2032 matches found
Vulnerability Spotlight: Two vulnerabilities in Epignosis eFront
Yuri Kramarz of Security Advisory Incident Response EMEAR discovered these vulnerabilities. Cisco Talos discovered two vulnerabilities in Epignosis eFront — one of which could allow an attacker to remotely execute code on the victim system, and another that opens the victim machine to SQL...
Threat Roundup for August 23 to August 30
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Aug. 23 and Aug. 30. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...
Beers with Talos Ep. #60: Summer camp flashbacks and defining your intel
Beers with Talos BWT Podcast episode No. 60 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Recorded Aug. 16, 2019 — The understatement of the day would be the guys were in some kind of mood when we recorded this...
Vulnerability Spotlight: Multiple vulnerabilities in Aspose APIs
Marcin Noga of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered multiple remote code execution vulnerabilities in various Aspose APIs. Aspose provides a series of APIs for manipulating or converting a large family of document formats. These vulnerabilities exist in AP...
Threat Source newsletter (Aug. 22)
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. What’s old is new again. Our research this week centers around a series of long-lasting threat actors and malware that have been given n...
RAT Ratatouille: Backdooring PCs with leaked RATs
By Edmund Brumaghin and Holger Unterbrink. Executive summary Orcus RAT and RevengeRAT are two of the most popular remote access trojans RATs in use across the threat landscape. Since its emergence in 2016, various adversaries used RevengeRAT to attack organizations and individuals around the worl...
China Chopper still active 9 years later
By Paul Rascagneres and Vanja Svajcer. Introduction Threats will commonly fade away over time as they're discovered, reported on, and detected. But China Chopper has found a way to stay relevant, active and effective nine years after its initial discovery. China Chopper is a web shell that allows...
New 4CAN tool helps identify vulnerabilities in on-board car computers
By Alex DeTrano, Jason Royes, and Matthew Valites. Executive summary Modern automobiles contain hundreds of sensors and mechanics that communicate via computers to understand their surrounding environment. Those components provide real-time information to drivers, connect the vehicle to a global...
Threat Roundup for August 16 to August 23
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Aug. 16 and Aug. 23. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...
Threat Source newsletter (Aug. 22)
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. A lot of people may think that cyber insurance is this new, unexplored field that carries a lot of questions. But did you know that thes...
Talos DEFCON badge build instructions and use
By Patrick Mullen. We want to thank everyone who stopped by the Cisco Talos booth at DEFCON's Blue Team Village earlier this month. We handed out these badges at our area where we had Snort rules challenges, reverse-Capture the Flag and recruiters ready to answer attendees' career advice question...
What you — and your company — should know about cyber insurance
By Jon Munshaw and Joe Marshall. It’s no longer a question of “if” any given company or organization is going to be hit with a cyber attack — it’s when. And when that attack comes, who is willing to take on that risk? For some groups, it may be that they feel they are fully prepared to take on th...
Beers with Talos Ep. #59: The tardy episode
Beers with Talos BWT Podcast episode No. 59 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Recorded 8/2/19 - Yes, I know what today’s date is. We got really busy last week and I am sorry that the podcast is late...
Vulnerability Spotlight: Multiple bugs in OpenWeave and Nest Labs Nest Cam IQ indoor camera
Lilith Wyatt and Claudio Bozzato of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered multiple vulnerabilities in the Nest Cam IQ Indoor camera. One of Nest Labs’ most advanced internet-of-things devices, the Nest Cam IQ Indoor integrates Security-Enhanced Linux in...
Threat Roundup for August 9 to August 16
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Aug. 9 and Aug. 16. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...
Threat Source newsletter (Aug. 15)
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. Sorry we missed you last week, we were all away at Hacker Summer Camp. If you missed us at Black Hat, we have a roundup up on the blog o...
Talos Black Hat 2019 flash talk roundup
Talos went wall-to-wall at Hacker Summer Camp, showing up to Black Hat and DEFCON with talks, challenges, advice and education. Over the course of two days at Black Hat, Cisco Security hosted more than 20 talks at our booth, many featuring Talos researchers and analysts. In case you couldn't swin...
Microsoft Patch Tuesday — Aug. 2019: Vulnerability disclosures and Snort coverage
Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 97 vulnerabilities, 31 of which are rated “critical," 65 that are considered "important" and one "moderate." This month’s security update cover...
Threat Roundup for August 2 to August 9
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Aug. 2 and Aug. 9. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...
Vulnerability Spotlight: Multiple vulnerabilities in NVIDIA Windows GPU Display Driver, VMware ESXi, Workstation and Fusion
Piotr Bania of Cisco Talos discovered these vulnerabilities. Executive summary VMware ESXi, Workstation and Fusion are affected by an out-of-bounds write vulnerability that can be triggered using a specially crafted shader file. This vulnerability can be triggered from a VMware guest, affecting t...
Threat Roundup for July 26 to Aug. 2
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between July 26 and Aug. 2. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...
Threat Source newsletter (Aug. 1, 2019)
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. Are you heading to Vegas next week for Hacker Summer Camp? Talos will. We’ll be at Black Hat and DEFCON holding a series of talks, takin...
Malvertising: Online advertising's darker side
By Nick Biasini, Chris Neal and Matt Valites. Executive summary One of the trickiest challenges enterprises face is managing the balance between aggressively blocking malicious advertisements aka malvertising and allowing content to remain online, accessible for the average user. The days of...
New Re2PCAP tool speeds up PCAP process for Snort rules
By Amit Raut We often joke that for SNORT® rule development, you have to live by the saying “PCAP or it didn’t happen.” PCAP files are very important for Snort rule development, and a new tool from Cisco Talos called “Re2Pcap” allows users to generate a PCAP file in seconds just from a raw HTTP...
Reverse-CTF, Snort rule challenge and more — What to expect from Talos at Defcon
Want to get up close and personal with Talos researchers? Then be sure to stick around for the second half of “Hacker Summercamp:” Defcon. After our series of talks at Blackhat, we’re headed elsewhere on the strip for Defcon. Specifically, we’ll have a huge presence at this year’s Blue Team...
All the places you can see and hear Talos at Black Hat 2019
It is once again time for Security Summer Camp – the annual week when security experts descend upon Las Vegas for Black Hat and DEFCON. Talos will be around all week, but we want to start off with a Black Hat preview — the Defcon one will be here later today. Throughout the conference, Talos...
Threat Roundup for July 19 to July 26
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between July 19 and July 26. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...
Threat Roundup for July 12 to July 19
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between July 12 and July 19. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...
Threat Source newsletter (July 25, 2019)
Newsletter compiled by Jonathan Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. No one really likes talking about election security. It’s a sticky subject, costs lots of money and doesn’t come with an easy fix...
Beers with Talos Ep. #58: Defending Democracy and Doing DEFCON
Beers with Talos BWT Podcast episode No. 58 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Recorded July 19, 2019 — Wow, we packed a lot in this one: election security, burner phones, social apps' terms of servic...
Beers with Talos Ep. #57 - It’s a business decision, not rocket science
Beers with Talos BWT Podcast Ep. 57 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Recorded July 8, 2019 — Matt skipped this episode podcast in favor of a meeting for real. The rest of the crew carried on to...
Let's Destroy Democracy
Election security through an adversary's eyes By Matt Olney. Executive summary Over the past few years, Cisco Talos has increasingly been involved in election security research and support, most recently supporting the Security Service of Ukraine in their efforts to secure the two Ukrainian...
Threat Source newsletter (July 18, 2019)
Newsletter compiled by Jonathan Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. A group we’re calling “SWEED” may be behind years of Agent Tesla attacks. This week, we uncovered everything we know about this...
SWEED: Exposing years of Agent Tesla campaigns
By Edmund Brumaghin and other Cisco Talos researchers. Executive summary Cisco Talos recently identified a large number of ongoing malware distribution campaigns linked to a threat actor we're calling "SWEED," including such notable malware as Formbook, Lokibot and Agent Tesla. Based on our...
Threat Roundup for July 5 to July 12
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between July 5 and July 12. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...
Threat Source newsletter (July 11, 2019)
Newsletter compiled by Jonathan Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. Generally, when we write about a threat group or attack, that threat will calm down for a while. After all, it’s much for difficult...
Should governments pay extortion payments after a ransomware attack?
By Jonathan Munshaw. When it comes to ransomware attacks this year, it’s been a tale of three cities. In May, the city of Baltimore suffered a massive ransomware attack that took many of its systems down for weeks — restricting employees’ access to email, closing online payment portals and even...
Microsoft Patch Tuesday — July 2019: Vulnerability disclosures and Snort coverage
Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 77 vulnerabilities, 16 of which are rated “critical," 60 that are considered "important" and one "moderate." This month’s security update cover...
Sea Turtle keeps on swimming, finds new victims, DNS hijacking techniques
By Danny Adamitis with contributions from Paul Rascagneres. Executive summary After several months of activity, the actors behind the "Sea Turtle" DNS hijacking campaign are not slowing down. Cisco Talos recently discovered new details that suggest they regrouped after we published our initial...
Threat Roundup for June 28 to July 5
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between June 28 and July 5. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...
Threat Roundup for June 21 to June 28
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between June 21 and June 28. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...
Beers with Talos Ep. #56 - Flatlined: Breach to Bankrupt
Beers with Talos BWT Podcast Ep. 56 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Recorded 6/24/19 - Back in the studio for EP 56 and off the top, Matt got some new audio toy for his side hustle as a Twitch star...
Threat Source newsletter (July 3, 2019)
Newsletter compiled by Jonathan Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. We disclosed several vulnerabilities this week, including two in Simple DirectMedia Layer, and a memory corruption bug in the V8...
RATs and stealers rush through “Heaven’s Gate” with new loader
By Holger Unterbrink and Edmund Brumaghin. Executive summary Malware is constantly finding new ways to avoid detection. This doesn't mean that some will never be detected, but it does allow adversaries to increase the period of time between initial release and detection. Flying under the radar fo...
Vulnerability Spotlight: Remote code execution vulnerabilities in Simple DirectMedia Layer
Marcin “Icewall” Noga of Cisco Talos discovered these vulnerabilities. Simple DirectMedia Layer contains two vulnerabilities that could an attacker to remotely execute code on the victim’s machine. Both bugs are present in the SDL2image library, which is used for loading images in different...
Vulnerability Spotlight: Google V8 Array.prototype memory corruption vulnerability
The V8 JavaScript engine in Google Chrome contains a memory corruption vulnerability that could allow an attacker to gain the ability to execute arbitrary code on the victim’s machine. V8 is the core JavaScript engine that runs in the Chrome browser. As part of Chrome and node.is, it is the most...
Welcome Spelevo: New exploit kit full of old tricks
Nick Biasini authored this post with contributions from Caitlyn Hammond. Executive summary Exploit kits are an ever-present and often forgotten threat on the landscape today. Their popularity seemed to peak several years ago with the success and eventual downfall of some of the best compromise...
Threat Source newsletter (June 27, 2019)
Newsletter compiled by Jonathan Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. You never want to fall behind on Beers with Talos. So make sure to listen to the latest episode on your commute home today. This...
Beers with Talos Ep. #55: Live from San Diego!
Beers with Talos BWT Podcast Ep. 55 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Recorded June 12, 2019 — God knows why, but we bring you another live episode from the Talos Threat Research Summit at Cisco Live...
Threat Roundup for June 14 to June 21
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between June 14 and June 21. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...