2032 matches found
Vulnerability Spotlight: Multiple vulnerabilities in Moxa AWK-3131A
Jared Rittle and Carl Hurd of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. The Moxa AWK-3131A networking device contains several different vulnerabilities that an attacker could exploit to carry out malicious activities in an industrial environment. The AWK-3131A is a wirele...
Threat Roundup for February 14 to February 21
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Feb. 14 and Feb. 21. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...
Threat Source newsletter (Feb. 20, 2020)
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. We’ve got more ways than ever for you to get Talos content. We continue to grow our YouTube page with the second entry in the “Stories...
ObliqueRAT: New RAT hits victims' endpoints via malicious documents
By Asheer Malhotra. Cisco Talos has observed a malware campaign that utilizes malicious Microsoft Office documents maldocs to spread a remote access trojan RAT we're calling "ObliqueRAT." These maldocs use malicious macros to deliver the second stage RAT payload. This campaign appears to target...
Cisco Talos Incident Response "Stories from the Field" #2: When do lawyers get involved?
The second video in our "Stories in the Field" series from Cisco Talos Incident Response is here, with Matt Aubert talking about lawyers. While getting a general counsel involved may seem like an arduous process for many incident response teams, Matt Aubert argues in this video that in his...
Building a bypass with MSBuild
By Vanja Svajcer. NEWS SUMMARY Living-off-the-land binaries LoLBins continue to pose a risk to security defenders. We analyze the usage of the Microsoft Build Engine by attackers and red team personnel. These threats demonstrate techniques T1127 Trusted Developer Utilities and T1500 Compile After...
Vulnerability Spotlight: Memory corruption, DoS vulnerabilities in CoTURN
Aleksandar Nikolic of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. CoTURN contains denial-of-service and memory corruption vulnerabilities in the way its web server parses POST requests. CoTURN is a TURN server implementation that can be used as a general- purpose network traff...
Beers with Talos Ep. #72: Getting to Patch Day - Understanding Vulnerability Risks and Options
Beers with Talos BWT Podcast episode No. 72 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Recorded Jan. 31, 2020 When a vulnerability is released, regardless if it has a website and logo or not, we need to...
Threat Roundup for February 7 to February 14
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Feb. 7 and Feb. 14. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...
Threat actors attempt to capitalize on coronavirus outbreak
By Nick Biasini and Edmund Brumaghin. Coronavirus is dominating the news and threat actors are taking advantage. Cisco Talos has found multiple malware families being distributed with Coronavirus lures and themes. This includes emotet and several RAT variants. Executive Summary Using the news to...
Threat Source newsletter (Feb. 13, 2020)
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. This month’s Microsoft Patch Tuesday was particularly hefty, with the company disclosing nearly 100 vulnerabilities — three of which Tal...
Microsoft Patch Tuesday — Feb. 2020: Vulnerability disclosures and Snort coverage
By Jon Munshaw. Microsoft released its monthly security update today, disclosing vulnerabilities across many of its products and releasing corresponding updates. This month's Patch Tuesday covers 98 vulnerabilities, 12 of which are considered critical and 84 that are considered important. There a...
Loda RAT Grows Up
By Chris Neal. Over the past several months, Cisco Talos has observed a malware campaign that utilizes websites hosting a new version of Loda, a remote access trojan RAT written in AutoIT. These websites also host malicious documents that begin a multi-stage infection chain which ultimately serve...
Vulnerability Spotlight: Remote code execution vulnerability in Apple Safari
Marcin Towalski of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. The Apple Safari web browser contains a remote code execution vulnerability in its Fonts feature. If a user were to open a malicious web page in Safari, they could trigger a type confusion, resulting in memory...
Vulnerability Spotlight: Use-after-free vulnerability in Windows 10 win32kbase
Marcin Towalski of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos is releasing the details of a use-after-free vulnerability in Windows 10. An attacker could exploit this vulnerability to gain the ability to execute arbitrary code in the kernel context. Microsoft...
Vulnerability Spotlight: Code execution vulnerability in Microsoft Media Foundation
Marcin Noga of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Microsoft Media Foundation’s framework contains a code execution vulnerability. This specific bug lies in Media Foundations’ MPEG4 DLL. An attacker could provide a user with a specially crafted ASF file to exploit this...
Vulnerability Spotlight: Code execution vulnerability in Microsoft Excel
Marcin Noga of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Microsoft Excel contains a code execution vulnerability. This specific bug lies in the component of Excel that handles the Microsoft Office HTML and XML file types, first introduced in Office 2000. Microsoft disclosed...
Vulnerability Spotlight: Information leak vulnerability in Adobe Acrobat Reader’s JavaScript function
Aleksandar Nikolic of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered an information leak vulnerability in Adobe Acrobat Reader. Acrobat supports a number of features, including the ability to process embedded JavaScript. An attacker could trigger...
Vulnerability Spotlight: Accusoft ImageGear library code execution vulnerabilities
Emmanuel Tacheau of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered three code execution vulnerabilities in Accusoft ImageGear. The ImageGear library is a document-imaging developer toolkit to assist users with image conversion, creation, editing...
Introducing Cisco Talos Incident Response: Stories from the Field
By Jon Munshaw. As another way of bringing our boots-on-the-ground intelligence to defenders, customers and users, we are introducing a new video series called "Cisco Talos Incident Response: Stories from the Field." In each entry, a CTIR team member will cover one specific incident or lesson tha...
Threat Roundup for January 31 to February 7
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Jan. 31 and Feb. 7. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...
Threat Source newsletter (Feb. 6, 2020)
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. There’s never been a better time to be into cyber security podcasts. Our Podcasts page on TalosIntelligence.com got a facelift this week...
Quarterly Report: Incident Response trends in fall 2019
By David Liebenberg and Kendall McKay. While many Cisco Talos Incident Response CTIR engagements have shown similar patterns over the past two quarters, we’re seeing a dangerous trend emerge this winter. Threat actors are increasingly combining the exfiltration of sensitive data along with data...
Vulnerability Spotlight: Denial-of-service, information leak bugs in Mini-SNMPD
Aleksandar Nikolic of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Multiple vulnerabilities exist in Mini-SNMPD, a lightweight implementation of a Simple Network Management Protocol server. An attacker can exploit these bugs by providing a specially crafted SNMPD request to...
Talos Takes back with new episode, feed
By Jon Munshaw. Talos Takes, our new bite-size podcast, is back with its own feed and a new show. We first unveiled Talos Takes in early December, and took some time to develop a new Talos Podcasts page to accommodate Talos Takes and Beers with Talos. Now you have two Talos shows you can subscrib...
Beers with Talos Ep. #71: I Have the Power(Shell)
Beers with Talos BWT Podcast episode No. 71 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Recorded Jan. 17, 2020 PowerShell is a frequent flyer in security headlines — a powerful and oft-wielded tool for attacke...
Threat Roundup for January 24 to January 31
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Jan. 24 and Jan. 31. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...
Threat Source newsletter (Jan. 30, 2020)
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. Be sure to pay close attention Tuesday for some changes we have coming to Snort.org. We’ll spare you the details for now, but please bea...
Threat Roundup for January 17 to January 24
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Jan. 17 and Jan. 24. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...
Threat Source newsletter (Jan. 23, 2020)
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. Despite tensions starting to fizzle between the U.S. and Iran, people are still worried about cyber conflict. What would that even look...
Threat Source newsletter (Jan. 16, 2019)
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. This wasn’t your average Patch Tuesday. Microsoft’s monthly security update was notable for a few reasons. For starters, it’s really tim...
Breaking down a two-year run of Vivin’s cryptominers
News Summary There is another large-scale cryptomining attack from an actor we are tracking as "Vivin" that has been active since at least November 2017. "Vivin" has consistently evolved over the past few years, despite having poor operational security and exposing key details of their campaign. ...
Vulnerability Spotlight: Multiple vulnerabilities in some AMD graphics cards
Piotr Bania of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Multiple vulnerabilities exist in a driver associated with the AMD Radeon line of graphics cards. An attacker can exploit these bugs by providing a specially crafted shader file to the user while using VMware...
Vulnerability Spotlight: Bitdefender BOX 2 bootstrap remote code execution vulnerabilities
Claudio Bozzato, Lilith Wyatt and Dave McDaniel of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. The Bitdefender BOX 2 contains two remote code execution vulnerabilities in its bootstrap stage. The BOX 2 is a device that protects users’ home networks from a variety of threats...
JhoneRAT: Cloud based python RAT targeting Middle Eastern countries
By Warren Mercer, Paul Rascagneres and Vitor Ventura with contributions from Eric Kuhla. Updated January 17th: the documents do not exploit the CVE-2017-0199 vulnerability. Executive Summary Today, Cisco Talos is unveiling the details of a new RAT we have identified we're calling "JhoneRAT." This...
Threat Roundup for January 10 to January 17
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Jan. 10 and Jan. 17. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...
Microsoft Patch Tuesday — Jan. 2020: Vulnerability disclosures and Snort coverage
By Jon Munshaw. Updated January 15th: Added an Advanced Custom Detection ACD signature for AMP that can be used to detect exploitation of CVE-2020-0601 by spoofing certificates masquerading as a Microsoft ECC Code Signing Certificate Authority. Microsoft released its monthly security update today...
Beers with Talos Ep. #70: Semper Vigilantes - Strategic Defense in a Cyber Conflict
By Mitch Neff. Beers with Talos BWT Podcast episode No. 70 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Recorded Jan. 6, 2020 There is a looming cyber conflict on the horizon between the U.S. and Iran. We use a...
Vulnerability Spotlight: Multiple remote code execution vulnerabilities in Foxit PDF Reader
Aleksandar Nikolic of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered four remote code execution vulnerabilities in Foxit PDF Reader. Foxit PDF Reader is a popular program for reading and editing PDFs. The software supports JavaScript to allow fo...
Stolen emails reflect Emotet's organic growth
By Jaeson Schultz Introduction Emotet has a penchant for stealing a victim's email, then impersonating that victim and sending copies of itself in reply. The malicious emails are delivered through a network of stolen outbound SMTP accounts. This relatively simple email-man-in-the-middle social...
New Snort rules protect against recently discovered Citrix vulnerability
By Edmund Brumaghin, with contributions from Dalton Schaadt. Executive Summary Recently, the details of a critical vulnerability affecting Citrix Application Delivery Controller and Citrix Gateway servers were publicly disclosed. This vulnerability is currently being tracked using CVE-2019-19781....
Vulnerability Spotlight: Code execution vulnerability in E2fsprogs
Lilith ^^ of Cisco Talos discovered this vulnerability. E2fsprogs contains an exploitable code execution vulnerability in its directory rehashing functionality. This set of programs is often considered essential software for many Linux and Unix machines and ships by default on most Linux systems...
Threat Roundup for January 3 to January 10
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Jan. 3 and Jan. 10. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...
Threat Source newsletter (Jan. 9, 2019)
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. We’re back after a long break for the holidays. And 2020 is already off to a fast start as tensions continue to rise in the Middle East...
What the continued escalation of tensions in the Middle East means for security
Cisco Talos works with many organizations around the world, monitoring and protecting against sophisticated threats every day. As such, we are watching the current state of events in the Middle East very closely for our customers and partners who may be impacted by the ongoing situation. We are...
Beers with Talos Ep. #69: 2019 Threat Recap - RATs, Turtles, and Worms, Oh My!
By Mitch Neff. Beers with Talos BWT Podcast episode No. 69 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Recorded Dec. 20, 2019 In a shorter year-end EP, we take both a look back and a look forward. It seems...
Vulnerability Spotlight: Two buffer overflow vulnerabilities in OpenCV
Dave McDaniel of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered two buffer overflow vulnerabilities in the OpenCV libraries. An attacker could potentially exploit these bugs to cause heap corruptions and potentially code execution. Intel Research originally develope...
Beers with Talos Ep. #68: Takes from Talos on IoT (and the NEW “Talos Takes” podcast!)
By Mitch Neff. Beers with Talos BWT Podcast episode No. 68 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Recorded Dec. 9, 2019 We have a big announcement to make today! Check your feed for a few episodes of a ne...
Incident Response lessons from recent Maze ransomware attacks
By JJ Cummings and Dave Liebenberg This year, we have been flooded with reports of targeted ransomware attacks. Whether it's a city, hospital, large- or medium-sized enterprise — they are all being targeted. These attacks can result in significant damage, cost, and have many different initial...
Cisco ASA DoS bug attacked in wild
By Nick Biasini. Cisco Talos has recently noticed a sudden spike in exploitation attempts against a specific vulnerability in our Cisco Adaptive Security Appliance ASA and Firepower Appliance. The vulnerability, CVE-2018-0296, is a denial-of-service and information disclosure directory traversal...