2033 matches found
New HawkEye Reborn Variant Emerges Following Ownership Change
Edmund Brumaghin and Holger Unterbrink authored this blog post. Executive summary Malware designed to steal sensitive information has been a threat to organizations around the world for a long time. The emergence of the greyware market and the increased commercialization of keyloggers, stealers,...
Vulnerability Spotlight: Denial of service in VMWare Workstation 15
Piotr Bania of Cisco Talos discovered this vulnerability. Executive summary VMware Workstation 15 contains an exploitable denial-of-service vulnerability. Workstation allows users to run multiple operating systems on a Linux or Windows PC. An attacker could trigger this particular vulnerability...
Vulnerability Spotlight: Multiple vulnerabilities in Shimo VPN's helper tool
Discovered by Tyler Bohan of Cisco Talos. Overview Cisco Talos is disclosing a series of vulnerabilities found in the Shimo VPN Helper Tool. Shimo VPN is a popular VPN client for MacOS that can be used to connect multiple VPN accounts to one application. These specific vulnerabilities were found ...
Threat Roundup for April 5 to April 12
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between April 05 and April 12. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral...
Sextortion profits decline despite higher volume, new techniques
Post authored by Nick Biasini and Jaeson Schultz. Sextortion spammers continue blasting away at high volume. The success they experienced with several high-profile campaigns last year has led these attackers to continue transmitting massive amounts of sextortion email. These sextortion spammers...
Threat Source (April 11)
Newsletter compiled by Jonathan Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. If you haven’t yet, there’s still time to register for this year’s Talos Threat Research Summit — our second annual conference by...
Vulnerability Spotlight: Adobe Acrobat Reader remote code execution
Aleksandar Nikolic of Cisco Talos discovered these vulnerabilities. Executive summary There is a remote code execution vulnerability in Adobe Acrobat Reader that could occur if a user were to open a malicious PDF on their machine using the software. Acrobat is the most widely used PDF reader on t...
Gustuff banking botnet targets Australia
Vitor Ventura authored this post. Executive summary Cisco Talos has uncovered a new Android-based campaign targeting Australian financial institutions. As the investigation progressed, Talos came to understand that this campaign was associated with the "ChristinaMorrow" text message spam scam...
Microsoft Patch Tuesday — April 2019: Vulnerability disclosures and Snort coverage
Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 74 vulnerabilities, 16 of which are rated “critical” and 58 that are considered “important.” This release also includes a critical advisory...
Beers with Talos Ep. #50: Operating under the cover of… nothing
Beers with Talos BWT Podcast Ep. No. 50 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Recorded March 29, 2019 - Matt and Joel are both on the road this week, and Omar Santos from Cisco PSIRT joins the crew to...
Threat Roundup for March 29 to April 5
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between March 29 and April 05. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral...
Hiding in Plain Sight
This blog was written by Jon Munshaw and Jaeson Schultz. Cisco Talos is continually working to ensure that our threat intelligence not only accounts for the latest threats but also new versions of old threats, such as spam. This often means pursuing cybercriminals wherever they congregate. Howeve...
Registration for the 2019 Talos Threat Research Summit is now open
The Talos Threat Research Summit is officially back. Registration is open now for the second year of our conference by defenders, for defenders. Tickets sold out quickly last year for our inaugural event, so act quickly. This year’s Research Summit will take place on June 9 in San Diego, Calif. —...
Threat Roundup for March 22 to March 29
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between March 22 and March 29. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral...
Cyber Security Week in Review (March 28)
Welcome to this week's Cyber Security Week in Review, where Cisco Talos runs down all of the news we think you need to know in the security world. Top headlines this week ASUS had to release an emergency fix for a malware that may have accidentally deployed to their machines. Attackers may have...
Vulnerability Spotlight: Multiple vulnerabilities in GOG Galaxy Games
Richard Johnson and Tyler Bohan of Cisco Talos discovered these vulnerabilities. Executive summary The GOG Galaxy video game launcher contains multiple vulnerabilities that could allow a malicious actor to carry out a variety of attacks. GOG Galaxy Games is a video game storefront that allows use...
Cisco Talos adds new Content Category
Our goal at Cisco Talos is to provide detailed and actionable information in order to let customers decide how best to protect their networks and users based on their needs. To this end, Cisco Talos is adding a new content category to Talos Intelligence. Starting on April 3, supported Cisco...
Threat Roundup for March 15 to March 22
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between March 15 and March 22. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral...
Cyber Security Week in Review (March 22)
Welcome to this week's Cyber Security Week in Review, where Cisco Talos runs down all of the news we think you need to know in the security world. For more news delivered to your inbox every week, sign up for our Threat Source newsletter here. Top headlines this week Norwegian aluminum company...
Ransomware or Wiper? LockerGoga Straddles the Line
Executive Summary Ransomware attacks have been in the news with increased frequency over the past few years. This type of malware can be extremely disruptive and even cause operational impacts in critical systems that may be infected. LockerGoga is yet another example of this sort of malware. It ...
Beers with Talos Ep. #49: POS Malware, RSA Highlights, and SOL OpSec Fails
Beers with Talos BWT Podcast Ep. 49 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Recorded March 15, 2019. We recorded this after coming back from RSA, with some on-location highlights included. This episode ope...
Vulnerability Spotlight: Multiple Vulnerabilities in CUJO Smart Firewall, Das U-Boot, OCTEON SDK, Webroot BrightCloud
Claudio Bozzato of Cisco Talos discovered these vulnerabilities. Executive summary CUJO AI produces the CUJO Smart Firewall, a device that provides protection to home networks against a myriad of threats such as malware, phishing websites and hacking attempts. Cisco Talos recently discovered 11...
IPv6 unmasking via UPnP
Martin Zeiser and Aleksandar Nikolich authored this post. Executive summary With tools such as ZMap and Masscan and general higher bandwidth availability, exhaustive internet-wide scans of full IPv4 address space have become the norm after it was once impractical. Projects like Shodan and Scans.i...
Threat Roundup for March 8 to March 15
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between March 08 and March 15. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral...
Cyber Security Week in Review (March 15)
Welcome to this week's Cyber Security Week in Review, where Cisco Talos runs down all of the news we think you need to know in the security world. For more news delivered to your inbox every week, sign up for our Threat Source newsletter here. Top headlines this week The U.S. warned Germany that...
GlitchPOS: New PoS malware for sale
Warren Mercer and Paul Rascagneres authored this post with contributions from Ben Baker. Executive summary Point-of-sale malware is popular among attackers, as it usually leads to them obtaining credit card numbers and immediately use that information for financial gain. This type of malware is...
Microsoft Patch Tuesday — March 2019: Vulnerability disclosures and Snort coverage
Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 64 vulnerabilities, 17 of which are rated “critical,” 45 that are considered “important” and one “moderate” and “low” vulnerability each. This...
Vulnerability Spotlight: Privilege escalation bug in CleanMyMac X's helper service
Tyler Bohan of Cisco Talos discovered this vulnerability. Executive summary CleanMyMac X contains a privilege escalation vulnerability in its helper service due to improper updating. The application fails to remove the vulnerable components upon upgrading to the latest version, leaving the user...
The sights and sounds of Cisco Talos at RSA 2019
An estimated 45,000 people attended this year’s RSA Conference in San Francisco to hear talks from some of the greatest minds in security. As always, Cisco and Talos had a massive presence at the conference, topping off the week with a keynote address featuring Matt Watchinski, the vice president...
Threat Roundup for Mar. 1 to Mar. 8
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between March 1 8. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicato...
Cyber Security Week in Review (March 8)
Welcome to this week's Cyber Security Week in Review, where Cisco Talos runs down all of the news we think you need to know in the security world. For more news delivered to your inbox every week, sign up for our Threat Source newsletter here. Top headlines this week Chinese tech company Huawei i...
Vulnerability Spotlight: Multiple local vulnerabilities in Pixar Renderman
Tyler Bohan of Cisco Talos discovered these vulnerabilities. Executive summary The MacOS version of Pixar Renderman contains three local vulnerabilities in its install helper tool. An attacker could exploit these bugs to escalate their privileges to root. Renderman is a rendering application used...
Cisco, Talos tout importance of IoT security at RSA keynote
--- Matt Watchinski, the vice president of Cisco Talos, delivers a keynote address at the RSA Conference in San Francisco on Tuesday. By Jonathan Munshaw of Cisco Talos and Liza Meak of The Network, Cisco’s technology news site. By 2020, Gartner predicts 20 billion connected devices will be onlin...
Beers with Talos Ep. #48: Loaders or trojans, plus an RSA preview
Beers with Talos BWT Podcast Ep. 48 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. March 1, 2019 - This is a super short episode. We are trying to get it out in time for RSA and Matt is MIA today. We are covering...
Threat Roundup for Feb. 22 to March 1
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Feb. 22 and March 01. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristic...
Cyber Security Week in Review (March 1)
Welcome to this week's Cyber Security Week in Review, where Cisco Talos runs down all of the news we think you need to know in the security world. For more news delivered to your inbox every week, sign up for our Threat Source newsletter here. Top headlines this week Drupal patched a “highly...
Vulnerability Spotlight: Remote code execution vulnerability in Antenna House Rainbow PDF Office Server Document Converter
Emmanuel Tacheau of Cisco Talos discovered this vulnerability. Executive summary Antenna House Rainbow PDF Office Server Document Converter contains a heap overflow vulnerability that could allow an attacker to remotely execute code on the victim machine. Rainbow PDF is a software solution that...
Cisco Talos Honeypot Analysis Reveals Rise in Attacks on Elasticsearch Clusters
Christopher Evans of Cisco Talos conducted the research for this post. Executive Summary Cisco Talos warns users that they need to keep a close eye on unsecured Elasticsearch clusters. We have recently observed a spike in attacks from multiple threat actors targeting these clusters. These attacke...
Beers with Talos Ep. #47: Privacy, Underwear, and Arias
Beers with Talos BWT Podcast Ep. 47 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Ep. 47 show notes: Recorded Feb. 15, 2019 We are joined by special guest Michelle Dennedy, a vice president and the chief privacy...
Threat Roundup for Feb. 15 to Feb. 22
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Feb. 15 and Feb. 22. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...
Cyber Security Week in Review (Feb. 22)
Welcome to this week's Cyber Security Week in Review, where Cisco Talos runs down all of the news we think you need to know in the security world. For more news delivered to your inbox every week, sign up for our Threat Source newsletter here. Top headlines this week U.S. officials charged a form...
Vulnerability Spotlight: Multiple vulnerabilities in GOG Galaxy Games
Richard Johnson and Tyler Bohan of Cisco Talos discovered these vulnerabilities. Executive summary The GOG Galaxy video game launcher contains multiple vulnerabilities that could allow a malicious actor to carry out a variety of attacks. GOG Galaxy Games is a video game storefront that allows use...
Combing Through Brushaloader Amid Massive Detection Uptick
Nick Biasini and Edmund Brumaghin authored this blog post with contributions from Matthew Molyett. Executive Summary Over the past several months, Cisco Talos has been monitoring various malware distribution campaigns leveraging the malware loader Brushaloader to deliver malware payloads to...
JavaScript bridge makes malware analysis with WinDbg easier
Introduction As malware researchers, we spend several days a week debugging malware in order to learn more about it. We have several powerful and popular user mode tools to choose from, such as OllyDbg, x64dbg, IDA Pro and Immunity Debugger. All these debuggers utilize some scripting language to...
Threat Roundup for Feb. 8 to Feb. 15
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Feb. 08 and Feb. 15. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...
Cyber Security Week in Review (Feb. 15, 2019)
Welcome to this week's Cyber Security Week in Review, where Cisco Talos runs down all of the news we think you need to know in the security world. For more news delivered to your inbox every week, sign up for our Threat Source newsletter here. Top headlines this week Email provider VFEmail says i...
Beers with Talos Ep. #46 - Privacy Pwnd: ExileRAT and Collecting Bad Karma
Beers with Talos BWT Podcast Ep. 46 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Ep. 46 show notes: Recorded Feb. 1, 2019 Today we discuss threats that bridge the gap between violating privacy and classic...
Microsoft Patch Tuesday — February 2019: Vulnerability disclosures and Snort coverage
Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 69 vulnerabilities, 20 of which are rated “critical,” 46 that are considered “important” and three that are “moderate.” This release also...
Vulnerability Spotlight: Adobe Acrobat Reader DC text field remote code execution vulnerability
Aleksandar Nikolic of Cisco Talos discovered this vulnerability. Executive summary Adobe Acrobat Reader DC contains a vulnerability that could allow an attacker to remotely execute code on the victim’s machine. If the attacker tricks the user into opening a specially crafted PDF with specific...
What you can learn from Cisco Talos’ new oil pumpjack workshop
Paul Rascagneres wrote this blog post with contributions from Patrick DeSantis from Cisco Talos ARES Advanced Research/Embedded Systems. Executive summary Every day, more industrial control systems ICS become vulnerable to cyber attacks. As these massive, critical machines become more...