2032 matches found
Threat Roundup for December 13 to December 20
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Dec. 13 and Dec. 20. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...
Threat Source newsletter (Dec. 19, 2019)
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. We have an early holiday present for you! This week, we introduced a new podcast to the Talos family. Talos Takes, a new short-form show...
2019: The year in malware
By Jon Munshaw. From ransomware attacks to DNS deception, attackers were just as active as ever in 2019. This year saw a number of big-name malware families come onto the scene, including Sea Turtle, one of the most high-profile DNS hijacking attempts in recent memory. BlueKeep also stirred up...
New Talos Takes podcast puts Talos' spin on the latest cyber news
By Jon Munshaw. Today, Cisco Talos' podcast network is growing with a new show. Talos Takes is a new podcast that provides Talos analysts' and researchers' opinions and expertise on the hottest topics in cyber security. The first three episodes of the show — covering holiday shopping scams,...
Vulnerability Spotlight: Multiple vulnerabilities in WAGO PFC200
Kelly Leuschner of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. The WAGO PFC200 and PFC100 controllers contain multiple exploitable vulnerabilities. The PFC200 is one of WAGO’s programmable automation controllers that are used in many industries including automotive, rail,...
Threat Roundup for December 6 to December 13
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Dec. 6 and Dec. 13. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...
Threat Source newsletter (Dec. 12, 2019)
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. We’re entering our Year in Review period. Now’s the time to look back on the top stories from 2019 and think about what we learned. In t...
Vulnerability Spotlight: Kakadu Software SDK ATK marker code execution vulnerability
Aleksandar Nikolic and Emmanuel Tacheau of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Kakadu Software’s SDK contains an exploitable heap overflow. Kakadu serves as a framework for developers to create a variety of commercial and non-commercial applications. An attacker could...
Talos Vulnerability Discovery Year in Review — 2019
By Martin Zeiser. Cisco Talos' Systems Security Research Team investigates software, operating system, IoT and ICS vulnerabilities to make sure we find vulnerabilities before the bad guys do. We provide this information to the affected vendors so that they can create patches and protect their...
Vulnerability Spotlight: Information leak vulnerability in Adobe Acrobat Reader
Aleksandar Nikolic of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered an information leak vulnerability in Adobe Acrobat Reader DC. An attacker could exploit this vulnerability by tricking the victim into opening a specially crafted, malicious PDF,...
Vulnerability Spotlight: Apple Safari SVG marker element baseVal remote code execution vulnerability
Marcin Towalski of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Apple’s Safari web browser is open to a remote code execution vulnerability via its SVG marker element feature inside the Safari WebKit. Safari uses the WebCore DOM rendering system in WebKit. Rendering engine allo...
Vulnerability Spotlight: Denial-of-service vulnerabilities in Linux kernel, W1.fi
Mitchell Frank and Mark Leonard of Cisco discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered two denial-of-service vulnerabilities in the open-source program W1.fi. Both of these vulnerabilities target hostapd. One could allow an attacker to forge authentication...
Vulnerability Spotlight: Two vulnerabilities in RDP for Windows 7, XP
A Cisco Talos researcher discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered two issues in two implementations of Microsoft Remote Desktop Services: a denial-of-service vulnerability that affects Windows 7/Windows Server 2008 when RDP 8.0 is enabled, Windows 8/Serv...
Microsoft Patch Tuesday — Dec. 2019: Vulnerability disclosures and Snort coverage
By Jon Munshaw. Microsoft released its monthly security update today, disclosing vulnerabilities across many of its products and releasing corresponding updates. This month's Patch Tuesday covers 25 vulnerabilities, two of which are considered critical. This month’s security update covers securit...
Vulnerability Spotlight: Multiple vulnerabilities in LEADTOOLS software
Marcin Towalski and Cory Duplantis of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered multiple vulnerabilities in the LEADTOOLS line of imaging toolkits. LEADTOOLS is a collection of toolkits designed to perform a variety of functions aimed at...
Beers with Talos Ep. #67: Inside Incident Response
By Mitch Neff. Beers with Talos BWT Podcast episode No. 67 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Recorded Nov. 21, 2019 Craig is out sick/injured/fighting robots actually all three, so we brought in Sean...
Threat Roundup for November 29 to December 6
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Nov. 29 and Dec. 6. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...
Threat Source newsletter (Dec. 5, 2019)
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. We hope everyone had a safe and happy Thanksgiving in the U.S. The holiday shopping season is now in full swing, and there are plenty of...
Vulnerability Spotlight: AMD ATI Radeon ATIDXX64.DLL shader functionality sincos denial-of-service vulnerability
Piotr Bania of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered a denial-of-service vulnerability in a specific dll inside of the AMD ATI Radeon line of video cards. This vulnerability can be triggered by supplying a malformed pixel shader inside a...
ClamAV team shows off new Mussels dependency build automation tool
By Micah Snyder. Today I'm very excited, and a little bit nervous, to unveil Mussels. Mussels is a cross-platform, general-purpose dependency build automation tool. You might compare it with Vcpkg, Conan, or Buildout. It serves a similar purpose, but the approach is a little different. Mussels is...
Vulnerability Spotlight: Two vulnerabilities in EmbedThis GoAhead
A Cisco Talos researcher discovered these vulnerabilities. Blog by Jon Munshaw. EmbedThis’ GoAhead Web Server contains two vulnerabilities that both arise when the software attempts to process a multi-part/form-data HTTP request. An attacker could exploit these vulnerabilities to remotely execute...
Vulnerability Spotlight: SQL injection vulnerabilities in Forma Learning Management System
Yuri Kramarz of Security Advisory EMEAR discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered three SQL injection vulnerabilities in the authenticated portion of the Formal Learning Management System. LMS is a set of software that allows companies to build and hos...
Vulnerability Spotlight: Accusoft ImageGear PNG IHDR width code execution vulnerability
Marcin Noga of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Accusoft ImageGear contains two remote code execution vulnerabilities. ImageGear is a document and imaging library from Accusoft that developers can use to build their applications. The library contains the entire...
Best practices for staying safe online during the holiday shopping season
By Jon Munshaw. This holiday shopping season, the basics of avoiding a malware infection boils down to: If it sounds too good to be true, it probably is. While sometimes retailers do give out small-dollar gift cards, that $500 discount on a new iPhone is probably not real. If it is a scam, it wil...
Threat Roundup for November 15 to November 22
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Nov. 15 and Nov. 22. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...
Threat Source newsletter (Nov. 21, 2019)
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. It’s nearly holiday shopping season, which means it’s prime scam season. On the latest Beers with Talos episode, we run down the best wa...
Vulnerability Spotlight: Tenda AC9 /goform/WanParameterSetting command injection vulnerability
Amit Raut of Cisco Talos discovered this vulnerability. Cisco Talos recently discovered a command injection vulnerability in the Tenda AC9 router. The Tenda AC9 is one of the most popular and affordable dual-band gigabit WiFi Router available online, especially on Amazon. A command injection...
Vulnerability Spotlight: Two remote code execution vulnerabilities in Xcftools
Claudio Bozzato of Cisco Talos discovered these vulnerabilities. Xcftools contains two remote code execution vulnerabilities in its flattenIncrementally function. Xcftools is a set of tools for handling Gimp’s XCF files. The software provides tools to extract information from an XCF file, and the...
Beers with Talos Ep. #66: I Choose YOU! Attackers view of targets, RLAs, scam season
By Mitch Neff. Beers with Talos BWT Podcast episode No. 66 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Recorded Nov. 8, 2019 Joel is out on PTO, so Mitch, Matt, Nigel, and Craig carry the banner this episode...
Cryptominers, ransomware among top malware in IR engagements in Q4
By David Liebenberg and Kendall McKay. This summer’s most popular malware families were commonly seen, unsophisticated attacks, with phishing being the top infection vector, according to Cisco Talos Incident Response CTIR data. In addition to threat actors repeatedly deploying common threats like...
Custom dropper hide and seek
Executive summary Most users assume they are safe when surfing the web on a daily basis. But information-stealing malware can operate in the background of infected systems, looking to steal users' passwords, track their habits online and hijack personal information. Cisco Talos has monitored...
How the new Talos IR Cyber Range can prepare your employees for a cyber attack
By Gerard Johansen, Charles Iszard and Luke DuCharme. With the surge of ransomware attacks, information leaks and other cyber attacks in the headlines, most companies and organizations are aware that their employees need to be trained on how to stay safe online. But the real challenge lies in how...
Threat Source newsletter (Nov. 14, 2019)
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. It was all about the bugs this week. Patch Tuesday was especially busy for us, including our usual recap of all the vulnerabilities...
Threat Source newsletter (Nov. 7, 2019)
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. The only news we’re going to cover this week is the biggest news we’ve had in a while. Tuesday, we announced that Cisco Incident Respons...
Hunting for LoLBins
By Vanja Svajcer. Introduction Attackers' trends tend to come and go. But one popular technique we're seeing at this time is the use of living-off-the-land binaries — or "LoLBins". LoLBins are used by different actors combined with fileless malware and legitimate cloud services to improve chances...
Vulnerability Spotlight: Command injection bug in Exhibitor UI
Logan Sanderson of Cisco ASIG discovered this vulnerability. Blog by Jon Munshaw. Exhibitor Web UI contains an exploitable command injection vulnerability in its Config editor. Exhibitor is a ZooKeeper supervisory process. Exhibitor's Web UI does not have any form of authentication, and prior to...
Vulnerability Spotlight: Denial-of-service vulnerability in Intel IGC64 graphics driver
Piotr Bania of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Intel’s IGC64.dll graphics driver contains a denial-of-service vulnerability. An attacker could exploit this bug by supplying a malformed pixel shader if the graphics driver is operating inside a VMware guest operating...
New partnership brings together Talos’ visibility with IR’s unmatched response capabilities
By Jon Munshaw. The threat landscape has evolved into a complex, challenging environment for organizations everywhere. A talent shortage, combined with an increase in incidents, has led to a generally weak security posture among most organizations. Defenders’ backs are up against the wall...
Microsoft Patch Tuesday — Nov. 2019: Vulnerability disclosures and Snort coverage
By Jon Munshaw. Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday discloses 75 vulnerabilities, 13 of which are considered "critical," with the rest being deemed "important." This month’s security...
Vulnerability Spotlight: Remote code execution vulnerability in Microsoft Media Foundation
Marcin Noga of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Microsoft Media Foundation’s framework contains a remote code execution vulnerability that exists due to a use-after-free condition. This specific bug lies in Media Foundation's MPEG4 DLL. An attacker could provide a...
Vulnerability Spotlight: Remote code execution vulnerability in Microsoft Excel
Marcin “Icewall” Noga of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered a remote code execution vulnerability in Microsoft Excel. Microsoft disclosed this bug as part of their monthly security update Tuesday. This vulnerability exists in the...
Threat Roundup for November 1 to November 8
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Nov. 1 and Nov. 8. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...
C2 With It All: From Ransomware To Carding
By Warren Mercer, Paul Rascagneres and Vitor Ventura. Summary Cisco Talos recently discovered a new server hosting a large stockpile of malicious files. Our analysis of these files shows that these attackers were able to obtain a deep level of access to victims' infrastructure — all of which...
Vulnerability Spotlight: Code execution vulnerabilities in LEADTOOLS
Marcin Towalski and Cory Duplantis of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered multiple vulnerabilities in the LEADTOOLS line of imaging toolkits. LEADTOOLS is a collection of toolkits designed to perform a variety of functions aimed at...
CISO Advisory: Security Architecture
Security architecture and design is a vital function of a healthy enterprise. This function is fundamentally, about understanding IT architecture relationships, and ensuring security is a vital element of its implementation. This is the second paper within the series of CISO Advisories, in this...
How adversaries use politics for compromise
By Nick Biasini and Edmund Brumaghin. Executive Summary With the U.S. presidential primaries just around the corner, even malware authors can't help but get behind the frenzy. Cisco Talos recently discovered several malware distribution campaigns where the adversaries were utilizing the names and...
Beers with Talos Ep. #65: Please welcome to the show… Talos Incident Response
By Mitch Neff. Beers with Talos BWT Podcast episode No. 65 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Recorded Oct. 25, 2019 Today is a bit different. We normally keep things pretty neutral on this show not...
Talos, Cisco Incident Response team up to offer more protection than ever
By Sean Mason Over the years, I've had the honor and privilege to work within some of the greatest security teams on the planet, working alongside such passionate and talented people at Cisco makes delivering this announcement perhaps the greatest honor yet. The best security organizations on the...
The latest on BlueKeep and DejaBlue vulnerabilities — Using Firepower to defend against encrypted DejaBlue
Update 11/04/2019: There have been several public reports of active exploitation of CVE-2019-0708, commonly referred to as “BlueKeep.” Preliminary reports indicate that the vulnerability is being exploited by adversaries who are leveraging access to compromised systems to install cryptocurrency...
Vulnerability Spotlight: Two remote code execution vulnerabilities in Investintech Able2Extract
Piotr Bania of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered two remote code execution vulnerabilities in Investintech’s Able2Extract Professional. This software is a cross-platform PDF tool for Windows, Mac and Linux that converts PDFs and allows...