Lucene search
K
TalosblogRecent

2032 matches found

Talos Blog
Talos Blog
added 2019/12/20 10:7 a.m.170 views

Threat Roundup for December 13 to December 20

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Dec. 13 and Dec. 20. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...

10CVSS10AI score0.99999EPSS
Exploits123
Talos Blog
Talos Blog
added 2019/12/19 11:0 a.m.55 views

Threat Source newsletter (Dec. 19, 2019)

Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. We have an early holiday present for you! This week, we introduced a new podcast to the Talos family. Talos Takes, a new short-form show...

6.6AI score
Exploits0
Talos Blog
Talos Blog
added 2019/12/18 5:6 a.m.54 views

2019: The year in malware

By Jon Munshaw. From ransomware attacks to DNS deception, attackers were just as active as ever in 2019. This year saw a number of big-name malware families come onto the scene, including Sea Turtle, one of the most high-profile DNS hijacking attempts in recent memory. BlueKeep also stirred up...

6.9AI score
Exploits0
Talos Blog
Talos Blog
added 2019/12/17 8:32 a.m.27 views

New Talos Takes podcast puts Talos' spin on the latest cyber news

By Jon Munshaw. Today, Cisco Talos' podcast network is growing with a new show. Talos Takes is a new podcast that provides Talos analysts' and researchers' opinions and expertise on the hottest topics in cyber security. The first three episodes of the show — covering holiday shopping scams,...

0.2AI score
Exploits0
Talos Blog
Talos Blog
added 2019/12/16 7:29 a.m.53 views

Vulnerability Spotlight: Multiple vulnerabilities in WAGO PFC200

Kelly Leuschner of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. The WAGO PFC200 and PFC100 controllers contain multiple exploitable vulnerabilities. The PFC200 is one of WAGO’s programmable automation controllers that are used in many industries including automotive, rail,...

10CVSS0.9AI score0.04521EPSS
Exploits5
Talos Blog
Talos Blog
added 2019/12/13 10:3 a.m.197 views

Threat Roundup for December 6 to December 13

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Dec. 6 and Dec. 13. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

10CVSS10AI score0.99999EPSS
Exploits123
Talos Blog
Talos Blog
added 2019/12/12 11:0 a.m.42 views

Threat Source newsletter (Dec. 12, 2019)

Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. We’re entering our Year in Review period. Now’s the time to look back on the top stories from 2019 and think about what we learned. In t...

7.7AI score
Exploits0
Talos Blog
Talos Blog
added 2019/12/11 1:44 p.m.40 views

Vulnerability Spotlight: Kakadu Software SDK ATK marker code execution vulnerability

Aleksandar Nikolic and Emmanuel Tacheau of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Kakadu Software’s SDK contains an exploitable heap overflow. Kakadu serves as a framework for developers to create a variety of commercial and non-commercial applications. An attacker could...

0.7AI score0.02435EPSS
Exploits0
Talos Blog
Talos Blog
added 2019/12/11 11:36 a.m.28 views

Talos Vulnerability Discovery Year in Review — 2019

By Martin Zeiser. Cisco Talos' Systems Security Research Team investigates software, operating system, IoT and ICS vulnerabilities to make sure we find vulnerabilities before the bad guys do. We provide this information to the affected vendors so that they can create patches and protect their...

6.8AI score
Exploits0
Talos Blog
Talos Blog
added 2019/12/11 9:38 a.m.66 views

Vulnerability Spotlight: Information leak vulnerability in Adobe Acrobat Reader

Aleksandar Nikolic of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered an information leak vulnerability in Adobe Acrobat Reader DC. An attacker could exploit this vulnerability by tricking the victim into opening a specially crafted, malicious PDF,...

8.9AI score0.05438EPSS
Exploits0
Talos Blog
Talos Blog
added 2019/12/11 9:26 a.m.74 views

Vulnerability Spotlight: Apple Safari SVG marker element baseVal remote code execution vulnerability

Marcin Towalski of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Apple’s Safari web browser is open to a remote code execution vulnerability via its SVG marker element feature inside the Safari WebKit. Safari uses the WebCore DOM rendering system in WebKit. Rendering engine allo...

0.9AI score0.02238EPSS
Exploits0
Talos Blog
Talos Blog
added 2019/12/11 9:18 a.m.71 views

Vulnerability Spotlight: Denial-of-service vulnerabilities in Linux kernel, W1.fi

Mitchell Frank and Mark Leonard of Cisco discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered two denial-of-service vulnerabilities in the open-source program W1.fi. Both of these vulnerabilities target hostapd. One could allow an attacker to forge authentication...

0.8AI score0.10114EPSS
Exploits1
Talos Blog
Talos Blog
added 2019/12/10 11:46 a.m.75 views

Vulnerability Spotlight: Two vulnerabilities in RDP for Windows 7, XP

A Cisco Talos researcher discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered two issues in two implementations of Microsoft Remote Desktop Services: a denial-of-service vulnerability that affects Windows 7/Windows Server 2008 when RDP 8.0 is enabled, Windows 8/Serv...

5CVSS8.6AI score0.09202EPSS
Exploits0
Talos Blog
Talos Blog
added 2019/12/10 10:41 a.m.63 views

Microsoft Patch Tuesday — Dec. 2019: Vulnerability disclosures and Snort coverage

By Jon Munshaw. Microsoft released its monthly security update today, disclosing vulnerabilities across many of its products and releasing corresponding updates. This month's Patch Tuesday covers 25 vulnerabilities, two of which are considered critical. This month’s security update covers securit...

9.3CVSS0.9AI score0.74438EPSS
Exploits15
Talos Blog
Talos Blog
added 2019/12/10 10:34 a.m.21 views

Vulnerability Spotlight: Multiple vulnerabilities in LEADTOOLS software

Marcin Towalski and Cory Duplantis of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered multiple vulnerabilities in the LEADTOOLS line of imaging toolkits. LEADTOOLS is a collection of toolkits designed to perform a variety of functions aimed at...

1.1AI score0.03366EPSS
Exploits0
Talos Blog
Talos Blog
added 2019/12/10 4:40 a.m.36 views

Beers with Talos Ep. #67: Inside Incident Response

By Mitch Neff. Beers with Talos BWT Podcast episode No. 67 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Recorded Nov. 21, 2019 Craig is out sick/injured/fighting robots actually all three, so we brought in Sean...

7.3AI score
Exploits0
Talos Blog
Talos Blog
added 2019/12/06 10:31 a.m.170 views

Threat Roundup for November 29 to December 6

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Nov. 29 and Dec. 6. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

10CVSS10AI score0.99999EPSS
Exploits123
Talos Blog
Talos Blog
added 2019/12/05 11:0 a.m.43 views

Threat Source newsletter (Dec. 5, 2019)

Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. We hope everyone had a safe and happy Thanksgiving in the U.S. The holiday shopping season is now in full swing, and there are plenty of...

8.5AI score
Exploits0
Talos Blog
Talos Blog
added 2019/12/05 6:20 a.m.54 views

Vulnerability Spotlight: AMD ATI Radeon ATIDXX64.DLL shader functionality sincos denial-of-service vulnerability

Piotr Bania of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered a denial-of-service vulnerability in a specific dll inside of the AMD ATI Radeon line of video cards. This vulnerability can be triggered by supplying a malformed pixel shader inside a...

0.3AI score0.02029EPSS
Exploits1
Talos Blog
Talos Blog
added 2019/12/03 8:36 a.m.26 views

ClamAV team shows off new Mussels dependency build automation tool

By Micah Snyder. Today I'm very excited, and a little bit nervous, to unveil Mussels. Mussels is a cross-platform, general-purpose dependency build automation tool. You might compare it with Vcpkg, Conan, or Buildout. It serves a similar purpose, but the approach is a little different. Mussels is...

0.7AI score
Exploits0
Talos Blog
Talos Blog
added 2019/12/02 11:42 a.m.31 views

Vulnerability Spotlight: Two vulnerabilities in EmbedThis GoAhead

A Cisco Talos researcher discovered these vulnerabilities. Blog by Jon Munshaw. EmbedThis’ GoAhead Web Server contains two vulnerabilities that both arise when the software attempts to process a multi-part/form-data HTTP request. An attacker could exploit these vulnerabilities to remotely execute...

7.5CVSS9.7AI score0.66982EPSS
Exploits3
Talos Blog
Talos Blog
added 2019/12/02 10:46 a.m.36 views

Vulnerability Spotlight: SQL injection vulnerabilities in Forma Learning Management System

Yuri Kramarz of Security Advisory EMEAR discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered three SQL injection vulnerabilities in the authenticated portion of the Formal Learning Management System. LMS is a set of software that allows companies to build and hos...

6.5CVSS1.5AI score0.01605EPSS
Exploits4
Talos Blog
Talos Blog
added 2019/12/02 10:38 a.m.29 views

Vulnerability Spotlight: Accusoft ImageGear PNG IHDR width code execution vulnerability

Marcin Noga of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Accusoft ImageGear contains two remote code execution vulnerabilities. ImageGear is a document and imaging library from Accusoft that developers can use to build their applications. The library contains the entire...

6.8CVSS1.8AI score0.03687EPSS
Exploits3
Talos Blog
Talos Blog
added 2019/11/27 8:31 a.m.153 views

Best practices for staying safe online during the holiday shopping season

By Jon Munshaw. This holiday shopping season, the basics of avoiding a malware infection boils down to: If it sounds too good to be true, it probably is. While sometimes retailers do give out small-dollar gift cards, that $500 discount on a new iPhone is probably not real. If it is a scam, it wil...

0.1AI score
Exploits0
Talos Blog
Talos Blog
added 2019/11/22 9:57 a.m.201 views

Threat Roundup for November 15 to November 22

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Nov. 15 and Nov. 22. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...

10CVSS10AI score0.99999EPSS
Exploits123
Talos Blog
Talos Blog
added 2019/11/21 11:0 a.m.36 views

Threat Source newsletter (Nov. 21, 2019)

Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. It’s nearly holiday shopping season, which means it’s prime scam season. On the latest Beers with Talos episode, we run down the best wa...

7.8AI score
Exploits0
Talos Blog
Talos Blog
added 2019/11/21 7:32 a.m.41 views

Vulnerability Spotlight: Tenda AC9 /goform/WanParameterSetting command injection vulnerability

Amit Raut of Cisco Talos discovered this vulnerability. Cisco Talos recently discovered a command injection vulnerability in the Tenda AC9 router. The Tenda AC9 is one of the most popular and affordable dual-band gigabit WiFi Router available online, especially on Amazon. A command injection...

7.2CVSS1.1AI score0.01819EPSS
Exploits2
Talos Blog
Talos Blog
added 2019/11/21 7:31 a.m.48 views

Vulnerability Spotlight: Two remote code execution vulnerabilities in Xcftools

Claudio Bozzato of Cisco Talos discovered these vulnerabilities. Xcftools contains two remote code execution vulnerabilities in its flattenIncrementally function. Xcftools is a set of tools for handling Gimp’s XCF files. The software provides tools to extract information from an XCF file, and the...

6.8CVSS1AI score0.03637EPSS
Exploits2
Talos Blog
Talos Blog
added 2019/11/20 12:50 p.m.12 views

Beers with Talos Ep. #66: I Choose YOU! Attackers view of targets, RLAs, scam season

By Mitch Neff. Beers with Talos BWT Podcast episode No. 66 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Recorded Nov. 8, 2019 Joel is out on PTO, so Mitch, Matt, Nigel, and Craig carry the banner this episode...

0.6AI score
Exploits0
Talos Blog
Talos Blog
added 2019/11/20 8:0 a.m.47 views

Cryptominers, ransomware among top malware in IR engagements in Q4

By David Liebenberg and Kendall McKay. This summer’s most popular malware families were commonly seen, unsophisticated attacks, with phishing being the top infection vector, according to Cisco Talos Incident Response CTIR data. In addition to threat actors repeatedly deploying common threats like...

0.7AI score
Exploits0
Talos Blog
Talos Blog
added 2019/11/19 12:50 a.m.153 views

Custom dropper hide and seek

Executive summary Most users assume they are safe when surfing the web on a daily basis. But information-stealing malware can operate in the background of infected systems, looking to steal users' passwords, track their habits online and hijack personal information. Cisco Talos has monitored...

7.4AI score
Exploits0
Talos Blog
Talos Blog
added 2019/11/18 11:12 a.m.38 views

How the new Talos IR Cyber Range can prepare your employees for a cyber attack

By Gerard Johansen, Charles Iszard and Luke DuCharme. With the surge of ransomware attacks, information leaks and other cyber attacks in the headlines, most companies and organizations are aware that their employees need to be trained on how to stay safe online. But the real challenge lies in how...

7.2AI score
Exploits0
Talos Blog
Talos Blog
added 2019/11/14 11:0 a.m.61 views

Threat Source newsletter (Nov. 14, 2019)

Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. It was all about the bugs this week. Patch Tuesday was especially busy for us, including our usual recap of all the vulnerabilities...

9.3CVSS8.6AI score0.28178EPSS
Exploits0
Talos Blog
Talos Blog
added 2019/11/14 7:12 a.m.110 views

Threat Source newsletter (Nov. 7, 2019)

Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. The only news we’re going to cover this week is the biggest news we’ve had in a while. Tuesday, we announced that Cisco Incident Respons...

9.1AI score0.72977EPSS
Exploits4
Talos Blog
Talos Blog
added 2019/11/13 9:35 a.m.96 views

Hunting for LoLBins

By Vanja Svajcer. Introduction Attackers' trends tend to come and go. But one popular technique we're seeing at this time is the use of living-off-the-land binaries — or "LoLBins". LoLBins are used by different actors combined with fileless malware and legitimate cloud services to improve chances...

0.8AI score
Exploits0
Talos Blog
Talos Blog
added 2019/11/13 7:4 a.m.56 views

Vulnerability Spotlight: Command injection bug in Exhibitor UI

Logan Sanderson of Cisco ASIG discovered this vulnerability. Blog by Jon Munshaw. Exhibitor Web UI contains an exploitable command injection vulnerability in its Config editor. Exhibitor is a ZooKeeper supervisory process. Exhibitor's Web UI does not have any form of authentication, and prior to...

10CVSS1.8AI score0.5715EPSS
Exploits2
Talos Blog
Talos Blog
added 2019/11/13 6:59 a.m.81 views

Vulnerability Spotlight: Denial-of-service vulnerability in Intel IGC64 graphics driver

Piotr Bania of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Intel’s IGC64.dll graphics driver contains a denial-of-service vulnerability. An attacker could exploit this bug by supplying a malformed pixel shader if the graphics driver is operating inside a VMware guest operating...

2.1CVSS0.7AI score0.00297EPSS
Exploits0
Talos Blog
Talos Blog
added 2019/11/13 5:24 a.m.69 views

New partnership brings together Talos’ visibility with IR’s unmatched response capabilities

By Jon Munshaw. The threat landscape has evolved into a complex, challenging environment for organizations everywhere. A talent shortage, combined with an increase in incidents, has led to a generally weak security posture among most organizations. Defenders’ backs are up against the wall...

0.4AI score
Exploits0
Talos Blog
Talos Blog
added 2019/11/12 11:58 a.m.88 views

Microsoft Patch Tuesday — Nov. 2019: Vulnerability disclosures and Snort coverage

By Jon Munshaw. Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday discloses 75 vulnerabilities, 13 of which are considered "critical," with the rest being deemed "important." This month’s security...

10CVSS0.4AI score0.75859EPSS
Exploits36
Talos Blog
Talos Blog
added 2019/11/12 11:7 a.m.81 views

Vulnerability Spotlight: Remote code execution vulnerability in Microsoft Media Foundation

Marcin Noga of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Microsoft Media Foundation’s framework contains a remote code execution vulnerability that exists due to a use-after-free condition. This specific bug lies in Media Foundation's MPEG4 DLL. An attacker could provide a...

9.3CVSS2.7AI score0.12956EPSS
Exploits0
Talos Blog
Talos Blog
added 2019/11/12 11:7 a.m.135 views

Vulnerability Spotlight: Remote code execution vulnerability in Microsoft Excel

Marcin “Icewall” Noga of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered a remote code execution vulnerability in Microsoft Excel. Microsoft disclosed this bug as part of their monthly security update Tuesday. This vulnerability exists in the...

9.3CVSS0.7AI score0.28178EPSS
Exploits0
Talos Blog
Talos Blog
added 2019/11/08 2:31 p.m.117 views

Threat Roundup for November 1 to November 8

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Nov. 1 and Nov. 8. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

10CVSS10AI score0.99999EPSS
Exploits123
Talos Blog
Talos Blog
added 2019/11/07 6:41 a.m.102 views

C2 With It All: From Ransomware To Carding

By Warren Mercer, Paul Rascagneres and Vitor Ventura. Summary Cisco Talos recently discovered a new server hosting a large stockpile of malicious files. Our analysis of these files shows that these attackers were able to obtain a deep level of access to victims' infrastructure — all of which...

0.2AI score
Exploits0
Talos Blog
Talos Blog
added 2019/11/06 9:2 a.m.32 views

Vulnerability Spotlight: Code execution vulnerabilities in LEADTOOLS

Marcin Towalski and Cory Duplantis of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered multiple vulnerabilities in the LEADTOOLS line of imaging toolkits. LEADTOOLS is a collection of toolkits designed to perform a variety of functions aimed at...

6.8CVSS1.7AI score0.02038EPSS
Exploits3
Talos Blog
Talos Blog
added 2019/11/05 9:1 a.m.60 views

CISO Advisory: Security Architecture

Security architecture and design is a vital function of a healthy enterprise. This function is fundamentally, about understanding IT architecture relationships, and ensuring security is a vital element of its implementation. This is the second paper within the series of CISO Advisories, in this...

1.4AI score
Exploits0
Talos Blog
Talos Blog
added 2019/11/05 8:23 a.m.75 views

How adversaries use politics for compromise

By Nick Biasini and Edmund Brumaghin. Executive Summary With the U.S. presidential primaries just around the corner, even malware authors can't help but get behind the frenzy. Cisco Talos recently discovered several malware distribution campaigns where the adversaries were utilizing the names and...

0.2AI score
Exploits0
Talos Blog
Talos Blog
added 2019/11/05 8:5 a.m.71 views

Beers with Talos Ep. #65: Please welcome to the show… Talos Incident Response

By Mitch Neff. Beers with Talos BWT Podcast episode No. 65 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Recorded Oct. 25, 2019 Today is a bit different. We normally keep things pretty neutral on this show not...

0.1AI score
Exploits0
Talos Blog
Talos Blog
added 2019/11/05 8:0 a.m.26 views

Talos, Cisco Incident Response team up to offer more protection than ever

By Sean Mason Over the years, I've had the honor and privilege to work within some of the greatest security teams on the planet, working alongside such passionate and talented people at Cisco makes delivering this announcement perhaps the greatest honor yet. The best security organizations on the...

Exploits0
Talos Blog
Talos Blog
added 2019/11/04 7:43 a.m.2747 views

The latest on BlueKeep and DejaBlue vulnerabilities — Using Firepower to defend against encrypted DejaBlue

Update 11/04/2019: There have been several public reports of active exploitation of CVE-2019-0708, commonly referred to as “BlueKeep.” Preliminary reports indicate that the vulnerability is being exploited by adversaries who are leveraging access to compromised systems to install cryptocurrency...

10CVSS10AI score0.99999EPSS
Exploits123
Talos Blog
Talos Blog
added 2019/11/04 6:57 a.m.58 views

Vulnerability Spotlight: Two remote code execution vulnerabilities in Investintech Able2Extract

Piotr Bania of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered two remote code execution vulnerabilities in Investintech’s Able2Extract Professional. This software is a cross-platform PDF tool for Windows, Mac and Linux that converts PDFs and allows...

6.8CVSS2.1AI score0.01955EPSS
Exploits2
Total number of security vulnerabilities2032