Lucene search
K
TalosblogRecent

2032 matches found

Talos Blog
Talos Blog
added 2019/06/21 8:38 a.m.160 views

Threat Source newsletter (June 20, 2019)

Newsletter compiled by Jonathan Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. This week, we disclosed two vulnerabilities in KCodes’ NetUSB kernel module contains that could allow an attacker to inappropriatel...

6.9AI score
Exploits0
Talos Blog
Talos Blog
added 2019/06/20 6:8 a.m.339 views

Vulnerability Spotlight: Multiple vulnerabilities in Schneider Electric Modicon M580

Jared Rittle of Cisco Talos discovered these vulnerabilities. Executive summary There are several vulnerabilities in the Schneider Electric Modicon M580 that could lead to a variety of conditions, including denial of service and the disclosure of sensitive information. The Modicon M580 is the...

7.5CVSS8.7AI score0.35039EPSS
Exploits17
Talos Blog
Talos Blog
added 2019/06/17 10:17 a.m.119 views

Vulnerability Spotlight: Two bugs in KCodes NetUSB affect some NETGEAR routers

Dave McDaniel of Cisco Talos discovered these vulnerabilities. Executive summary KCodes’ NetUSB kernel module contains two vulnerabilities that could allow an attacker to inappropriately access information on some NETGEAR wireless routers. Specific models of these routers utilize the kernel modul...

6.4CVSS2.4AI score0.03562EPSS
Exploits0
Talos Blog
Talos Blog
added 2019/06/14 9:58 a.m.142 views

Threat Roundup for June 7 to June 14

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between June 07 and June 14. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...

7.9AI score
Exploits0
Talos Blog
Talos Blog
added 2019/06/11 11:42 a.m.180 views

Microsoft Patch Tuesday — June 2019: Vulnerability disclosures and Snort coverage

Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 88 vulnerabilities, 18 of which are rated “critical," 69 that are considered "important" and one "moderate." This release also includes a...

9.3CVSS1.3AI score0.48488EPSS
Exploits18
Talos Blog
Talos Blog
added 2019/06/10 1:59 p.m.123 views

How Cisco Talos helped Howard County recover from a call center attack

On Aug. 11, 2018 the 911 non-emergency call center in Howard County, Maryland was in crisis — not for the types of calls flooding into dispatchers, but simply for the sheer numbers. The center, which usually receives 300 to 400 calls a day was now getting 2,500 in a 24-hour span of time. The...

0.9AI score
Exploits0
Talos Blog
Talos Blog
added 2019/06/10 9:37 a.m.1465 views

Using Firepower to defend against encrypted RDP attacks like BlueKeep

This blog was authored by Brandon Stultz Microsoft recently released fixes for a critical pre-authentication remote code execution vulnerability in Remote Desktop Protocol Services RDP. Identified as CVE-2019-0708 in May's Patch Tuesday, the vulnerability caught the attention of researchers and t...

10CVSS0.99999EPSS
Exploits123
Talos Blog
Talos Blog
added 2019/06/10 7:9 a.m.129 views

The sights and sounds from the Talos Threat Research Summit

More than 250 threat hunters, network defenders and analysts gathered ahead of Cisco Live for the second annual Talos Threat Research Summit on Sunday. The conference by defenders, for defenders, returned this year after the inaugural event in 2018 to San Diego, where speakers passed on their...

0.1AI score
Exploits0
Talos Blog
Talos Blog
added 2019/06/07 12:0 p.m.173 views

Threat Roundup for May 31 to June 7

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between May 31 and June 07. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

7.8AI score
Exploits0
Talos Blog
Talos Blog
added 2019/06/07 7:0 a.m.98 views

Know before you go: Talos Threat Research Summit

We are now just 48 hours away from the second annual Talos Threat Research Summit. After last year's success in Orlando, we are back and better than ever from San Diego on Sunday. If you plan on attending, here's what you need to know before Sunday morning. Can't make it out? You can still stream...

0.8AI score
Exploits0
Talos Blog
Talos Blog
added 2019/06/06 11:0 a.m.69 views

Threat Source newsletter (June 6)

Newsletter compiled by Jonathan Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. We hope to see everyone this weekend at the Talos Threat Research Summit in San Diego or throughout the week at Cisco Live. If you’...

7.1AI score
Exploits0
Talos Blog
Talos Blog
added 2019/06/05 12:45 a.m.544 views

It's alive: Threat actors cobble together open-source pieces into monstrous Frankenstein campaign

This blog was authored by Danny Adamitis, David Maynor and Kendall McKay. Executive summary Cisco Talos recently identified a series of documents that we believe are part of a coordinated series of cyber attacks that we are calling the "Frankenstein" campaign. We assess that the attackers carried...

9.3CVSS8.8AI score0.99945EPSS
Exploits33
Talos Blog
Talos Blog
added 2019/05/31 9:42 a.m.163 views

Threat Roundup for May 24 to May 31

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between May 24 and May 31. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

7.5AI score
Exploits0
Talos Blog
Talos Blog
added 2019/05/30 11:0 a.m.57 views

Threat Source newsletter (May 30)

Newsletter compiled by Jonathan Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. Did you update all of your Microsoft products after Patch Tuesday earlier this month? If not, what are you waiting for? Listen to t...

7.2AI score
Exploits0
Talos Blog
Talos Blog
added 2019/05/30 10:10 a.m.112 views

Threat Source newsletter (May 23)

Newsletter compiled by Jonathan Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. Election security is a touchy — and oftentimes depressing — topic of conversation. So why not let Beer with Talos bring some levity...

7.4AI score
Exploits0
Talos Blog
Talos Blog
added 2019/05/30 9:47 a.m.218 views

10 years of virtual dynamite: A high-level retrospective of ATM malware

Executive summary It has been 10 years since the discovery of Skimer, first malware specifically designed to attack automated teller machines ATMs. At the time, the learning curve for understanding its functionality was rather steep and analysis required specific knowledge of a manufacturer's ATM...

Exploits0
Talos Blog
Talos Blog
added 2019/05/29 12:19 p.m.1370 views

Beers with Talos Ep. #54: Patch after listening, RDP and wild 0-days

Beers with Talos BWT Podcast Ep. 54 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Recorded May 24, 2019 — There is another BlueX to talk about and guess what? YES, YOU STILL NEED TO PATCH. We talk about RDP, the...

10CVSS10AI score0.99999EPSS
Exploits123
Talos Blog
Talos Blog
added 2019/05/24 10:49 a.m.108 views

Threat Roundup for May 17 to May 24

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between May 17 and May 24. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

7AI score
Exploits0
Talos Blog
Talos Blog
added 2019/05/23 1:24 p.m.62 views

One year later: The VPNFilter catastrophe that wasn't

Cisco Talos first disclosed the existence of VPNFilter on May 23, 2018. The malware made headlines across the globe, as it was a sophisticated piece of malware developed by a nation state, infecting half a million devices, and poised to cause havoc. Yet the attack was averted. The attacker’s...

0.5AI score
Exploits0
Talos Blog
Talos Blog
added 2019/05/23 8:49 a.m.99 views

Sorpresa! JasperLoader targets Italy with a new bag of tricks

Nick Biasini and Edmund Brumaghin authored this blog post. Executive summary Over the past few months, a new malware loader called JasperLoader has emerged that targets Italy and other European countries with banking trojans such as Gootkit. We recently released a comprehensive analysis of the...

0.5AI score
Exploits0
Talos Blog
Talos Blog
added 2019/05/21 2:25 p.m.305 views

Talos releases coverage for 'wormable' Microsoft vulnerability

Last night, Cisco Talos released the latest SNORT® rule update, which includes coverage for the critical Microsoft vulnerability CVE-2019-0708. The company disclosed this vulnerability last week as part of its monthly security update. This particular bug exists in Remote Desktop Services — former...

10CVSS1.4AI score0.99999EPSS
Exploits123
Talos Blog
Talos Blog
added 2019/05/21 2:24 p.m.65 views

Beers with Talos Ep. #53: Shiny happy election security (and ninjas)

Beers with Talos BWT Podcast Ep. 53 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Recorded May 10, 2019 — Election security has been a dominant headline for some time, so it’s high time we take a look at what th...

7.3AI score
Exploits0
Talos Blog
Talos Blog
added 2019/05/21 6:0 a.m.295 views

Microsoft Patch Tuesday — May 2019: Vulnerability disclosures and Snort coverage

Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 79 vulnerabilities, 22 of which are rated “critical," 55 that are considered "important" and one "moderate." This release also includes two...

10CVSS0.8AI score0.99999EPSS
Exploits125
Talos Blog
Talos Blog
added 2019/05/20 12:6 p.m.94 views

Recent MuddyWater-associated BlackWater campaign shows signs of new anti-detection techniques

This blog was authored by Danny Adamitis, David Maynor, and Kendall McKay Executive summary Cisco Talos assesses with moderate confidence that a campaign we recently discovered called "BlackWater" is associated with suspected persistent threat actor MuddyWater. Newly associated samples from April...

7.3AI score
Exploits0
Talos Blog
Talos Blog
added 2019/05/16 11:16 a.m.71 views

Vulnerability Spotlight: Multiple vulnerabilities in Wacom Update Helper

Tyler Bohan of Cisco Talos discovered these vulnerabilities. Executive summary There are two privilege escalation vulnerabilities in the Wacom update helper. The update helper is a utility installed alongside the macOS application for Wacom tablets. The application interacts with the tablet and...

1AI score0.00597EPSS
Exploits0
Talos Blog
Talos Blog
added 2019/05/16 11:0 a.m.62 views

Threat Source newsletter (May 16)

Newsletter compiled by Jonathan Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. We were packed with vulnerabilities this week. For starters, there’s Microsoft Patch Tuesday, which we’ll cover farther down. We al...

7.5AI score
Exploits0
Talos Blog
Talos Blog
added 2019/05/14 1:0 p.m.49 views

Vulnerability Spotlight: Remote code execution bug in Antenna House Rainbow PDF Office document converter

Emmanuel Tacheau of Cisco Talos discovered this vulnerability. Executive summary A buffer overflow vulnerability exists in Antenna House’s Rainbow PDF when the software attempts to convert a PowerPoint document. Rainbow PDF has the ability to convert Microsoft Office 97-2016 documents into a PDF...

2.2AI score0.02866EPSS
Exploits1
Talos Blog
Talos Blog
added 2019/05/14 11:23 a.m.80 views

Vulnerability Spotlight: Remote code execution vulnerabilities in Adobe Acrobat Reader

Aleksandar Nikolic of Cisco Talos discovered these vulnerabilities. Executive summary There are two remote code execution vulnerabilities in Adobe Acrobat Reader that could occur if a user were to open a malicious PDF on their machine using the software. Acrobat is the most widely used PDF reader...

9.3CVSS0.6AI score0.10223EPSS
Exploits1
Talos Blog
Talos Blog
added 2019/05/13 7:4 a.m.134 views

Vulnerability Spotlight: Multiple vulnerabilities in the Roav A1 Dashcam

Lilith Wyatt of Cisco Talos discovered these vulnerabilities. Executive Summary Cisco Talos is disclosing multiple vulnerabilities in the Anker Roav A1 Dashcam and the Novatek NT9665X chipset. The Roav A1 Dashcam by Anker is a dashboard camera that allows users to connect using the Roav app for...

10CVSS9.7AI score0.02853EPSS
Exploits8
Talos Blog
Talos Blog
added 2019/05/10 7:16 p.m.598 views

Threat Roundup for May 3 to May 10

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between May 03 and May 10. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

7AI score
Exploits0
Talos Blog
Talos Blog
added 2019/05/09 11:0 a.m.122 views

Threat Source newsletter (May 9)

Newsletter compiled by Jonathan Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. If you haven’t yet, there’s still time to register for this year’s Talos Threat Research Summit — our second annual conference by...

7.5CVSS9.4AI score0.99964EPSS
Exploits35
Talos Blog
Talos Blog
added 2019/05/09 7:24 a.m.103 views

Vulnerability Spotlight: Remote code execution bug in SQLite

Cory Duplantis of Cisco Talos discovered this vulnerability. Executive summary SQLite contains an exploitable use-after-free vulnerability that could allow an attacker to gain the ability to remotely execute code on the victim machine. SQLite is a client-sidedatabase management system contained i...

6.8CVSS9.2AI score0.06683EPSS
Exploits1
Talos Blog
Talos Blog
added 2019/05/07 8:47 a.m.150 views

Threat Roundup for April 26 to May 3

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between April 26 and May 03. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...

7.2AI score
Exploits0
Talos Blog
Talos Blog
added 2019/05/07 8:43 a.m.46 views

Vulnerability Spotlight: Multiple bugs in several Jenkins plugins

Peter Adkins of Cisco Umbrella discovered these vulnerabilities. Executive summary Jenkins is an open-source automation server written in Java. There are several plugins that exist to integrate Jenkins with other pieces of software, such as GitLab. Today, Cisco Talos is disclosing vulnerabilities...

0.4AI score
Exploits0
Talos Blog
Talos Blog
added 2019/05/02 11:0 a.m.127 views

Threat Source (May 2, 2019)

Newsletter compiled by Jonathan Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. If you haven’t yet, there’s still time to register for this year’s Talos Threat Research Summit — our second annual conference by...

7.5CVSS8.7AI score0.99964EPSS
Exploits35
Talos Blog
Talos Blog
added 2019/05/02 9:48 a.m.65 views

Qakbot levels up with new obfuscation techniques

Ashlee Benge of Cisco Talos and Nick Randolph of the Threat Grid Research and Efficacy team authored this blog post. Executive summary Qakbot, also known as Qbot, is a well-documented banking trojan that has been around since 2008. Recent Qakbot campaigns, however, are utilizing an updated...

0.8AI score
Exploits0
Talos Blog
Talos Blog
added 2019/05/02 7:4 a.m.179 views

JasperLoader Emerges, Targets Italy with Gootkit Banking Trojan

Nick Biasini and Edmund Brumaghin authored this blog post with contributions from Andrew Williams. Introduction to JasperLoader Malware loaders are playing an increasingly important role in malware distribution. They give adversaries the ability to gain an initial foothold on a system and are...

0.5AI score
Exploits0
Talos Blog
Talos Blog
added 2019/05/01 12:37 p.m.1257 views

Sodinokibi ransomware exploits WebLogic Server vulnerability

This blog was authored by Pierre Cadieux, Colin Grady, Jaeson Schultz and Matt Valites Attackers are actively exploiting a recently disclosed vulnerability in Oracle WebLogic to install a new variant of ransomware called "Sodinokibi." Sodinokibi attempts to encrypt data in a user's directory and...

7.5CVSS0.7AI score0.99964EPSS
Exploits35
Talos Blog
Talos Blog
added 2019/04/30 9:18 a.m.15 views

Beers with Talos Ep. #52: I don't trust you because I care

Beers with Talos BWT Podcast Ep. 52 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Recorded April 26, 2019 - Since Craig decided to skip the podcast today, we decided to invite one of Austin’s top actual security...

7.3AI score
Exploits0
Talos Blog
Talos Blog
added 2019/04/26 11:1 a.m.101 views

Threat Roundup for April 19 to April 26

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between April 19 and April 26. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral...

Exploits0
Talos Blog
Talos Blog
added 2019/04/25 11:6 a.m.54 views

Vulnerability Spotlight: Multiple vulnerabilities in Sierra Wireless AirLink ES450

Carl Hurd and Jared Rittle of Cisco Talos discovered these vulnerabilities. Executive summary Several exploitable vulnerabilities exist in the Sierra Wireless AirLink ES450, an LTE gateway designed for distributed enterprise, such as retail point-of-sale or industrial control systems. These flaws...

9.3CVSS0.7AI score0.27851EPSS
Exploits34
Talos Blog
Talos Blog
added 2019/04/25 11:0 a.m.21 views

Threat Source (April 25)

Newsletter compiled by Jonathan Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. If you haven’t yet, there’s still time to register for this year’s Talos Threat Research Summit — our second annual conference by...

7.8AI score
Exploits0
Talos Blog
Talos Blog
added 2019/04/24 7:33 a.m.93 views

DNSpionage brings out the Karkoff

Warren Mercer and Paul Rascagneres authored this post. Update 4/24: The C2 section below now includes details around the XOR element of the C2 communication system. Executive summary In November 2018, Cisco Talos discovered an attack campaign, called DNSpionage, in which threat actors created a n...

Exploits0
Talos Blog
Talos Blog
added 2019/04/23 4:2 p.m.49 views

Vulnerability Spotlight: Symantec Endpoint Protection kernel memory information disclosure vulnerability

Marcin Noga of Cisco Talos discovered this vulnerability. Overview Cisco Talos is disclosing an information leak vulnerability in the ccSetx86.sys kernel driver of Symantec Endpoint Protection Small Business Edition. The vulnerability exists in the driver’s control message handler. An attacker ca...

2.1CVSS0.3AI score0.00386EPSS
Exploits0
Talos Blog
Talos Blog
added 2019/04/22 10:21 a.m.21 views

Threat Source (April 18): New attacks distribute Formbook, LokiBot

Newsletter compiled by Jonathan Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. If you haven’t yet, there’s still time to register for this year’s Talos Threat Research Summit — our second annual conference by...

7.2AI score
Exploits0
Talos Blog
Talos Blog
added 2019/04/19 8:15 a.m.36 views

Threat Roundup for April 12 to April 19

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between April 12 and April 19. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral...

7.6AI score
Exploits0
Talos Blog
Talos Blog
added 2019/04/18 4:8 p.m.1918 views

DNS Hijacking Abuses Trust In Core Internet Service

Authors: Danny Adamitis, David Maynor, Warren Mercer, Matthew Olney and Paul Rascagneres. Update 4/18: A correction has been made to our research based on feedback from Packet Clearing House, we thank them for their assistance Preface This blog post discusses the technical details of a...

10CVSS0.6AI score0.99999EPSS
Exploits252
Talos Blog
Talos Blog
added 2019/04/18 8:38 a.m.37 views

Threat Source (April 4)

Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. If you haven’t yet, there’s still time to register for this year’s Talos Threat Research Summit — our second annual conference by defenders, for defenders. This year’s Summ...

6.5AI score
Exploits0
Talos Blog
Talos Blog
added 2019/04/17 3:17 p.m.19 views

Beers with Talos Ep. #51: Sea Turtles yeeting packets

Beers with Talos BWT Podcast Ep. No. 51 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Recorded April 12, 2019 — Today, we rip through a few other things to spend most of our time discussing Sea Turtle, the lates...

7.2AI score
Exploits0
Talos Blog
Talos Blog
added 2019/04/16 11:45 a.m.741 views

New HawkEye Reborn Variant Emerges Following Ownership Change

Edmund Brumaghin and Holger Unterbrink authored this blog post. Executive summary Malware designed to steal sensitive information has been a threat to organizations around the world for a long time. The emergence of the greyware market and the increased commercialization of keyloggers, stealers,...

9.3CVSS8.7AI score0.99945EPSS
Exploits33
Total number of security vulnerabilities2032