Lucene search
K
TalosblogRecent

2032 matches found

Talos Blog
Talos Blog
added 2020/02/24 7:4 a.m.69 views

Vulnerability Spotlight: Multiple vulnerabilities in Moxa AWK-3131A

Jared Rittle and Carl Hurd of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. The Moxa AWK-3131A networking device contains several different vulnerabilities that an attacker could exploit to carry out malicious activities in an industrial environment. The AWK-3131A is a wirele...

9CVSS1.4AI score0.06892EPSS
Exploits14
Talos Blog
Talos Blog
added 2020/02/21 10:43 a.m.466 views

Threat Roundup for February 14 to February 21

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Feb. 14 and Feb. 21. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...

10CVSS10AI score0.99999EPSS
Exploits123
Talos Blog
Talos Blog
added 2020/02/20 11:0 a.m.26 views

Threat Source newsletter (Feb. 20, 2020)

Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. We’ve got more ways than ever for you to get Talos content. We continue to grow our YouTube page with the second entry in the “Stories...

7AI score
Exploits0
Talos Blog
Talos Blog
added 2020/02/20 8:6 a.m.43 views

ObliqueRAT: New RAT hits victims' endpoints via malicious documents

By Asheer Malhotra. Cisco Talos has observed a malware campaign that utilizes malicious Microsoft Office documents maldocs to spread a remote access trojan RAT we're calling "ObliqueRAT." These maldocs use malicious macros to deliver the second stage RAT payload. This campaign appears to target...

Exploits0
Talos Blog
Talos Blog
added 2020/02/19 5:43 a.m.28 views

Cisco Talos Incident Response "Stories from the Field" #2: When do lawyers get involved?

The second video in our "Stories in the Field" series from Cisco Talos Incident Response is here, with Matt Aubert talking about lawyers. While getting a general counsel involved may seem like an arduous process for many incident response teams, Matt Aubert argues in this video that in his...

2.4AI score
Exploits0
Talos Blog
Talos Blog
added 2020/02/19 5:6 a.m.67 views

Building a bypass with MSBuild

By Vanja Svajcer. NEWS SUMMARY Living-off-the-land binaries LoLBins continue to pose a risk to security defenders. We analyze the usage of the Microsoft Build Engine by attackers and red team personnel. These threats demonstrate techniques T1127 Trusted Developer Utilities and T1500 Compile After...

7.3AI score
Exploits0
Talos Blog
Talos Blog
added 2020/02/18 9:7 a.m.45 views

Vulnerability Spotlight: Memory corruption, DoS vulnerabilities in CoTURN

Aleksandar Nikolic of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. CoTURN contains denial-of-service and memory corruption vulnerabilities in the way its web server parses POST requests. CoTURN is a TURN server implementation that can be used as a general- purpose network traff...

7.5CVSS0.3AI score0.05955EPSS
Exploits2
Talos Blog
Talos Blog
added 2020/02/17 11:21 a.m.24 views

Beers with Talos Ep. #72: Getting to Patch Day - Understanding Vulnerability Risks and Options

Beers with Talos BWT Podcast episode No. 72 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Recorded Jan. 31, 2020 When a vulnerability is released, regardless if it has a website and logo or not, we need to...

7.3AI score
Exploits0
Talos Blog
Talos Blog
added 2020/02/14 11:35 a.m.168 views

Threat Roundup for February 7 to February 14

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Feb. 7 and Feb. 14. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

10CVSS10AI score0.99999EPSS
Exploits123
Talos Blog
Talos Blog
added 2020/02/13 11:20 a.m.28 views

Threat actors attempt to capitalize on coronavirus outbreak

By Nick Biasini and Edmund Brumaghin. Coronavirus is dominating the news and threat actors are taking advantage. Cisco Talos has found multiple malware families being distributed with Coronavirus lures and themes. This includes emotet and several RAT variants. Executive Summary Using the news to...

0.7AI score
Exploits0
Talos Blog
Talos Blog
added 2020/02/13 11:0 a.m.26 views

Threat Source newsletter (Feb. 13, 2020)

Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. This month’s Microsoft Patch Tuesday was particularly hefty, with the company disclosing nearly 100 vulnerabilities — three of which Tal...

7.5AI score
Exploits0
Talos Blog
Talos Blog
added 2020/02/13 8:22 a.m.159 views

Microsoft Patch Tuesday — Feb. 2020: Vulnerability disclosures and Snort coverage

By Jon Munshaw. Microsoft released its monthly security update today, disclosing vulnerabilities across many of its products and releasing corresponding updates. This month's Patch Tuesday covers 98 vulnerabilities, 12 of which are considered critical and 84 that are considered important. There a...

9.3CVSS0.9AI score0.99965EPSS
Exploits73
Talos Blog
Talos Blog
added 2020/02/12 12:8 p.m.424 views

Loda RAT Grows Up

By Chris Neal. Over the past several months, Cisco Talos has observed a malware campaign that utilizes websites hosting a new version of Loda, a remote access trojan RAT written in AutoIT. These websites also host malicious documents that begin a multi-stage infection chain which ultimately serve...

9.3CVSS8.4AI score0.99945EPSS
Exploits33
Talos Blog
Talos Blog
added 2020/02/12 5:44 a.m.62 views

Vulnerability Spotlight: Remote code execution vulnerability in Apple Safari

Marcin Towalski of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. The Apple Safari web browser contains a remote code execution vulnerability in its Fonts feature. If a user were to open a malicious web page in Safari, they could trigger a type confusion, resulting in memory...

0.9AI score0.02633EPSS
Exploits0
Talos Blog
Talos Blog
added 2020/02/11 11:51 a.m.53 views

Vulnerability Spotlight: Use-after-free vulnerability in Windows 10 win32kbase

Marcin Towalski of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos is releasing the details of a use-after-free vulnerability in Windows 10. An attacker could exploit this vulnerability to gain the ability to execute arbitrary code in the kernel context. Microsoft...

7.2CVSS8.3AI score0.01055EPSS
Exploits0
Talos Blog
Talos Blog
added 2020/02/11 11:31 a.m.88 views

Vulnerability Spotlight: Code execution vulnerability in Microsoft Media Foundation

Marcin Noga of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Microsoft Media Foundation’s framework contains a code execution vulnerability. This specific bug lies in Media Foundations’ MPEG4 DLL. An attacker could provide a user with a specially crafted ASF file to exploit this...

9.3CVSS9AI score0.06149EPSS
Exploits0
Talos Blog
Talos Blog
added 2020/02/11 11:31 a.m.86 views

Vulnerability Spotlight: Code execution vulnerability in Microsoft Excel

Marcin Noga of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Microsoft Excel contains a code execution vulnerability. This specific bug lies in the component of Excel that handles the Microsoft Office HTML and XML file types, first introduced in Office 2000. Microsoft disclosed...

9.3CVSS1.3AI score0.15168EPSS
Exploits0
Talos Blog
Talos Blog
added 2020/02/11 8:19 a.m.47 views

Vulnerability Spotlight: Information leak vulnerability in Adobe Acrobat Reader’s JavaScript function

Aleksandar Nikolic of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered an information leak vulnerability in Adobe Acrobat Reader. Acrobat supports a number of features, including the ability to process embedded JavaScript. An attacker could trigger...

8.7AI score0.08906EPSS
Exploits0
Talos Blog
Talos Blog
added 2020/02/10 10:53 a.m.58 views

Vulnerability Spotlight: Accusoft ImageGear library code execution vulnerabilities

Emmanuel Tacheau of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered three code execution vulnerabilities in Accusoft ImageGear. The ImageGear library is a document-imaging developer toolkit to assist users with image conversion, creation, editing...

2.4AI score0.03687EPSS
Exploits7
Talos Blog
Talos Blog
added 2020/02/10 8:25 a.m.27 views

Introducing Cisco Talos Incident Response: Stories from the Field

By Jon Munshaw. As another way of bringing our boots-on-the-ground intelligence to defenders, customers and users, we are introducing a new video series called "Cisco Talos Incident Response: Stories from the Field." In each entry, a CTIR team member will cover one specific incident or lesson tha...

1.3AI score
Exploits0
Talos Blog
Talos Blog
added 2020/02/07 11:56 a.m.235 views

Threat Roundup for January 31 to February 7

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Jan. 31 and Feb. 7. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

10CVSS10AI score0.99999EPSS
Exploits123
Talos Blog
Talos Blog
added 2020/02/06 11:0 a.m.24 views

Threat Source newsletter (Feb. 6, 2020)

Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. There’s never been a better time to be into cyber security podcasts. Our Podcasts page on TalosIntelligence.com got a facelift this week...

6.7AI score
Exploits0
Talos Blog
Talos Blog
added 2020/02/05 10:12 a.m.25 views

Quarterly Report: Incident Response trends in fall 2019

By David Liebenberg and Kendall McKay. While many Cisco Talos Incident Response CTIR engagements have shown similar patterns over the past two quarters, we’re seeing a dangerous trend emerge this winter. Threat actors are increasingly combining the exfiltration of sensitive data along with data...

0.3AI score
Exploits0
Talos Blog
Talos Blog
added 2020/02/03 11:11 a.m.46 views

Vulnerability Spotlight: Denial-of-service, information leak bugs in Mini-SNMPD

Aleksandar Nikolic of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Multiple vulnerabilities exist in Mini-SNMPD, a lightweight implementation of a Simple Network Management Protocol server. An attacker can exploit these bugs by providing a specially crafted SNMPD request to...

6.4CVSS1.2AI score0.02567EPSS
Exploits3
Talos Blog
Talos Blog
added 2020/02/03 8:34 a.m.37 views

Talos Takes back with new episode, feed

By Jon Munshaw. Talos Takes, our new bite-size podcast, is back with its own feed and a new show. We first unveiled Talos Takes in early December, and took some time to develop a new Talos Podcasts page to accommodate Talos Takes and Beers with Talos. Now you have two Talos shows you can subscrib...

1AI score
Exploits0
Talos Blog
Talos Blog
added 2020/01/31 1:9 p.m.24 views

Beers with Talos Ep. #71: I Have the Power(Shell)

Beers with Talos BWT Podcast episode No. 71 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Recorded Jan. 17, 2020 PowerShell is a frequent flyer in security headlines — a powerful and oft-wielded tool for attacke...

7.2AI score
Exploits0
Talos Blog
Talos Blog
added 2020/01/31 12:51 p.m.441 views

Threat Roundup for January 24 to January 31

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Jan. 24 and Jan. 31. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...

10CVSS10AI score0.99999EPSS
Exploits123
Talos Blog
Talos Blog
added 2020/01/30 11:0 a.m.87 views

Threat Source newsletter (Jan. 30, 2020)

Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. Be sure to pay close attention Tuesday for some changes we have coming to Snort.org. We’ll spare you the details for now, but please bea...

7.5CVSS10AI score0.99999EPSS
Exploits48
Talos Blog
Talos Blog
added 2020/01/24 12:58 p.m.125 views

Threat Roundup for January 17 to January 24

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Jan. 17 and Jan. 24. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...

10CVSS0.99999EPSS
Exploits123
Talos Blog
Talos Blog
added 2020/01/23 11:0 a.m.30 views

Threat Source newsletter (Jan. 23, 2020)

Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. Despite tensions starting to fizzle between the U.S. and Iran, people are still worried about cyber conflict. What would that even look...

7.3AI score
Exploits0
Talos Blog
Talos Blog
added 2020/01/23 7:27 a.m.168 views

Threat Source newsletter (Jan. 16, 2019)

Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. This wasn’t your average Patch Tuesday. Microsoft’s monthly security update was notable for a few reasons. For starters, it’s really tim...

7.5CVSS9.7AI score0.99999EPSS
Exploits61
Talos Blog
Talos Blog
added 2020/01/22 11:29 a.m.69 views

Breaking down a two-year run of Vivin’s cryptominers

News Summary There is another large-scale cryptomining attack from an actor we are tracking as "Vivin" that has been active since at least November 2017. "Vivin" has consistently evolved over the past few years, despite having poor operational security and exposing key details of their campaign. ...

7.4AI score
Exploits0
Talos Blog
Talos Blog
added 2020/01/22 6:15 a.m.72 views

Vulnerability Spotlight: Multiple vulnerabilities in some AMD graphics cards

Piotr Bania of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Multiple vulnerabilities exist in a driver associated with the AMD Radeon line of graphics cards. An attacker can exploit these bugs by providing a specially crafted shader file to the user while using VMware...

7.8CVSS1.9AI score0.01802EPSS
Exploits0
Talos Blog
Talos Blog
added 2020/01/21 9:29 a.m.67 views

Vulnerability Spotlight: Bitdefender BOX 2 bootstrap remote code execution vulnerabilities

Claudio Bozzato, Lilith Wyatt and Dave McDaniel of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. The Bitdefender BOX 2 contains two remote code execution vulnerabilities in its bootstrap stage. The BOX 2 is a device that protects users’ home networks from a variety of threats...

10CVSS1.7AI score0.04234EPSS
Exploits1
Talos Blog
Talos Blog
added 2020/01/19 2:58 a.m.1183 views

JhoneRAT: Cloud based python RAT targeting Middle Eastern countries

By Warren Mercer, Paul Rascagneres and Vitor Ventura with contributions from Eric Kuhla. Updated January 17th: the documents do not exploit the CVE-2017-0199 vulnerability. Executive Summary Today, Cisco Talos is unveiling the details of a new RAT we have identified we're calling "JhoneRAT." This...

9.3CVSS0.4AI score0.99933EPSS
Exploits29
Talos Blog
Talos Blog
added 2020/01/17 2:55 p.m.109 views

Threat Roundup for January 10 to January 17

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Jan. 10 and Jan. 17. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...

10CVSS0.2AI score0.99999EPSS
Exploits123
Talos Blog
Talos Blog
added 2020/01/17 10:14 a.m.173 views

Microsoft Patch Tuesday — Jan. 2020: Vulnerability disclosures and Snort coverage

By Jon Munshaw. Updated January 15th: Added an Advanced Custom Detection ACD signature for AMP that can be used to detect exploitation of CVE-2020-0601 by spoofing certificates masquerading as a Microsoft ECC Code Signing Certificate Authority. Microsoft released its monthly security update today...

10CVSS0.7AI score0.99193EPSS
Exploits33
Talos Blog
Talos Blog
added 2020/01/16 9:5 a.m.29 views

Beers with Talos Ep. #70: Semper Vigilantes - Strategic Defense in a Cyber Conflict

By Mitch Neff. Beers with Talos BWT Podcast episode No. 70 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Recorded Jan. 6, 2020 There is a looming cyber conflict on the horizon between the U.S. and Iran. We use a...

7.3AI score
Exploits0
Talos Blog
Talos Blog
added 2020/01/16 7:56 a.m.38 views

Vulnerability Spotlight: Multiple remote code execution vulnerabilities in Foxit PDF Reader

Aleksandar Nikolic of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered four remote code execution vulnerabilities in Foxit PDF Reader. Foxit PDF Reader is a popular program for reading and editing PDFs. The software supports JavaScript to allow fo...

6.8CVSS1AI score0.03485EPSS
Exploits4
Talos Blog
Talos Blog
added 2020/01/16 7:6 a.m.31 views

Stolen emails reflect Emotet's organic growth

By Jaeson Schultz Introduction Emotet has a penchant for stealing a victim's email, then impersonating that victim and sending copies of itself in reply. The malicious emails are delivered through a network of stolen outbound SMTP accounts. This relatively simple email-man-in-the-middle social...

0.2AI score
Exploits0
Talos Blog
Talos Blog
added 2020/01/15 11:41 a.m.624 views

New Snort rules protect against recently discovered Citrix vulnerability

By Edmund Brumaghin, with contributions from Dalton Schaadt. Executive Summary Recently, the details of a critical vulnerability affecting Citrix Application Delivery Controller and Citrix Gateway servers were publicly disclosed. This vulnerability is currently being tracked using CVE-2019-19781....

7.5CVSS2AI score0.99999EPSS
Exploits48
Talos Blog
Talos Blog
added 2020/01/14 11:31 a.m.55 views

Vulnerability Spotlight: Code execution vulnerability in E2fsprogs

Lilith ^^ of Cisco Talos discovered this vulnerability. E2fsprogs contains an exploitable code execution vulnerability in its directory rehashing functionality. This set of programs is often considered essential software for many Linux and Unix machines and ships by default on most Linux systems...

1.2AI score0.01025EPSS
Exploits1
Talos Blog
Talos Blog
added 2020/01/10 1:41 p.m.188 views

Threat Roundup for January 3 to January 10

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Jan. 3 and Jan. 10. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

10CVSS10AI score0.99999EPSS
Exploits123
Talos Blog
Talos Blog
added 2020/01/10 7:13 a.m.122 views

Threat Source newsletter (Jan. 9, 2019)

Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. We’re back after a long break for the holidays. And 2020 is already off to a fast start as tensions continue to rise in the Middle East...

10CVSS0.92835EPSS
Exploits24
Talos Blog
Talos Blog
added 2020/01/09 10:13 a.m.138 views

What the continued escalation of tensions in the Middle East means for security

Cisco Talos works with many organizations around the world, monitoring and protecting against sophisticated threats every day. As such, we are watching the current state of events in the Middle East very closely for our customers and partners who may be impacted by the ongoing situation. We are...

6.8CVSS8.1AI score0.96274EPSS
Exploits13
Talos Blog
Talos Blog
added 2020/01/06 3:0 p.m.24 views

Beers with Talos Ep. #69: 2019 Threat Recap - RATs, Turtles, and Worms, Oh My!

By Mitch Neff. Beers with Talos BWT Podcast episode No. 69 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Recorded Dec. 20, 2019 In a shorter year-end EP, we take both a look back and a look forward. It seems...

7.3AI score
Exploits0
Talos Blog
Talos Blog
added 2020/01/02 2:44 p.m.42 views

Vulnerability Spotlight: Two buffer overflow vulnerabilities in OpenCV

Dave McDaniel of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered two buffer overflow vulnerabilities in the OpenCV libraries. An attacker could potentially exploit these bugs to cause heap corruptions and potentially code execution. Intel Research originally develope...

6.8CVSS1.8AI score0.20947EPSS
Exploits2
Talos Blog
Talos Blog
added 2019/12/23 8:34 a.m.39 views

Beers with Talos Ep. #68: Takes from Talos on IoT (and the NEW “Talos Takes” podcast!)

By Mitch Neff. Beers with Talos BWT Podcast episode No. 68 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Recorded Dec. 9, 2019 We have a big announcement to make today! Check your feed for a few episodes of a ne...

7.3AI score
Exploits0
Talos Blog
Talos Blog
added 2019/12/20 12:23 p.m.78 views

Incident Response lessons from recent Maze ransomware attacks

By JJ Cummings and Dave Liebenberg This year, we have been flooded with reports of targeted ransomware attacks. Whether it's a city, hospital, large- or medium-sized enterprise — they are all being targeted. These attacks can result in significant damage, cost, and have many different initial...

1.9AI score
Exploits0
Talos Blog
Talos Blog
added 2019/12/20 11:33 a.m.109 views

Cisco ASA DoS bug attacked in wild

By Nick Biasini. Cisco Talos has recently noticed a sudden spike in exploitation attempts against a specific vulnerability in our Cisco Adaptive Security Appliance ASA and Firepower Appliance. The vulnerability, CVE-2018-0296, is a denial-of-service and information disclosure directory traversal...

5CVSS1.7AI score0.99903EPSS
Exploits18
Total number of security vulnerabilities2032