2032 matches found
Threat Source newsletter for July 2, 2020
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. Our latest research you should catch up on is the Valak malware. This information-stealer sneaks its way onto victim machines by hijacking legitimate email threads. The threat actors send their phishing emails and attachments in...
Vulnerability Spotlight: Google Chrome PDFium memory corruption vulnerability
Aleksandar Nikolic of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. The PDF renderer inside Google Chrome, known as PDFium, contains a memory corruption vulnerability that could be exploited by an adversary. PDFium is open-source software that is utilized in the Chrome browser a...
Threat Source newsletter for June 25, 2020
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. We recently decided to replace our use of the terms "blacklist" and "whitelist" with "block list" and "allow list.” Even though these terms are commonly in use in the security industry, we will not go along with casually assigning...
Beers with Talos Ep. #86: It’s just an exploit popularity contest...
Beers with Talos BWT Podcast episode No. 85 is now available. Download this episode and subscribe to Beers with Talos:Apple Podcasts Google PodcastsSpotify StitcherIf iTunes and Google Play aren't your thing, click here. By Mitch Neff. Recorded June 5, 2020 Prod. Note: The team decided to hold ba...
Vulnerability Spotlight: Remote code execution vulnerabilities in LEADTOOLS 20
Cory Duplantis of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered a remote code execution vulnerability in the LEADTOOLS line of imaging toolkits. LEADTOOLS is a collection of toolkits designed to perform a variety of functions aimed at integrating...
Vulnerability Spotlight: Information disclosure vulnerability in Mozilla Firefox
Marcin "Icewall" Noga of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered an information disclosure vulnerability in Mozilla Firefox. An attacker can exploit this bug by tricking a user into visiting a specially crafted web page through the browser. ...
Threat Spotlight: Valak Slithers Its Way Into Manufacturing and Transportation Networks
By Nick Biasini, Edmund Brumaghin and Mariano Graziano. Threat summary Attackers are actively distributing the Valak malware family around the globe, with enterprises, in particular, being targeted.These campaigns make use of existing email threads from compromised accounts to greatly increase...
Beers with Talos Ep. #85: The In-Between, Vol. 5
Beers with Talos BWT Podcast episode No. 85 is now available. Download this episode and subscribe to Beers with Talos:Apple Podcasts Google Podcasts Spotify Stitcher If iTunes and Google Play aren't your thing, click here. By Mitch Neff. Recorded May 29, 2020 Prod. Note: Things are a hot mess rig...
PROMETHIUM extends global reach with StrongPity3 APT
By Warren Mercer, Paul Rascagneres and Vitor Ventura. News summaryThe threat actor behind StrongPity is not deterred despite being exposed multiple times over the past four years.They continue to expand their victimology and attack seemingly non related countries.This kind of continuous improveme...
Threat Roundup for June 19 to June 26
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between June 19 and June 26. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...
Vulnerability Spotlight: Denial-of-service vulnerability in NVIDIA driver
Piotr Bania of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Executive summaryThe NVWGF2UMXCFG.DLL driver contains a denial-of-service vulnerability that an attacker could use to disrupt processes over a virtual machine. An adversary could exploit this bug by providing a special...
IndigoDrop spreads via military-themed lures to deliver Cobalt Strike
By Asheer Malhotra. Cisco Talos has observed a malware campaign that utilizes military-themed malicious Microsoft Office documents maldocs to spread Cobalt Strike beacons containing full-fledged RAT capabilities. These maldocs use malicious macros to deliver a multistage and highly modular...
Threat Roundup for June 5 to June 12
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between June 5 and June 12. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...
Cisco Talos replacing all mentions of 'blacklist,' 'whitelist'
There are many ways to respond to injustice, both large and small, but each response is important. While we acknowledge it is a small change, Cisco Talos is moving to replace our use of the terms "blacklist" and "whitelist" with "block list" and "allow list.” Even though these terms are commonly ...
Threat Source newsletter for June 18, 2020
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. Now that Cisco Live is over, you can access both of Talos’ talks on-demand here if you registered for the online event. The latest Beers with Talos episode covers how to push your career in cyber security forward when you feel lik...
Beers with Talos Ep. #84: Mid-career advancement in cyber security
Beers with Talos BWT Podcast episode No. 84 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. By Mitch Neff. Recorded May 26, 2020 Prod. Note: Things are a hot mess right now and the team thinks that there are voice...
Tor2Mine is up to their old tricks — and adds a few new ones
By Kendall McKay and Joe Marshall. Threat summaryCisco Talos has identified a resurgence of activity by Tor2Mine, a cryptocurrency mining group that was likely last active in 2018. Tor2Mine is deploying additional malware to harvest credentials and steal more money, including AZORult, an...
Updates to Snort setup guides
Our documentation on Snort 3 running on CentOS and the Snort Rules Writing guide to Snort 3. Thanks to community member Yaser for providing the updates. The Snort 3 guide now has expanded information on logging options — such as syslog and JSON. There is also a new performance optimization sectio...
Quarterly report: Incident Response trends in Summer 2020
By David Liebenberg and Caitlin Huey. For the fourth quarter in a row, Ryuk dominated the threat landscape in incident response. As we mentioned in last quarter’s report, Ryuk has shifted from relying on commodity trojans to using living-off-the-land tools. This has led to a decrease in...
Beers with Talos Ep. #83: The In-between, Vol. 4
Beers with Talos BWT Podcast episode No. 83 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. By Mitch Neff. Recorded May 15, 2020 Prod. Note: Things are a hot mess right now and the team thinks that there are voice...
Threat Source newsletter for June 11, 2020
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. We are back this week with new content, mainly around Microsoft Patch Tuesday. We have our complete breakdown of all the vulns here, as well as in-depth information on two remote code execution vulnerabilities one of our researche...
Vulnerability Spotlight: Two code execution vulnerabilities in Microsoft Excel
Marcin “Icewall” Noga of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos researchers recently discovered two code execution vulnerabilities in Microsoft Excel. Microsoft released updates for these two bugs as part of their Patch Tuesday security update this week. Bo...
Vulnerability Spotlight: Remote code execution vulnerability in Firefox’s SharedWorkerService function
Marcin “Icewall” Noga of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. The Mozilla Firefox web browser contains a vulnerability in its SharedWorkerService function that could allow an attacker to gain the ability to remotely execute code on a target’s machine. This vulnerability...
Microsoft Patch Tuesday for June 2020 — Snort rules and prominent vulnerabilities
By Jon Munshaw. Microsoft released its monthly security update Tuesday, disclosing more than 120 vulnerabilities across its array of products. While none of the vulnerabilities disclosed have been exploited in the wild, users of all Microsoft and Windows products are urged to update their softwar...
Vulnerability Spotlight: Multiple vulnerabilities in Siemens LOGO! PLC
Alexander Perez-Palma of Cisco Talos and Emanuel Almeida of Cisco Systems discovered these vulnerabilities. Blog by Jon Munshaw. Cisco researchers recently discovered several vulnerabilities in the Siemens LOGO! PLC. The LOGO! allows users to control various automation projects, such as industria...
Threat Roundup for May 29 to June 5
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between May 29 and June 5. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...
Threat Source newsletter for June 4, 2020
Newsletter compiled by Jon Munshaw. Our social media content and promotion are on pause this week as there are more important issues being discussed and other voices that need to be heard. However, we still wanted to provide users with the latest IOCs and threats we’re seeing. Upcoming public...
Vulnerability Spotlight: Two vulnerabilities in Zoom could lead to code execution
A member of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered two vulnerabilities in the popular Zoom video chatting application that could allow a malicious user to execute arbitrary code on victims’ machines. Video conferencing software has...
Vulnerability Spotlight: VMware Workstation 15 denial-of-service vulnerability
Piotr Bania of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered a denial-of-service vulnerability in VMware Workstation 15. VMware allows users to set up virtual machines and operate various operating systems outside of the ones designed for their...
Threat Roundup for May 22 to May 29
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between May 22 and May 29. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...
Threat Source newsletter for May 28, 2020
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. We need to start things off by wishing a Happy Birthday to Beers with Talos! The first episode was released on May 12, 2017. To celebrat...
Dynamic Data Resolver (DDR) — IDA Plugin 1.0 beta
By Holger Unterbrink Executive summaryStatic reverse-engineering in IDA can often be problematic. Certain values are calculated at run time, which makes it difficult to understand what a certain basic block is doing. If you try to perform dynamic analysis by debugging a piece of malware, the...
Beers with Talos Ep. #82: Talos IR quarterly threat trends
Beers with Talos BWT Podcast episode No. 82 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Recorded May 8, 2020 Brad Garnett from Cisco Talos Incident Response joins us today to talk about DFIR, the Talos Quarter...
Threat Source newsletter for May 21, 2020
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. Beers with Talos chugs on during quarantine with the latest episode of “The In-Between.” Once again, the hosts talk about everything but...
Vulnerability Spotlight: Authentication bypass vulnerability in some Epson projectors
Yuri Kramarz of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. The Epson EB-1470UI Projector contains an authentication bypass vulnerability in its web control functionality. This projector allows users to control it over the web. However, an adversary could trick a user into...
Vulnerability Spotlight: Memory corruption vulnerability in GNU Glibc leaves smart vehicles open to attack
By Sam Dytrych and Jason Royes. Executive summary Modern automobiles are complex machines, merging both mechanical and computer systems under one roof. As automobiles become more advanced, additional sensors and devices are added to help the vehicle understand its internal and external...
Threat Source newsletter for May 14, 2020
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. Our main focus this week is on Astaroth. This is a malware family that has been targeting Brazil with a variety of lures, including...
The wolf is back...
By Warren Mercer, Paul Rascagneres and Vitor Ventura. News summaryThai Android devices and users are being targeted by a modified version of DenDroid we are calling "WolfRAT," now targeting messaging apps like WhatsApp, Facebook Messenger and Line.We assess with high confidence that this modified...
Beers with Talos Ep. #81: "The In-Between," Vol. 3
Beers with Talos BWT Podcast episode No. 81 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Recorded May 1, 2020 Sammi is back and the rest of the crew is here to hang out and chat. As is The In-Between Way — we...
Vulnerability Spotlight: Multiple vulnerabilities in Nitro Pro PDF reader
Aleksandar Nikolic and Cory Duplantis of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered two code execution vulnerabilities and an information disclosure flaw in Nitro Pro PDF reader. Nitro PDF allows users to save, read, sign and edit PDFs on...
Threat Roundup for May 8 to May 15
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between May 8 and May 15. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...
Beers with Talos Ep. #80: Working securely in a new (not yet) normal
Beers with Talos BWT Podcast episode No. 80 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Recorded April 24, 2020 Matt isn’t with us today, but the rest of the crew discusses some current security issues in our...
The basics of a ransomware infection as Snake, Maze expands
By Joe Marshall @ImmortanJo3 There have recently been several high-profile ransomware campaigns utilizing Maze and Snake malware. From critical medical supply companies, to large logistics firms, many businesses of all sizes have fallen victim to this cybercrime wave. When an organization falls...
Threat Spotlight: Astaroth — Maze of obfuscation and evasion reveals dark stealer
By Nick Biasini, Edmund Brumaghin and Nick Lister. Cisco Talos is detailing an information stealer, Astaroth, that has been targeting Brazil with a variety of lures, including COVID-19 for the past nine to 12 months.Complex maze of obfuscation and anti-analysis/evasion techniques implemented by...
Microsoft Patch Tuesday — May 2020: Vulnerability disclosures and Snort coverage
By Jon Munshaw. Microsoft released its monthly security update today, disclosing vulnerabilities across many of its products and releasing corresponding updates. This month's Patch Tuesday covers 111 vulnerabilities. Fifteen of the flaws Microsoft disclosed are considered critical. There are also...
Vulnerability Spotlight: Code execution vulnerability in Microsoft Excel
Marcin “Icewall” Noga of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered a code execution vulnerability in some versions of Microsoft Excel. An attacker could exploit this vulnerability by tricking the victim into opening a specially crafted Excel...
Vulnerability Spotlight: Code execution vulnerability in 3S CODESYS
Carl Hurd of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered an exploitable code execution vulnerability in 3S’ CODESYS Control SoftPLC runtime system. The system allows any embedded or PC device to convert into an IEC 61131-3-complaint industria...
Vulnerability Spotlight: Remote code execution vulnerabilities in Adobe Acrobat Reader
Aleksandar Nikolic of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered two remote code execution vulnerabilities in Adobe Acrobat Reader. Acrobat supports a number of features, including the ability to process embedded JavaScript. These flaws...
Threat Roundup for May 1 to May 8
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between May 1 and May 8. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...
Threat Source newsletter for May 7, 2020
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. With all of us working from home, Beers with Talos episodes are coming out faster than ever. This week, we have an actual episode with...