2032 matches found
Cyber Security Week in Review (Feb. 8)
Welcome to this week's Cyber Security Week in Review, where Cisco Talos runs down all of the news we think you need to know in the security world. For more news delivered to your inbox every week, sign up for our Threat Source newsletter here. Top headlines this week Attackers continue to utilize...
2018 in Snort Rules
This blog post was authored by Benny Ketelslegers of Cisco Talos The cybersecurity field shifted quite a bit in 2018. With the boom of cryptocurrency, we saw a transition from ransomware to cryptocurrency miners. Talos researchers identified APT campaigns including VPNFilter, predominantly...
ExileRAT shares C2 with LuckyCat, targets Tibet
Warren Mercer, Paul Rascagneres and Jaeson Schultz authored this post. Executive summary Cisco Talos recently observed a malware campaign delivering a malicious Microsoft PowerPoint document using a mailing list run by the Central Tibetan Administration CTA, an organization officially representin...
Cyber Security Week in Review (Feb. 1)
Welcome to this week's Cyber Security Week in Review, where Cisco Talos runs down all of the news we think you need to know in the security world. For more news delivered to your inbox every week, sign up for our Threat Source newsletter here. Top headlines this week Apple revoked a set of...
Threat Roundup for Jan. 25 to Feb. 1
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Jan. 25 and Feb. 01. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...
Fake Cisco Job Posting Targets Korean Candidates
Edmund Brumaghin and Paul Rascagneres authored this post, with contributions from Jungsoo An. Executive summary Cisco Talos recently observed a targeted malware campaign being leveraged in an attempt to compromise specific organizations. The infection vector associated with this campaign was a...
Vulnerability Spotlight: Multiple vulnerabilities in ACD Systems Canvas Draw 5
Tyler Bohan of Cisco Talos discovered these vulnerabilities. Vanja Svajcer authored this blog post. Cisco Talos is disclosing several vulnerabilities in ACD Systems' Canvas Draw 5, a graphics-editing tool for Mac. The vulnerable component of Canvas Draw 5 lies in the handling of TIFF and PCX...
Vulnerability Spotlight: Multiple vulnerabilities in coTURN
Nicolas Edet of Cisco discovered these vulnerabilities. Executive summary Today, Cisco Talos is disclosing three vulnerabilities in coTURN. coTURN is an open-source implementation of TURN and STUN servers that can be used as a general-purpose networking traffic TURN server. TURN servers are usual...
Vulnerability Spotlight: Python.org certificate parsing denial-of-service
Colin Read and Nicolas Edet of Cisco Talos discovered these vulnerabilities. Executive summary Python.org contains an exploitable denial-of-service vulnerability in its X509 certificate parser. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of...
Vulnerability Spotlight: Multiple WIBU SYSTEMS WubiKey vulnerabilities
Marcin "Icewall" Noga of Cisco Talos discovered these vulnerabilities. Executive Summary Cisco Talos discovered two vulnerabilities that could allow remote code execution and memory disclosure at the kernel level in WIBU-SYSTEMS WibuKey. WibuKey is a USB key designed to protect software and...
Threat Roundup for Jan. 18 to Jan. 25
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Jan. 18 and Jan. 25. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...
Cisco AMP tracks new campaign that delivers Ursnif
This blog post was authored by John Arneson of Cisco Talos Executive Summary Cisco Talos once again spotted the Ursnif malware in the wild. We tracked this information stealer after Cisco's Advanced Malware Protection AMP Exploit Prevention engine alerted us to these Ursnif infections. Thanks to...
Beers with Talos Ep. #45: SoHo attacks, IoT devices, and the cesspool setting
Beers with Talos BWT Podcast Ep. 45 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Ep. 45 show notes: Recorded Jan. 18, 2019 We have an extended roundtable today even more than usual because we accidentally...
Threat Roundup for Jan. 11 to Jan. 18
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Jan. 11 and Jan. 18. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...
What we learned by unpacking a recent wave of Imminent RAT infections using AMP
This blog post was authored by Chris Marczewski Cisco Talos has been tracking a series of Imminent RAT infections for the past two months following reported data from Cisco Advanced Malware Protection's AMP Exploit Prevention engine. AMP successfully stopped the malware before it was able to infe...
Cisco Talos' new reputation dispute system
We know users have been waiting for this feature for a while, and we are here to say: It’s ready. Cisco Talos’ new reputation system rolled out Jan. 14 on TalosIntelligence.com. We have been working on this change since the rollout was initially announced this past summer. Starting today, all use...
Beers with Talos EP44: Fun with 2018’s Worst and Talks We Want to Hear
Beers with Talos BWT Podcast Ep. 44 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Ep. 44 show notes: Recorded Jan. 7, 2019 Most of the episode after an extended roundtable — we all had a lot to get out after tim...
Dynamic Data Resolver (DDR) - IDA Plugin
This blog post was authored by Holger Unterbrink Executive Summary Static reverse-engineering in IDA can often be problematic. Certain values are calculated at run time, which makes it difficult to understand what a certain basic block is doing. But, if you try to perform dynamic analysis by...
Emotet re-emerges after the holidays
While Emotet has been around for many years and is one of the most well-known pieces of malware in the wild, that doesn't mean attackers don't try to freshen it up. Cisco Talos recently discovered several new campaigns distributing the infamous banking trojan via email. These new campaigns have...
Vulnerability Deep Dive: TP-Link TL-R600VPN remote code execution vulnerabilities
Vulnerability discovery and research by Jared Rittle and Carl Hurd of Cisco Talos. Introduction TP-Link recently patched three vulnerabilities in their TL-R600VPN gigabit broadband VPN router, firmware version 1.3.0. Cisco Talos publicly disclosed these issues after working with TP-Link to ensure...
Pylocky Unlocked: Cisco Talos releases PyLocky ransomware decryptor
This tool was developed by Mike Bautista. PyLocky is a family of ransomware written in Python that attempts to masquerade as a Locky variant. This ransomware will encrypt all files on a victim machine before demanding that the user pay a ransom to gain access to their decrypted files. To combat...
Why we want users' feedback on Snort rule documentation
Today, Talos is launching a new community survey to solicit feedback on SNORTⓇ documentation. When Snort alerts the end user, the rule documentation is their first and possibly only avenue to find information on malicious traffic in their network. We know this can be better, and we want your help...
Microsoft Patch Tuesday — January 2019: Vulnerability disclosures and Snort coverage
Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 49 vulnerabilities, seven of which are rated “critical,” 40 that are considered “important” and one that is “moderate.” This release also...
Vulnerability Spotlight: Multiple Apple IntelHD5000 privilege escalation vulnerabilities
Tyler Bohan of Cisco Talos discovered this vulnerability. Executive Summary A memory corruption vulnerability exists in the IntelHD5000 kernel extension when dealing with graphics resources inside of Apple OSX 10.13.4. A library inserted into the VLC media application can cause an out-of-bounds...
Vulnerability Spotlight: Multiple privilege escalation vulnerabilities in CleanMyMac X
Tyler Bohan of Cisco Talos discovered these vulnerabilities. Executive summary Today, Cisco Talos is disclosing several vulnerabilities in MacPaw’s CleanMyMac X software. CleanMyMac X is a cleanup application for Mac operating systems that allows users to free up extra space on their machines by...
Threat Roundup for Dec. 14 to Dec. 21
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Dec. 14 and Dec. 21. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...
Submissions for talks at the 2019 Talos Threat Research Summit are now open
When Cisco Talos launched the first ever Talos Threat Research Summit last year, we never could have anticipated how popular it would be. Tickets sold out quickly, and our inaugural Talos-backed conference was packed in the days leading up to Cisco Live. This year, we are bringing back the Threat...
Year in Malware 2018: The most prominent threats Talos tracked this year
It was easy to see a wild year coming in cybersecurity. It started with a bang, with Olympic Destroyer targeting the Winter Olympics in February in an attempt to disrupt the opening ceremonies. Things only got crazier from there, with cryptocurrency miners popping up everywhere, and VPNFilter...
Vulnerability Spotlight : Multiple Vulnerabilities in WIBU-SYSTEMS WibuKey.sys
These vulnerabilities were discovered by Marcin 'Icewall' Noga of Cisco Talos. Executive Summary WibuKey is a Digital Rights Management DRM solution that has been used in a large number of solutions such as Straton, Archicad, GRAPHISOFT, V-Ray and others. It has been leveraged by over 3,000...
Microsoft Patches Out-of-Band Internet Explorer Scripting Engine Vulnerability After Exploitation Detected in the Wild
Overview Microsoft released an out-of-band OOB patch on Wednesday related to a vulnerability in the scripting engine of Internet Explorer. This particular vulnerability is believed to be actively exploited in the wild and should be patched immediately. This remote code execution bug lies in the w...
Connecting the dots between recently active cryptominers
Post authored by David Liebenberg and Andrew Williams. Executive Summary Through Cisco Talos' investigation of illicit cryptocurrency mining campaigns in the past year, we began to notice that many of these campaigns shared remarkably similar TTPs, which we at first mistakenly interpreted as bein...
As Cryptocurrency Crash Continues, Will Mining Threat Follow?
Post authored by Nick Biasini. Executive Summary As 2018 draws to a close, one technology has definitively left its mark on the year: cryptocurrencies. Digital currencies started the year out strong after a meteoric rise toward the end of 2017. Since then, it's safe to say that cryptocurrencies...
Beers with Talos EP 43: Espionage, Encryption, and CISO Square One
Beers with Talos BWT Podcast Ep. 43 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Ep. 43 show notes: Recorded Dec. 7, 2018. Several of us are under the weather, but the show must go on. We did our best, as alway...
Bitcoin Bomb Scare Associated with Sextortion Scammers
This blog was written by Jaeson Schultz. Organizations across the country are on edge today after a flurry of phony bomb threats hit several public entities Thursday, such as universities, schools and news outlets, among others. The attackers distributed malicious emails claiming to have placed...
Threat Roundup for Dec. 7 to Dec. 14
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Dec. 07 and Dec. 14. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...
Cisco Coverage for Shamoon 2 & 3
Update Dec. 14, 2018 10:30 CST: Added new Shamoon 3 IOCs Shamoon is a type of destructive malware that has been previously associated with attacks against various organizations in the oil and gas industry that we've been tracking since 2012. A new variant of this threat, identified as Shamoon 2,...
Vulnerability Spotlight: Adobe Acrobat Reader DC text field remote code execution vulnerability
Aleksandar Nikolic of Cisco Talos discovered this vulnerability. Executive summary Adobe Acrobat Reader DC contains a vulnerability that could allow an attacker to remotely execute code on the victim’s machine. If the attacker tricks the user into opening a specially crafted PDF with specific...
Microsoft Patch Tuesday — December 2018: Vulnerability disclosures and Snort coverage
Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 38 vulnerabilities, nine of which are rated “critical” and 29 that are considered “important.” There are no “moderate” or “low” vulnerabilities...
in(Secure) messaging apps — How side-channel attacks can compromise privacy in WhatsApp, Telegram, and Signal
This blog post is authored by Vitor Ventura. Executive summary Messaging applications have been around since the inception of the internet. But recently, due to the increased awareness around mass surveillance in some countries, more users are installing end-to-end encrypted apps dubbed "secure...
Threat Roundup for Nov. 30 to Dec. 7
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Nov. 30 and Dec. 07. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...
An introduction to offensive capabilities of Active Directory on UNIX
Tim Wadhwa-Brown of Portcullis Labs authored this post. In preparation for our talk at Black Hat Europe, Security Advisory EMEAR would like to share the background on our recent research into some common Active Directory integration solutions. Just as with Windows, these solutions can be utilized...
Vulnerability Spotlight: Netgate pfSense system_advanced_misc.php powerd_normal_mode Command Injection Vulnerability
Brandon Stultz of Cisco Talos discovered these vulnerabilities. Executive summary Today, Cisco Talos is disclosing a command injection vulnerability in Netgate pfSense systemadvancedmisc.php powerdnormalmode. pfSense is a free and open source firewall and router that also features unified threat...
Threat Roundup for Nov. 23 to Nov. 30
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Nov. 23 and Nov. 30. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...
DNSpionage Campaign Targets Middle East
This blog post was authored by Warren Mercer and Paul Rascagneres. Update 2018-11-27 15:30:00 EDT: A Russian-language document has been removed. Subsequent analysis leads us to believe it is unrelated to this investigation. Executive Summary Cisco Talos recently discovered a new campaign targetin...
Beers with Talos EP42: To the Moon, Everyone!
Beers with Talos BWT Podcast Ep. 42 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Ep. 42 show notes: Recorded Nov. 16, 2018. Cyber moonshot, baby! It’s just like that time the U.S. raced everyone to the moon,...
Vulnerability Spotlight: Multiple remote code execution vulnerabilities in Atlantis Word Processor
A member of Cisco Talos discovered these vulnerabilities. Executive summary Today, Cisco Talos is disclosing three remote code execution vulnerabilities in the Atlantis Word Processor. Atlantis Word Processor is a traditional word processor that provides a number of basic features for users, in...
What scams shoppers should look out for on Black Friday and Cyber Monday
Every year, more and more Americans are taking care of their holiday shopping on Cyber Monday. Last year, consumers spent a record $6.59 billion during the annual online shopping day, an all-time record, according to Adobe Insights. Still, that doesn’t mean no one is rushing out the night of...
Vulnerability Spotlight: Multiple remote vulnerabilities in TP-Link TL-R600VPN
Vulnerabilities discovered by Carl Hurd and Jared Rittle of Cisco Talos. Cisco Talos is disclosing multiple vulnerabilities in the TP-Link TL-R600VPN router. TP-Link produces a number of different types of small and home office SOHO routers. Talos discovered several bugs in this particular router...
Threat Roundup for Nov. 9 to Nov. 16
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Nov. 09 and Nov. 16. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...
Beers with Talos Ep. #41: Sex, money and malware
Beers with Talos BWT Podcast Ep. 41 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Ep. 41 show notes: Recorded Nov. 9, 2018 — We tried to make this episode last week, but thanks to some technical difficulties, we...