Lucene search
K
TalosblogRecent

2032 matches found

Talos Blog
Talos Blog
added 2019/11/01 12:39 p.m.67 views

Cisco Talos helps CISOs get back to basics with advisory series

At Cisco Talos, we try to build detections for every threat we see to provide customers with a portfolio capable of identifying and stopping threats at various stages of an attack's lifecycle. Deploying the best suite of layered security tools is an integral part of protecting an organization. Bu...

0.5AI score
Exploits0
Talos Blog
Talos Blog
added 2019/11/01 10:31 a.m.312 views

Threat Roundup for October 25 to November 1

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Oct. 25 and Nov. 1. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

10CVSS10AI score0.99999EPSS
Exploits123
Talos Blog
Talos Blog
added 2019/10/31 11:0 a.m.47 views

Threat Source newsletter (Oct. 31, 2019)

Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. We’re scared of stalkerware, and you should be, too. These spyware apps are becoming more popular among everyone from nation-states to...

6.8AI score
Exploits0
Talos Blog
Talos Blog
added 2019/10/31 9:18 a.m.59 views

The commoditization of mobile espionage software

By Matthew Valites with contributions by Joanne Kim and Edmund Brumaghin. Executive summary Mobile stalkerware has all sorts of wide-ranging consequences. The creators of these types of apps can track user's locations, see their social media usage and more. And they certainly open the door for...

0.2AI score
Exploits0
Talos Blog
Talos Blog
added 2019/10/30 6:27 a.m.147 views

Vulnerability Spotlight: Multiple vulnerabilities in YouPHPTube

Yuri Kramarz of Security Advisory EMEAR discovered these vulnerabilities. Post by Jon Munshaw. YouPHPTube contains multiple vulnerabilities that could allow an attacker to carry out a variety of malicious activities. Specially crafted, attacker-created web requests can allow an attacker to inject...

1AI score0.45302EPSS
Exploits10
Talos Blog
Talos Blog
added 2019/10/29 6:54 a.m.59 views

Vulnerability Spotlight: Denial-of-service in VMWare Fusion 11

Piotr Bania of Cisco Talos discovered this vulnerability. Executive summary VMware Fusion 11 contains an exploitable denial-of-service vulnerability. VMWare Fusion is an application for Mac operating systems that allows users to run other OSs in a virtual environment, such as Windows and Linux. A...

6.3AI score0.02117EPSS
Exploits0
Talos Blog
Talos Blog
added 2019/10/25 9:33 a.m.2291 views

Threat Roundup for October 18 to October 25

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Oct. 18 and Oct. 25. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...

10CVSS10AI score0.99999EPSS
Exploits123
Talos Blog
Talos Blog
added 2019/10/25 7:2 a.m.45 views

Beers with Talos Ep. #64: Your problem isn’t complex, it's simply complexity

By Mitch Neff Beers with Talos BWT Podcast episode No. 64 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Recorded Oct. 10, 2019 This episode lives up to its name, by trying to only take on a minimal topic and the...

7.2AI score
Exploits0
Talos Blog
Talos Blog
added 2019/10/24 11:0 a.m.48 views

Threat Source newsletter (Oct. 24, 2019)

Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. Never assume that a malware family is really dead. We’ve done it time and time again with things like Emotet, and Gustuff is proving it...

7.5CVSS9.2AI score0.4453EPSS
Exploits16
Talos Blog
Talos Blog
added 2019/10/24 10:3 a.m.37 views

CISO Advisory: Governance & Risk Management

Businesses are built on risk. No matter how prepared they are, there is no guarantee that any decision will result in the expected outcome. But through good management, the likelihood of success can be improved. In the first in a series of CISO Advisories this paper address Governance & Risk...

3.4AI score
Exploits0
Talos Blog
Talos Blog
added 2019/10/24 6:37 a.m.70 views

Gustuff return, new features for victims

By Vitor Ventura with contributions from Chris Neal. Executive summary The Gustuff banking trojan is back with new features, months after initially appearing targeting financial institutions in Australia. Cisco Talos first reported on Gustuff in April. Soon after, the actors behind Gustuff starte...

0.5AI score
Exploits0
Talos Blog
Talos Blog
added 2019/10/18 9:44 a.m.636 views

Threat Roundup for October 11 to October 18

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Oct. 11 and Oct. 18. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...

10CVSS0.2AI score0.99999EPSS
Exploits123
Talos Blog
Talos Blog
added 2019/10/17 11:0 a.m.36 views

Threat Source newsletter (Oct. 17, 2019)

Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. It’s rare that iOS jailbreaks make it onto the scene. Apple is usually able to patch them out quickly. But a recent exploit is actually...

8.4AI score
Exploits0
Talos Blog
Talos Blog
added 2019/10/15 12:34 p.m.67 views

Vulnerability Spotlight: Another fix for Adobe Acrobat Reader DC text field value remote code execution

Aleksandar Nikolic of Cisco Talos discovered this vulnerability. Cisco Talos once again would like to bring attention to a remote code execution vulnerability in Adobe Acrobat Reader. Acrobat, which is one of the most popular PDF readers on the market, contains a bug when the software incorrectly...

9.3CVSS10AI score0.13071EPSS
Exploits0
Talos Blog
Talos Blog
added 2019/10/15 1:33 a.m.227 views

Checkrain fake iOS jailbreak leads to click fraud

By Warren Mercer and Paul Rascagneres. Introduction Attackers are capitalizing on the recent discovery of a new vulnerability that exists across legacy iOS hardware. Cisco Talos recently discovered a malicious actor using a fake website that claims to give iPhone users the ability to jailbreak...

0.5AI score
Exploits0
Talos Blog
Talos Blog
added 2019/10/14 8:11 a.m.86 views

Beers with Talos Ep. #63: The third law of thermodynamics

Beers with Talos BWT Podcast episode No. 63 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Recorded Sept. 27, 2019 We are missing Matt and Joel this time, so Mitch, Craig and Nigel are taking you through this...

Exploits0
Talos Blog
Talos Blog
added 2019/10/11 8:45 a.m.260 views

Threat Roundup for October 4 to October 11

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Oct. 4 and Oct. 11. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

10CVSS10AI score0.99999EPSS
Exploits123
Talos Blog
Talos Blog
added 2019/10/10 12:24 p.m.52 views

Talos takes home top research honors at Virus Bulletin conference

By Jon Munshaw Researchers from Cisco Talos brought up the top award at this year’s Virus Bulletin conference. Talos received the Péter Ször Award — named for the prolific security researcher who was a longtime contributor to Virus Bulletin and passed away in 2013 — for our research into several...

7AI score
Exploits0
Talos Blog
Talos Blog
added 2019/10/10 11:0 a.m.61 views

Threat Source newsletter (Oct. 10, 2019)

Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. It’s that time again to update all your Microsoft products. The company released its monthly update Tuesday, disclosing more than 60...

7.7AI score
Exploits0
Talos Blog
Talos Blog
added 2019/10/10 9:24 a.m.104 views

New IDA Pro plugin provides TileGX support

By Jonas Zaddach Overview Cisco Talos has a new plugin available for IDA Pro that provides a new disassembler for TileGX binaries. This tool should assist researchers in reverse-engineering threats in IDA Pro that target TileGX. We started developing this tool after the VPNFilter campaign last...

0.4AI score
Exploits0
Talos Blog
Talos Blog
added 2019/10/09 7:30 a.m.96 views

Vulnerability Spotlight: Multiple remote code execution bugs in NitroPDF

Cory Duplantis and Aleksandar Nikolic of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered multiple remote code execution vulnerabilities in NitroPDF. Nitro PDF allows users to save, read, sign and edit PDF files on their machines. There are two versions of the product...

6.8CVSS1.2AI score0.02562EPSS
Exploits6
Talos Blog
Talos Blog
added 2019/10/08 11:36 a.m.78 views

Vulnerability spotlight: Multiple vulnerabilities in Schneider Electric Modicon M580

Jared Rittle and Patrick DeSantis of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. There are several vulnerabilities in the Schneider Electric Modicon M580 that could lead to a variety of conditions, the majority of which can cause a denial of service. The Modicon M580 is the...

1AI score0.29895EPSS
Exploits0
Talos Blog
Talos Blog
added 2019/10/08 10:11 a.m.153 views

Microsoft Patch Tuesday — Oct. 2019: Vulnerability disclosures and Snort coverage

By Jon Munshaw. Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday discloses 60 vulnerabilities, nine of which are considered "critical," with the rest being deemed "important." This month’s security...

10CVSS1.1AI score0.76451EPSS
Exploits37
Talos Blog
Talos Blog
added 2019/10/07 9:29 a.m.144 views

How Tortoiseshell created a fake veteran hiring website to host malware

By Warren Mercer and Paul Rascagneres with contributions from Jungsoo An. Introduction Cisco Talos recently discovered a threat actor attempting to take advantage of Americans who may be seeking a job, especially military veterans. The actor, previously identified by Symantec as Tortoiseshell,...

0.1AI score
Exploits0
Talos Blog
Talos Blog
added 2019/10/04 8:37 a.m.354 views

Threat Roundup for September 27 to October 4

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Sept. 27 and Oct. 4. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...

10CVSS10AI score0.99999EPSS
Exploits123
Talos Blog
Talos Blog
added 2019/09/30 11:0 a.m.201 views

Divergent: "Fileless" NodeJS Malware Burrows Deep Within the Host

Update 09/27/2019: Additional information regarding the malware interaction with various online advertisements has been included to highlight the click-fraud related network communications associated with Divergent. Executive summary Cisco Talos recently discovered a new malware loader being used...

0.9AI score
Exploits0
Talos Blog
Talos Blog
added 2019/09/30 8:35 a.m.101 views

Open Document format creates twist in maldoc landscape

By Warren Mercer and Paul Rascagneres. Introduction Cisco Talos recently observed attackers changing the file formats they use in an attempt to thwart common antivirus engines. This can happen across other file formats, but today, we are showing a change of approach for an actor who has deemed...

7.1AI score
Exploits0
Talos Blog
Talos Blog
added 2019/09/30 7:41 a.m.53 views

Vulnerability Spotlight: Foxit PDF Reader JavaScript Array.includes remote code execution vulnerability

Aleksandar Nikolic of Cisco Talos discovered this vulnerability. Foxit PDF Reader contains a remote code execution vulnerability in its JavaScript engine. Foxit aims to be one of the most feature-rich PDF readers on the market, and contains many similar functions to that of Adobe Acrobat Reader...

6.8CVSS1.4AI score0.0604EPSS
Exploits1
Talos Blog
Talos Blog
added 2019/09/27 7:22 a.m.203 views

Threat Roundup for September 20 to September 27

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Sept. 20 and Sept. 27. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral...

10CVSS10AI score0.99999EPSS
Exploits123
Talos Blog
Talos Blog
added 2019/09/26 10:53 a.m.54 views

Threat Source newsletter (Sept. 26)

Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. An attacker known as “Tortoiseshell” is using a phony, malicious website to deliver malware. The site specifically targets U.S. military...

7.7AI score
Exploits0
Talos Blog
Talos Blog
added 2019/09/26 9:42 a.m.50 views

Beers with Talos Ep. #62: Fifty shades of shady

Beers with Talos BWT Podcast episode No. 62 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Recorded Sept. 13, 2019 In one of our "rantier" episodes, the BWT crew dives into the ongoing insidiousness that is...

0.1AI score
Exploits0
Talos Blog
Talos Blog
added 2019/09/26 6:51 a.m.55 views

An in-depth look at cyber insurance: We sat down with risk expert, Cisco's Leslie Lamb

Y2K is known for being one of the most widespread times of panic in IT. It was generally thought that on Dec. 31, 1999, computers across the globe would shut down when they would fail to properly process that it would become the year 2000 the next day. It made headlines across the globe, sent...

6.6AI score
Exploits0
Talos Blog
Talos Blog
added 2019/09/20 12:16 p.m.198 views

Threat Roundup for September 13 to September 20

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Sept. 13 and Sept. 20. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral...

10CVSS10AI score0.99999EPSS
Exploits123
Talos Blog
Talos Blog
added 2019/09/20 7:26 a.m.126 views

Vulnerability Spotlight: Multiple vulnerabilities in Atlassian Jira

Ben Taylor of Cisco ASIG discovered these vulnerabilities. Atlassian’s Jira software contains multiple vulnerabilities that could allow an attacker to carry out a variety of actions, including the disclosure of sensitive information and the remote execution of JavaScript code. Jira is a piece of...

5CVSS6.4AI score0.1755EPSS
Exploits4
Talos Blog
Talos Blog
added 2019/09/19 11:0 a.m.45 views

Threat Source newsletter (Sept. 19, 2019)

Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. We’re all still trying to shake off the summer. Gone are the early Fridays, beach vacations and days by the pool. Turns out, attackers m...

8.2AI score
Exploits0
Talos Blog
Talos Blog
added 2019/09/19 10:13 a.m.225 views

New Cisco Talos web reputation verdicts

Cisco Talos has updated and expanded the Talos Threat Levels used to describe our web reputation verdicts. As you will see in the chart below, we are increasing the amount of reputation verdicts from three to five. We are retaining the Unknown category, just as before. Cisco Security products wil...

0.1AI score
Exploits0
Talos Blog
Talos Blog
added 2019/09/18 5:20 a.m.57 views

Emotet is back after a summer break

By Colin Grady, William Largent, and Jaeson Schultz. Emotet is still evolving, five years after its debut as a banking trojan. It is one of the world's most dangerous botnets and malware droppers-for-hire. The malware payloads dropped by Emotet serve to more fully monetize their attacks, and ofte...

1AI score
Exploits0
Talos Blog
Talos Blog
added 2019/09/17 8:9 a.m.718 views

Cryptocurrency miners aren’t dead yet: Documenting the voracious but simple “Panda”

By Christopher Evans and David Liebenberg. Executive summary A new threat actor named "Panda" has generated thousands of dollars worth of the Monero cryptocurrency through the use of remote access tools RATs and illicit cryptocurrency-mining malware. This is far from the most sophisticated actor...

10CVSS9.8AI score0.99999EPSS
Exploits118
Talos Blog
Talos Blog
added 2019/09/17 7:58 a.m.59 views

Vulnerability Spotlight: Multiple vulnerabilities in Aspose PDF API

Marcin Noga of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered multiple remote code execution vulnerabilities in the Aspose.PDF API. Aspose provides a series of APIs for manipulating or converting a large family of document formats. These vulnerabilities exist in API...

7.5CVSS0.8AI score0.03415EPSS
Exploits3
Talos Blog
Talos Blog
added 2019/09/17 5:40 a.m.86 views

Vulnerability Spotlight: AMD ATI Radeon ATIDXX64.DLL shader functionality remote code execution vulnerability

Piotr Bania of Cisco Talos discovered this vulnerability. Some AMD Radeon cards contain a remote code execution vulnerability in their ATIDXX64.DLL driver. AMD produces the Radeon line of hardware, which includes graphics cards and graphics processing units. This specific vulnerability exists on...

2.1AI score0.02013EPSS
Exploits0
Talos Blog
Talos Blog
added 2019/09/13 2:6 p.m.353 views

Threat Roundup for September 6 to September 13

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Sept. 6 and Sept. 13. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristic...

10CVSS10AI score0.99999EPSS
Exploits123
Talos Blog
Talos Blog
added 2019/09/12 11:0 a.m.29 views

Threat Source newsletter (Sept. 12, 2019)

Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. You’ve heard it a million times: Always patch. But in case you needed another example that it’s important, Cisco Incident Response took ...

7AI score
Exploits0
Talos Blog
Talos Blog
added 2019/09/11 9:10 a.m.121 views

Watchbog and the Importance of Patching

By Luke DuCharme and Paul Lee. What Happened? Cisco Incident Response CSIRS recently responded to an incident involving the Watchbog cryptomining botnet. The attackers were able to exploit CVE-2018-1000861 to gain a foothold and install the Watchbog malware on the affected systems. This Linux-bas...

10CVSS0.6AI score0.98326EPSS
Exploits5
Talos Blog
Talos Blog
added 2019/09/11 7:48 a.m.63 views

Beers with Talos Ep. #61: Hacking for good is a bad idea

Beers with Talos BWT Podcast episode No. 61 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Recorded Aug. 30, 2019: In this extra-sized episode, we cover a lot, starting with Retadup, and discussing the intricate...

0.2AI score
Exploits0
Talos Blog
Talos Blog
added 2019/09/10 12:12 p.m.100 views

Microsoft Patch Tuesday — Sept. 2019: Vulnerability disclosures and Snort coverage

By Jon Munshaw. Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 85 vulnerabilities, 19 of which are rated “critical," 65 that are considered "important" and one "moderate." There is also a...

9.3CVSS1.2AI score0.61314EPSS
Exploits16
Talos Blog
Talos Blog
added 2019/09/09 6:52 a.m.44 views

Vulnerability Spotlight: Denial-of-service vulnerabilities in some NETGEAR routers

Dave McDaniel of Cisco Talos discovered these vulnerabilities. The NETGEAR N300 line of wireless routers contains two denial-of-service vulnerabilities. The N300 is a small and affordable wireless router that contains the basic features of a wireless router. An attacker could exploit these bugs b...

5CVSS0.4AI score0.0313EPSS
Exploits2
Talos Blog
Talos Blog
added 2019/09/06 11:33 a.m.225 views

Threat Roundup for August 30 to September 6

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Aug. 30 and Sept. 6. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...

10CVSS10AI score0.99999EPSS
Exploits123
Talos Blog
Talos Blog
added 2019/09/05 11:0 a.m.48 views

Threat Source newsletter (Sept. 5, 2019)

Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. By now, nearly everyone has heard of BlueKeep. It definitely sounds scary, with of this talk of wormable bugs and WannaCry. But so far, ...

7.8CVSS7.4AI score0.01929EPSS
Exploits0
Talos Blog
Talos Blog
added 2019/09/05 8:5 a.m.284 views

GhIDA: Ghidra decompiler for IDA Pro

By Andrea Marcelli Executive Summary Cisco Talos is releasing two new tools for IDA Pro: GhIDA and Ghidraaas. GhIDA is an IDA Pro plugin that integrates the Ghidra decompiler in the IDA workflow, giving users the ability to rename and highlight symbols and improved navigation and comments. GhIDA...

0.1AI score
Exploits0
Talos Blog
Talos Blog
added 2019/09/04 7:49 a.m.71 views

Vulnerability Spotlight: Information disclosure vulnerability in Blynk-Library

Lilith Wyatt of Cisco Talos discovered this vulnerability. Cisco Talos recently discovered an information disclosure vulnerability in Blynk-Library. Blynk-Library is a small library for connecting more than 400 different embedded device models into a private or enterprise Blynk-Server instance...

5CVSS0.2AI score0.01876EPSS
Exploits1
Total number of security vulnerabilities2032