2032 matches found
Vulnerability Spotlight: Multiple code execution vulnerabilities in Accusoft ImageGear
Emmanuel Tacheau of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered four code execution vulnerabilities in Accusoft ImageGear. The ImageGear library is a document-imaging developer toolkit to assist users with image conversion, creation, editing...
Threat Roundup for April 24 to May 1
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between April 24 and May 1. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...
Threat Source newsletter for April 30, 2020
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. Our newest research post focuses on the Aggah campaign. Threat actors are pushing Aggah to victims via malicious Microsoft Word document...
Beers with Talos Ep. #79: The In-Between vol. 2 (It's a better name than Quittin' Time)
Beers with Talos BWT Podcast episode No. 79 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Recorded April 22, 2020 We are renaming these episodes. “Quittin’ time” was OK and all, but “The In-between” better...
Upgraded Aggah malspam campaign delivers multiple RATs
By Asheer Malhotra Cisco Talos has observed an upgraded version of a malspam campaign known to distribute multiple remote access trojans RATs.The infection chain utilized in the attacks is highly modularized.The attackers utilize publicly available infrastructure such as Bitly and Pastebin spread...
Threat Roundup for April 17 to April 24
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between April 17 and April 24. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral...
Threat Source newsletter for April 23, 2020
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. There’s a new Beers with Talos podcast out now. And guess what? They actually talk about security this time! The guys are looking for...
Threat Spotlight: MedusaLocker
By Edmund Brumaghin, with contributions from Amit Raut. Overview MedusaLocker is a ransomware family that has been observed being deployed since its discovery in 2019. Since its introduction to the threat landscape, there have been several variants observed. However, most of the functionality...
Vulnerability Spotlight: Zoom Communications user enumeration
Video conferencing and calling software has spiked in popularity as individuals across the globe are forced to stay home due to the COVID-19 pandemic. There are a plethora of players in this space, with one or two getting increased attention. One service in particular — Zoom — has received an...
PoetRAT: Python RAT uses COVID-19 lures to target Azerbaijan public and private sectors
By Warren Mercer, Paul Rascagneres and Vitor Ventura. News summaryAzerbaijan government and energy sector likely targeted by an unknown actor.From the energy sector, the actor demonstrates interest in SCADA systems related to wind turbines.The actor uses Word documents to drop malware that allows...
Talos Incident Response announces new, lower price through July 25
Today’s world looks very different than three months ago. More people work remotely than ever before. IT teams work around the clock to expand capacity and new software and services are being deployed to handle the load. Within this new remote environment, we have seen new malware families and...
Beers with Talos Ep. #78: Fingerprints and hunting parties
Beers with Talos BWT Podcast episode No. 78 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Recorded April 10, 2020 We have a couple great topics today — and only one of them is a COVID-19 related topic. So, it...
Fingerprint cloning: Myth or reality?
Phone, computer fingerprint scanners can be defeated with 3-D printing By Paul Rascagneres and Vitor Ventura. Executive summaryPasswords are the traditional authentication methods for computers and networks. But passwords can be stolen. Biometric authentication seems the perfect solution for that...
Threat Roundup for April 10 to April 17
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between April 10 and April 17. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral...
Threat Roundup for April 3 to April 10
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between April 3 and April 10. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristic...
Threat Source newsletter for April 16, 2020
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. It’s what — week 5 of this quarantine in the U.S.? Week 6? We’ve lost count. And so did the Beers with Talos guys. But lucky for you, th...
Quarterly Report: Incident Response trends in Spring 2020
By David Liebenberg. Cisco Talos Incident Response CTIR engagements continue to be dominated by ransomware and commodity trojans. As alluded to in last quarter’s report, ransomware actors have begun threatening to release sensitive information from victims as a means of further compelling them to...
Microsoft Patch Tuesday — April 2020: Vulnerability disclosures and Snort coverage
By Jon Munshaw. Microsoft released its monthly security update today, disclosing vulnerabilities across many of its products and releasing corresponding updates. This month's Patch Tuesday covers 115 vulnerabilities. Nineteen of the flaws Microsoft disclosed are considered critical. The remainder...
Beers with Talos Ep. #77: Quittin’ Time, Vol. 1 — Tigers and tales of the in-between
Beers with Talos BWT Podcast episode No. 77 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Recorded April 3, 2020 We’re kinda bored. We figured you are too. So we decided to get together between normal recordings...
Threat Source newsletter for April 9, 2020
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. Nearly all devices have some sort of fingerprint scanner now, used to log users in. But these scanners prevent their own unique attack...
Vulnerability Spotlight: Information disclosure vulnerability in Microsoft Media Foundation
Marcin “Icewall” Noga of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Microsoft Media Foundation contains an information disclosure vulnerability that could allow an attacker to eventually remotely execute code on the victim machine. Media Foundation is a COM-based multimedia...
AZORult brings friends to the party
By Vanja Svajcer. NEWS SUMMARY We are used to ransomware attacks and big game hunting making the headlines, but there is an undercurrent of other attack types that allow attackers to monetize their efforts in a less intrusive way.Here, we discuss a multi-pronged cyber criminal attack using a numb...
Beers with Talos Ep. #76: When security hits home (and stays)
Beers with Talos BWT Podcast episode No. 76 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Recorded March 27, 2020 Our goal is always to talk to you about what's on our minds. Right now, we are pretty sure we all...
Threat Roundup for March 27 to April 3
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between March 27 and April 3. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristic...
Threat Source newsletter (April 2, 2020)
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. As long as COVID-19 is in the headlines which is going to be a long time actors are going to try and capitalize. We fully expect to see ...
Trickbot: A primer
By Chris Neal Executive Summary Trickbot remains one of the most sophisticated banking trojans in the landscape while constantly evolving.Highly modular, Trickbot can adapt to different environments with the help of its various modules.The group behind Trickbot has expanded their activities beyon...
COVID-19 relief package provides another platform for bad actors
The ongoing COVID-19 pandemic continues to yield new subject matter that bad actors can turn into fodder for enticing victims into clicking on malicious links and attachments. On March 27, the CARES Act was signed into law by the President, enacting a wide range of stimulus packages designed to a...
Threat Update: COVID-19
Executive Summary The COVID-19 pandemic is changing everyday life for workers across the globe. Cisco Talos continues to see attackers take advantage of the coronavirus situation to lure unsuspecting users into various pitfalls such as phishing, fraud, and disinformation campaigns. Talos has not...
Threat Roundup for March 20 to March 27
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between March 20 and March 27. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral...
Threat Source newsletter (March 26, 2020)
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. Just because we’re all still working from home doesn’t mean you can stop patching. We’ve been busy this week with a new wave of...
Vulnerability Spotlight: Intel Raid Web Console 3 denial-of-service bugs
Geoff Serrao of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered two denial-of-service vulnerabilities in the web API functionality of Intel RAID Web Console 3. The Raid Web Console is a web-based application that provides several configuration...
Vulnerability Spotlight: Multiple vulnerabilities in Videolabs libmicrodns
Claudio Bozzato of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. A specific library in the Videolabs family of software contains multiple vulnerabilities that could lead to denial of service and code execution. Videolabs is a company founded by VideoLAN members and is the...
Vulnerability Spotlight: Denial-of-service vulnerability in GStreamer
Peter Wang of Cisco ASIG discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered a denial-of-service vulnerability in GStreamer, a pipeline-based multimedia framework. GStreamer contains gst-rtsp-server, an open-source library that allows the user to build RTSP servers...
Threat Roundup for March 13 to March 20
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between March 13 and March 20. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral...
Beers with Talos Ep. #75: Now That Coronavirus Made a Global WFH Policy...
Beers with Talos BWT Podcast episode No. 74 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Recorded March 13, 2020 Of course, we have to talk about the implications of coronavirus. It's affecting the way business...
Threat Source newsletter (March 19, 2020)
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. We hope everyone is staying home if possible and staying safe. Unfortunately, the bad guys aren’t going anywhere, so we’re still pluggin...
Threat Roundup for March 6 to March 13
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between March 6 and March 13. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristic...
Beers with Talos Ep. #74: Impacting civil society
Beers with Talos BWT Podcast episode No. 74 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Recorded March 2, 2020 We open up the show with a sugary sweet poem before talking about RSA and our annual trip through...
Threat Source newsletter (March 12, 2020)
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. Obviously, COVID-19 is dominating headlines everywhere, and for good reason. We hope everyone out there is staying safe and healthy and...
Microsoft Patch Tuesday — March 2020: Vulnerability disclosures and Snort coverage
By Jon Munshaw and Vitor Ventura. Update March 12, 2020: Microsoft released an out-of-band patch for CVE-2020-0796, a code execution vulnerability SMB client and server for Windows. An unauthenticated attacker could exploit this vulnerability to execute remote code. Snort rules 53425 - 53428...
Vulnerability Spotlight: Information disclosure in Windows 10 Kernel
Marcin Towalski of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered an information disclosure vulnerability in the Windows 10 kernel. An attacker could exploit this vulnerability by tricking the victim into opening a specially crafted executable,...
Bisonal: 10 years of play
By Warren Mercer, Paul Rascagneres and Vitor Ventura. Update 06/03/20: added samples from 2020. Executive summary Security researchers detected and exposed the Bisonal malware over the past 10 years. But the Tonto team, the threat actor behind it, didn't stop.The victimology didn't change over...
Vulnerability Spotlight: WAGO products contain remote code execution, other vulnerabilities
Patrick DeSantis, Carl Hurd, Kelly Leuschner and Lilith --; of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered several vulnerabilities in multiple products from the company WAGO. WAGO produces a line of automation software called “e!COCKPIT,” an...
Threat Roundup for February 28 to March 6
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Feb. 28 and March 6. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...
Threat Source newsletter (March 5, 2020)
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. Sure, all anyone wants to talk about is coronavirus. But what about cyber security? We’ve still got cool stuff, like this huge write-up ...
Video: What defenders can learn from past ransomware attacks
The Cisco Talos Incident Response "Stories from the Field" video series returns with another entry from Matt Aubert. This time, Matt discusses ransomware infections he's seen in real-time, and shares what defenders can learn from others' mistakes and recovery. Is it ever smart to pay attackers'...
Threat Roundup for February 21 to February 28
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Feb. 21 and Feb. 28. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...
Threat Source newsletter (Feb. 27, 2020)
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. We know we’ve kept you waiting for a while, but the new Snort Resources page is finally here. We’ve got new and improved documentation,...
New Research Paper: Prevalence and impact of low-entropy packing schemes in the malware ecosystem
Detection of malware is a constant battle between the technologies designed to detect and prevent malware and the authors creating them. One common technique adversaries leverage is packing binaries. Packing an executable is similar to applying compression or encryption and can inhibit the abilit...
Beers with Talos Ep. #73: Feature ownership, vuln advisories and fancy audio FX
Beers with Talos BWT Podcast episode No. 73 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Recorded Feb. 19, 2020 Craig made an oopsie. Pardon his echo-chamber reverb. We had no idea until he sent in his audio fo...