2032 matches found
Threat Source newsletter (June 20, 2019)
Newsletter compiled by Jonathan Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. This week, we disclosed two vulnerabilities in KCodes’ NetUSB kernel module contains that could allow an attacker to inappropriatel...
Vulnerability Spotlight: Multiple vulnerabilities in Schneider Electric Modicon M580
Jared Rittle of Cisco Talos discovered these vulnerabilities. Executive summary There are several vulnerabilities in the Schneider Electric Modicon M580 that could lead to a variety of conditions, including denial of service and the disclosure of sensitive information. The Modicon M580 is the...
Vulnerability Spotlight: Two bugs in KCodes NetUSB affect some NETGEAR routers
Dave McDaniel of Cisco Talos discovered these vulnerabilities. Executive summary KCodes’ NetUSB kernel module contains two vulnerabilities that could allow an attacker to inappropriately access information on some NETGEAR wireless routers. Specific models of these routers utilize the kernel modul...
Threat Roundup for June 7 to June 14
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between June 07 and June 14. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...
Microsoft Patch Tuesday — June 2019: Vulnerability disclosures and Snort coverage
Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 88 vulnerabilities, 18 of which are rated “critical," 69 that are considered "important" and one "moderate." This release also includes a...
How Cisco Talos helped Howard County recover from a call center attack
On Aug. 11, 2018 the 911 non-emergency call center in Howard County, Maryland was in crisis — not for the types of calls flooding into dispatchers, but simply for the sheer numbers. The center, which usually receives 300 to 400 calls a day was now getting 2,500 in a 24-hour span of time. The...
Using Firepower to defend against encrypted RDP attacks like BlueKeep
This blog was authored by Brandon Stultz Microsoft recently released fixes for a critical pre-authentication remote code execution vulnerability in Remote Desktop Protocol Services RDP. Identified as CVE-2019-0708 in May's Patch Tuesday, the vulnerability caught the attention of researchers and t...
The sights and sounds from the Talos Threat Research Summit
More than 250 threat hunters, network defenders and analysts gathered ahead of Cisco Live for the second annual Talos Threat Research Summit on Sunday. The conference by defenders, for defenders, returned this year after the inaugural event in 2018 to San Diego, where speakers passed on their...
Threat Roundup for May 31 to June 7
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between May 31 and June 07. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...
Know before you go: Talos Threat Research Summit
We are now just 48 hours away from the second annual Talos Threat Research Summit. After last year's success in Orlando, we are back and better than ever from San Diego on Sunday. If you plan on attending, here's what you need to know before Sunday morning. Can't make it out? You can still stream...
Threat Source newsletter (June 6)
Newsletter compiled by Jonathan Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. We hope to see everyone this weekend at the Talos Threat Research Summit in San Diego or throughout the week at Cisco Live. If you’...
It's alive: Threat actors cobble together open-source pieces into monstrous Frankenstein campaign
This blog was authored by Danny Adamitis, David Maynor and Kendall McKay. Executive summary Cisco Talos recently identified a series of documents that we believe are part of a coordinated series of cyber attacks that we are calling the "Frankenstein" campaign. We assess that the attackers carried...
Threat Roundup for May 24 to May 31
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between May 24 and May 31. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...
Threat Source newsletter (May 30)
Newsletter compiled by Jonathan Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. Did you update all of your Microsoft products after Patch Tuesday earlier this month? If not, what are you waiting for? Listen to t...
Threat Source newsletter (May 23)
Newsletter compiled by Jonathan Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. Election security is a touchy — and oftentimes depressing — topic of conversation. So why not let Beer with Talos bring some levity...
10 years of virtual dynamite: A high-level retrospective of ATM malware
Executive summary It has been 10 years since the discovery of Skimer, first malware specifically designed to attack automated teller machines ATMs. At the time, the learning curve for understanding its functionality was rather steep and analysis required specific knowledge of a manufacturer's ATM...
Beers with Talos Ep. #54: Patch after listening, RDP and wild 0-days
Beers with Talos BWT Podcast Ep. 54 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Recorded May 24, 2019 — There is another BlueX to talk about and guess what? YES, YOU STILL NEED TO PATCH. We talk about RDP, the...
Threat Roundup for May 17 to May 24
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between May 17 and May 24. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...
One year later: The VPNFilter catastrophe that wasn't
Cisco Talos first disclosed the existence of VPNFilter on May 23, 2018. The malware made headlines across the globe, as it was a sophisticated piece of malware developed by a nation state, infecting half a million devices, and poised to cause havoc. Yet the attack was averted. The attacker’s...
Sorpresa! JasperLoader targets Italy with a new bag of tricks
Nick Biasini and Edmund Brumaghin authored this blog post. Executive summary Over the past few months, a new malware loader called JasperLoader has emerged that targets Italy and other European countries with banking trojans such as Gootkit. We recently released a comprehensive analysis of the...
Talos releases coverage for 'wormable' Microsoft vulnerability
Last night, Cisco Talos released the latest SNORT® rule update, which includes coverage for the critical Microsoft vulnerability CVE-2019-0708. The company disclosed this vulnerability last week as part of its monthly security update. This particular bug exists in Remote Desktop Services — former...
Beers with Talos Ep. #53: Shiny happy election security (and ninjas)
Beers with Talos BWT Podcast Ep. 53 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Recorded May 10, 2019 — Election security has been a dominant headline for some time, so it’s high time we take a look at what th...
Microsoft Patch Tuesday — May 2019: Vulnerability disclosures and Snort coverage
Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 79 vulnerabilities, 22 of which are rated “critical," 55 that are considered "important" and one "moderate." This release also includes two...
Recent MuddyWater-associated BlackWater campaign shows signs of new anti-detection techniques
This blog was authored by Danny Adamitis, David Maynor, and Kendall McKay Executive summary Cisco Talos assesses with moderate confidence that a campaign we recently discovered called "BlackWater" is associated with suspected persistent threat actor MuddyWater. Newly associated samples from April...
Vulnerability Spotlight: Multiple vulnerabilities in Wacom Update Helper
Tyler Bohan of Cisco Talos discovered these vulnerabilities. Executive summary There are two privilege escalation vulnerabilities in the Wacom update helper. The update helper is a utility installed alongside the macOS application for Wacom tablets. The application interacts with the tablet and...
Threat Source newsletter (May 16)
Newsletter compiled by Jonathan Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. We were packed with vulnerabilities this week. For starters, there’s Microsoft Patch Tuesday, which we’ll cover farther down. We al...
Vulnerability Spotlight: Remote code execution bug in Antenna House Rainbow PDF Office document converter
Emmanuel Tacheau of Cisco Talos discovered this vulnerability. Executive summary A buffer overflow vulnerability exists in Antenna House’s Rainbow PDF when the software attempts to convert a PowerPoint document. Rainbow PDF has the ability to convert Microsoft Office 97-2016 documents into a PDF...
Vulnerability Spotlight: Remote code execution vulnerabilities in Adobe Acrobat Reader
Aleksandar Nikolic of Cisco Talos discovered these vulnerabilities. Executive summary There are two remote code execution vulnerabilities in Adobe Acrobat Reader that could occur if a user were to open a malicious PDF on their machine using the software. Acrobat is the most widely used PDF reader...
Vulnerability Spotlight: Multiple vulnerabilities in the Roav A1 Dashcam
Lilith Wyatt of Cisco Talos discovered these vulnerabilities. Executive Summary Cisco Talos is disclosing multiple vulnerabilities in the Anker Roav A1 Dashcam and the Novatek NT9665X chipset. The Roav A1 Dashcam by Anker is a dashboard camera that allows users to connect using the Roav app for...
Threat Roundup for May 3 to May 10
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between May 03 and May 10. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...
Threat Source newsletter (May 9)
Newsletter compiled by Jonathan Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. If you haven’t yet, there’s still time to register for this year’s Talos Threat Research Summit — our second annual conference by...
Vulnerability Spotlight: Remote code execution bug in SQLite
Cory Duplantis of Cisco Talos discovered this vulnerability. Executive summary SQLite contains an exploitable use-after-free vulnerability that could allow an attacker to gain the ability to remotely execute code on the victim machine. SQLite is a client-sidedatabase management system contained i...
Threat Roundup for April 26 to May 3
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between April 26 and May 03. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...
Vulnerability Spotlight: Multiple bugs in several Jenkins plugins
Peter Adkins of Cisco Umbrella discovered these vulnerabilities. Executive summary Jenkins is an open-source automation server written in Java. There are several plugins that exist to integrate Jenkins with other pieces of software, such as GitLab. Today, Cisco Talos is disclosing vulnerabilities...
Threat Source (May 2, 2019)
Newsletter compiled by Jonathan Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. If you haven’t yet, there’s still time to register for this year’s Talos Threat Research Summit — our second annual conference by...
Qakbot levels up with new obfuscation techniques
Ashlee Benge of Cisco Talos and Nick Randolph of the Threat Grid Research and Efficacy team authored this blog post. Executive summary Qakbot, also known as Qbot, is a well-documented banking trojan that has been around since 2008. Recent Qakbot campaigns, however, are utilizing an updated...
JasperLoader Emerges, Targets Italy with Gootkit Banking Trojan
Nick Biasini and Edmund Brumaghin authored this blog post with contributions from Andrew Williams. Introduction to JasperLoader Malware loaders are playing an increasingly important role in malware distribution. They give adversaries the ability to gain an initial foothold on a system and are...
Sodinokibi ransomware exploits WebLogic Server vulnerability
This blog was authored by Pierre Cadieux, Colin Grady, Jaeson Schultz and Matt Valites Attackers are actively exploiting a recently disclosed vulnerability in Oracle WebLogic to install a new variant of ransomware called "Sodinokibi." Sodinokibi attempts to encrypt data in a user's directory and...
Beers with Talos Ep. #52: I don't trust you because I care
Beers with Talos BWT Podcast Ep. 52 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Recorded April 26, 2019 - Since Craig decided to skip the podcast today, we decided to invite one of Austin’s top actual security...
Threat Roundup for April 19 to April 26
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between April 19 and April 26. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral...
Vulnerability Spotlight: Multiple vulnerabilities in Sierra Wireless AirLink ES450
Carl Hurd and Jared Rittle of Cisco Talos discovered these vulnerabilities. Executive summary Several exploitable vulnerabilities exist in the Sierra Wireless AirLink ES450, an LTE gateway designed for distributed enterprise, such as retail point-of-sale or industrial control systems. These flaws...
Threat Source (April 25)
Newsletter compiled by Jonathan Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. If you haven’t yet, there’s still time to register for this year’s Talos Threat Research Summit — our second annual conference by...
DNSpionage brings out the Karkoff
Warren Mercer and Paul Rascagneres authored this post. Update 4/24: The C2 section below now includes details around the XOR element of the C2 communication system. Executive summary In November 2018, Cisco Talos discovered an attack campaign, called DNSpionage, in which threat actors created a n...
Vulnerability Spotlight: Symantec Endpoint Protection kernel memory information disclosure vulnerability
Marcin Noga of Cisco Talos discovered this vulnerability. Overview Cisco Talos is disclosing an information leak vulnerability in the ccSetx86.sys kernel driver of Symantec Endpoint Protection Small Business Edition. The vulnerability exists in the driver’s control message handler. An attacker ca...
Threat Source (April 18): New attacks distribute Formbook, LokiBot
Newsletter compiled by Jonathan Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. If you haven’t yet, there’s still time to register for this year’s Talos Threat Research Summit — our second annual conference by...
Threat Roundup for April 12 to April 19
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between April 12 and April 19. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral...
DNS Hijacking Abuses Trust In Core Internet Service
Authors: Danny Adamitis, David Maynor, Warren Mercer, Matthew Olney and Paul Rascagneres. Update 4/18: A correction has been made to our research based on feedback from Packet Clearing House, we thank them for their assistance Preface This blog post discusses the technical details of a...
Threat Source (April 4)
Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. If you haven’t yet, there’s still time to register for this year’s Talos Threat Research Summit — our second annual conference by defenders, for defenders. This year’s Summ...
Beers with Talos Ep. #51: Sea Turtles yeeting packets
Beers with Talos BWT Podcast Ep. No. 51 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Recorded April 12, 2019 — Today, we rip through a few other things to spend most of our time discussing Sea Turtle, the lates...
New HawkEye Reborn Variant Emerges Following Ownership Change
Edmund Brumaghin and Holger Unterbrink authored this blog post. Executive summary Malware designed to steal sensitive information has been a threat to organizations around the world for a long time. The emergence of the greyware market and the increased commercialization of keyloggers, stealers,...