver

Piotr Bania of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Executive summaryThe NVWGF2UMXCFG.DLL driver contains a denial-of-service vulnerability that an attacker could use to disrupt processes over a virtual machine. An adversary could exploit this bug by providing a special...

1.7AI score
Exploits0
Talos Blog
Talos Blog
added 2020/06/23 11:39 a.m.30 views

IndigoDrop spreads via military-themed lures to deliver Cobalt Strike

By Asheer Malhotra. Cisco Talos has observed a malware campaign that utilizes military-themed malicious Microsoft Office documents maldocs to spread Cobalt Strike beacons containing full-fledged RAT capabilities. These maldocs use malicious macros to deliver a multistage and highly modular...

1.5AI score
Exploits0
Talos Blog
Talos Blog
added 2020/06/23 9:19 a.m.22 views

Threat Roundup for June 5 to June 12

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between June 5 and June 12. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

1.2AI score
Exploits0
Talos Blog
Talos Blog
added 2020/06/23 5:56 a.m.25 views

Cisco Talos replacing all mentions of 'blacklist,' 'whitelist'

There are many ways to respond to injustice, both large and small, but each response is important. While we acknowledge it is a small change, Cisco Talos is moving to replace our use of the terms "blacklist" and "whitelist" with "block list" and "allow list.” Even though these terms are commonly ...

2.4AI score
Exploits0
Talos Blog
Talos Blog
added 2020/06/18 11:0 a.m.13 views

Threat Source newsletter for June 18, 2020

Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. Now that Cisco Live is over, you can access both of Talos’ talks on-demand here if you registered for the online event. The latest Beers with Talos episode covers how to push your career in cyber security forward when you feel lik...

1AI score
Exploits0
Talos Blog
Talos Blog
added 2020/06/18 5:57 a.m.18 views

Beers with Talos Ep. #84: Mid-career advancement in cyber security

Beers with Talos BWT Podcast episode No. 84 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. By Mitch Neff. Recorded May 26, 2020 Prod. Note: Things are a hot mess right now and the team thinks that there are voice...

0.1AI score
Exploits0
Talos Blog
Talos Blog
added 2020/06/16 7:0 a.m.38 views

Tor2Mine is up to their old tricks — and adds a few new ones

By Kendall McKay and Joe Marshall. Threat summaryCisco Talos has identified a resurgence of activity by Tor2Mine, a cryptocurrency mining group that was likely last active in 2018. Tor2Mine is deploying additional malware to harvest credentials and steal more money, including AZORult, an...

1AI score
Exploits0
Talos Blog
Talos Blog
added 2020/06/15 11:49 a.m.12 views

Updates to Snort setup guides

Our documentation on Snort 3 running on CentOS and the Snort Rules Writing guide to Snort 3. Thanks to community member Yaser for providing the updates. The Snort 3 guide now has expanded information on logging options — such as syslog and JSON. There is also a new performance optimization sectio...

1.1AI score
Exploits0
Talos Blog
Talos Blog
added 2020/06/15 11:46 a.m.22 views

Quarterly report: Incident Response trends in Summer 2020

By David Liebenberg and Caitlin Huey. For the fourth quarter in a row, Ryuk dominated the threat landscape in incident response. As we mentioned in last quarter’s report, Ryuk has shifted from relying on commodity trojans to using living-off-the-land tools. This has led to a decrease in...

1AI score
Exploits0
Talos Blog
Talos Blog
added 2020/06/12 8:7 a.m.14 views

Beers with Talos Ep. #83: The In-between, Vol. 4

Beers with Talos BWT Podcast episode No. 83 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. By Mitch Neff. Recorded May 15, 2020 Prod. Note: Things are a hot mess right now and the team thinks that there are voice...

0.2AI score
Exploits0
Talos Blog
Talos Blog
added 2020/06/11 11:0 a.m.24 views

Threat Source newsletter for June 11, 2020

Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. We are back this week with new content, mainly around Microsoft Patch Tuesday. We have our complete breakdown of all the vulns here, as well as in-depth information on two remote code execution vulnerabilities one of our researche...

1.8AI score
Exploits0
Talos Blog
Talos Blog
added 2020/06/10 1:21 p.m.17 views

Vulnerability Spotlight: Two code execution vulnerabilities in Microsoft Excel

Marcin “Icewall” Noga of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos researchers recently discovered two code execution vulnerabilities in Microsoft Excel. Microsoft released updates for these two bugs as part of their Patch Tuesday security update this week. Bo...

1.7AI score
Exploits0
Talos Blog
Talos Blog
added 2020/06/10 7:0 a.m.19 views

Vulnerability Spotlight: Remote code execution vulnerability in Firefox’s SharedWorkerService function

Marcin “Icewall” Noga of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. The Mozilla Firefox web browser contains a vulnerability in its SharedWorkerService function that could allow an attacker to gain the ability to remotely execute code on a target’s machine. This vulnerability...

4.9AI score
Exploits0
Talos Blog
Talos Blog
added 2020/06/09 5:49 p.m.18 views

Microsoft Patch Tuesday for June 2020 — Snort rules and prominent vulnerabilities

By Jon Munshaw. Microsoft released its monthly security update Tuesday, disclosing more than 120 vulnerabilities across its array of products. While none of the vulnerabilities disclosed have been exploited in the wild, users of all Microsoft and Windows products are urged to update their softwar...

0.9AI score
Exploits0
Talos Blog
Talos Blog
added 2020/06/09 8:28 a.m.25 views

Vulnerability Spotlight: Multiple vulnerabilities in Siemens LOGO! PLC

Alexander Perez-Palma of Cisco Talos and Emanuel Almeida of Cisco Systems discovered these vulnerabilities. Blog by Jon Munshaw. Cisco researchers recently discovered several vulnerabilities in the Siemens LOGO! PLC. The LOGO! allows users to control various automation projects, such as industria...

2AI score
Exploits0
Talos Blog
Talos Blog
added 2020/06/05 2:18 p.m.20 views

Threat Roundup for May 29 to June 5

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between May 29 and June 5. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

0.9AI score
Exploits0
Talos Blog
Talos Blog
added 2020/06/04 10:40 a.m.26 views

Threat Source newsletter for June 4, 2020

Newsletter compiled by Jon Munshaw. Our social media content and promotion are on pause this week as there are more important issues being discussed and other voices that need to be heard. However, we still wanted to provide users with the latest IOCs and threats we’re seeing. Upcoming public...

1.5AI score
Exploits0
Talos Blog
Talos Blog
added 2020/06/03 7:23 a.m.31 views

Vulnerability Spotlight: Two vulnerabilities in Zoom could lead to code execution

A member of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered two vulnerabilities in the popular Zoom video chatting application that could allow a malicious user to execute arbitrary code on victims’ machines. Video conferencing software has...

1.5AI score
Exploits0
Talos Blog
Talos Blog
added 2020/06/01 6:13 a.m.29 views

Vulnerability Spotlight: VMware Workstation 15 denial-of-service vulnerability

Piotr Bania of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered a denial-of-service vulnerability in VMware Workstation 15. VMware allows users to set up virtual machines and operate various operating systems outside of the ones designed for their...

0.8AI score
Exploits0
Talos Blog
Talos Blog
added 2020/05/29 2:21 p.m.34 views

Threat Roundup for May 22 to May 29

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between May 22 and May 29. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

1AI score
Exploits0
Talos Blog
Talos Blog
added 2020/05/28 11:0 a.m.24 views

Threat Source newsletter for May 28, 2020

Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. We need to start things off by wishing a Happy Birthday to Beers with Talos! The first episode was released on May 12, 2017. To celebrat...

Exploits0
Talos Blog
Talos Blog
added 2020/05/28 7:59 a.m.30 views

Dynamic Data Resolver (DDR) — IDA Plugin 1.0 beta

By Holger Unterbrink Executive summaryStatic reverse-engineering in IDA can often be problematic. Certain values are calculated at run time, which makes it difficult to understand what a certain basic block is doing. If you try to perform dynamic analysis by debugging a piece of malware, the...

2.6AI score
Exploits0
Talos Blog
Talos Blog
added 2020/05/26 8:16 a.m.22 views

Beers with Talos Ep. #82: Talos IR quarterly threat trends

Beers with Talos BWT Podcast episode No. 82 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Recorded May 8, 2020 Brad Garnett from Cisco Talos Incident Response joins us today to talk about DFIR, the Talos Quarter...

0.6AI score
Exploits0
Talos Blog
Talos Blog
added 2020/05/21 11:0 a.m.28 views

Threat Source newsletter for May 21, 2020

Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. Beers with Talos chugs on during quarantine with the latest episode of “The In-Between.” Once again, the hosts talk about everything but...

0.6AI score
Exploits0
Talos Blog
Talos Blog
added 2020/05/21 8:49 a.m.32 views

Vulnerability Spotlight: Authentication bypass vulnerability in some Epson projectors

Yuri Kramarz of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. The Epson EB-1470UI Projector contains an authentication bypass vulnerability in its web control functionality. This projector allows users to control it over the web. However, an adversary could trick a user into...

1.8AI score
Exploits0
Talos Blog
Talos Blog
added 2020/05/21 8:45 a.m.28 views

Vulnerability Spotlight: Memory corruption vulnerability in GNU Glibc leaves smart vehicles open to attack

By Sam Dytrych and Jason Royes. Executive summary Modern automobiles are complex machines, merging both mechanical and computer systems under one roof. As automobiles become more advanced, additional sensors and devices are added to help the vehicle understand its internal and external...

2.9AI score
Exploits0
Talos Blog
Talos Blog
added 2020/05/20 6:6 a.m.34 views

Threat Source newsletter for May 14, 2020

Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. Our main focus this week is on Astaroth. This is a malware family that has been targeting Brazil with a variety of lures, including...

0.8AI score
Exploits0
Talos Blog
Talos Blog
added 2020/05/19 11:53 p.m.39 views

The wolf is back...

By Warren Mercer, Paul Rascagneres and Vitor Ventura. News summaryThai Android devices and users are being targeted by a modified version of DenDroid we are calling "WolfRAT," now targeting messaging apps like WhatsApp, Facebook Messenger and Line.We assess with high confidence that this modified...

1.6AI score
Exploits0
Talos Blog
Talos Blog
added 2020/05/18 10:36 a.m.24 views

Beers with Talos Ep. #81: "The In-Between," Vol. 3

Beers with Talos BWT Podcast episode No. 81 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Recorded May 1, 2020 Sammi is back and the rest of the crew is here to hang out and chat. As is The In-Between Way — we...

0.3AI score
Exploits0
Talos Blog
Talos Blog
added 2020/05/18 7:13 a.m.31 views

Vulnerability Spotlight: Multiple vulnerabilities in Nitro Pro PDF reader

Aleksandar Nikolic and Cory Duplantis of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered two code execution vulnerabilities and an information disclosure flaw in Nitro Pro PDF reader. Nitro PDF allows users to save, read, sign and edit PDFs on...

2.5AI score
Exploits0
Talos Blog
Talos Blog
added 2020/05/15 2:37 p.m.19 views

Threat Roundup for May 8 to May 15

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between May 8 and May 15. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

1AI score
Exploits0
Talos Blog
Talos Blog
added 2020/05/15 8:12 a.m.38 views

Beers with Talos Ep. #80: Working securely in a new (not yet) normal

Beers with Talos BWT Podcast episode No. 80 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Recorded April 24, 2020 Matt isn’t with us today, but the rest of the crew discusses some current security issues in our...

1.2AI score
Exploits0
Talos Blog
Talos Blog
added 2020/05/14 12:18 p.m.34 views

The basics of a ransomware infection as Snake, Maze expands

By Joe Marshall @ImmortanJo3 There have recently been several high-profile ransomware campaigns utilizing Maze and Snake malware. From critical medical supply companies, to large logistics firms, many businesses of all sizes have fallen victim to this cybercrime wave. When an organization falls...

7AI score
Exploits0
Talos Blog
Talos Blog
added 2020/05/13 11:56 a.m.27 views

Threat Spotlight: Astaroth — Maze of obfuscation and evasion reveals dark stealer

By Nick Biasini, Edmund Brumaghin and Nick Lister. Cisco Talos is detailing an information stealer, Astaroth, that has been targeting Brazil with a variety of lures, including COVID-19 for the past nine to 12 months.Complex maze of obfuscation and anti-analysis/evasion techniques implemented by...

1.4AI score
Exploits0
Talos Blog
Talos Blog
added 2020/05/13 6:39 a.m.50 views

Microsoft Patch Tuesday — May 2020: Vulnerability disclosures and Snort coverage

By Jon Munshaw. Microsoft released its monthly security update today, disclosing vulnerabilities across many of its products and releasing corresponding updates. This month's Patch Tuesday covers 111 vulnerabilities. Fifteen of the flaws Microsoft disclosed are considered critical. There are also...

7.5CVSS1.4AI score0.11563EPSS
Exploits0
Talos Blog
Talos Blog
added 2020/05/12 12:5 p.m.20 views

Vulnerability Spotlight: Code execution vulnerability in Microsoft Excel

Marcin “Icewall” Noga of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered a code execution vulnerability in some versions of Microsoft Excel. An attacker could exploit this vulnerability by tricking the victim into opening a specially crafted Excel...

2AI score
Exploits0
Talos Blog
Talos Blog
added 2020/05/12 10:18 a.m.35 views

Vulnerability Spotlight: Code execution vulnerability in 3S CODESYS

Carl Hurd of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered an exploitable code execution vulnerability in 3S’ CODESYS Control SoftPLC runtime system. The system allows any embedded or PC device to convert into an IEC 61131-3-complaint industria...

1.6AI score
Exploits0
Talos Blog
Talos Blog
added 2020/05/12 10:0 a.m.24 views

Vulnerability Spotlight: Remote code execution vulnerabilities in Adobe Acrobat Reader

Aleksandar Nikolic of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered two remote code execution vulnerabilities in Adobe Acrobat Reader. Acrobat supports a number of features, including the ability to process embedded JavaScript. These flaws...

0.9AI score
Exploits0
Talos Blog
Talos Blog
added 2020/05/08 2:19 p.m.29 views

Threat Roundup for May 1 to May 8

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between May 1 and May 8. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

1AI score
Exploits0
Talos Blog
Talos Blog
added 2020/05/07 11:0 a.m.22 views

Threat Source newsletter for May 7, 2020

Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. With all of us working from home, Beers with Talos episodes are coming out faster than ever. This week, we have an actual episode with...

0.3AI score
Exploits0
Total number of security vulnerabilities2032