Lucene search
K
TalosblogRecent

2032 matches found

Talos Blog
Talos Blog
added 2019/02/08 7:51 a.m.97 views

Cyber Security Week in Review (Feb. 8)

Welcome to this week's Cyber Security Week in Review, where Cisco Talos runs down all of the news we think you need to know in the security world. For more news delivered to your inbox every week, sign up for our Threat Source newsletter here. Top headlines this week Attackers continue to utilize...

2AI score
Exploits0
Talos Blog
Talos Blog
added 2019/02/06 8:19 a.m.1499 views

2018 in Snort Rules

This blog post was authored by Benny Ketelslegers of Cisco Talos The cybersecurity field shifted quite a bit in 2018. With the boom of cryptocurrency, we saw a transition from ransomware to cryptocurrency miners. Talos researchers identified APT campaigns including VPNFilter, predominantly...

10CVSS9.6AI score0.99999EPSS
Exploits68
Talos Blog
Talos Blog
added 2019/02/04 8:0 a.m.18222 views

ExileRAT shares C2 with LuckyCat, targets Tibet

Warren Mercer, Paul Rascagneres and Jaeson Schultz authored this post. Executive summary Cisco Talos recently observed a malware campaign delivering a malicious Microsoft PowerPoint document using a mailing list run by the Central Tibetan Administration CTA, an organization officially representin...

9.3CVSS8.4AI score0.99933EPSS
Exploits29
Talos Blog
Talos Blog
added 2019/02/01 9:38 a.m.43 views

Cyber Security Week in Review (Feb. 1)

Welcome to this week's Cyber Security Week in Review, where Cisco Talos runs down all of the news we think you need to know in the security world. For more news delivered to your inbox every week, sign up for our Threat Source newsletter here. Top headlines this week Apple revoked a set of...

0.3AI score
Exploits0
Talos Blog
Talos Blog
added 2019/02/01 8:57 a.m.59 views

Threat Roundup for Jan. 25 to Feb. 1

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Jan. 25 and Feb. 01. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...

0.7AI score
Exploits0
Talos Blog
Talos Blog
added 2019/01/30 11:19 a.m.50 views

Fake Cisco Job Posting Targets Korean Candidates

Edmund Brumaghin and Paul Rascagneres authored this post, with contributions from Jungsoo An. Executive summary Cisco Talos recently observed a targeted malware campaign being leveraged in an attempt to compromise specific organizations. The infection vector associated with this campaign was a...

Exploits0
Talos Blog
Talos Blog
added 2019/01/30 8:23 a.m.48 views

Vulnerability Spotlight: Multiple vulnerabilities in ACD Systems Canvas Draw 5

Tyler Bohan of Cisco Talos discovered these vulnerabilities. Vanja Svajcer authored this blog post. Cisco Talos is disclosing several vulnerabilities in ACD Systems' Canvas Draw 5, a graphics-editing tool for Mac. The vulnerable component of Canvas Draw 5 lies in the handling of TIFF and PCX...

6.8CVSS0.3AI score0.02253EPSS
Exploits4
Talos Blog
Talos Blog
added 2019/01/29 7:37 a.m.78 views

Vulnerability Spotlight: Multiple vulnerabilities in coTURN

Nicolas Edet of Cisco discovered these vulnerabilities. Executive summary Today, Cisco Talos is disclosing three vulnerabilities in coTURN. coTURN is an open-source implementation of TURN and STUN servers that can be used as a general-purpose networking traffic TURN server. TURN servers are usual...

7.5CVSS0.4AI score0.02955EPSS
Exploits1
Talos Blog
Talos Blog
added 2019/01/28 11:12 a.m.111 views

Vulnerability Spotlight: Python.org certificate parsing denial-of-service

Colin Read and Nicolas Edet of Cisco Talos discovered these vulnerabilities. Executive summary Python.org contains an exploitable denial-of-service vulnerability in its X509 certificate parser. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of...

5CVSS1.7AI score0.20743EPSS
Exploits1
Talos Blog
Talos Blog
added 2019/01/28 7:5 a.m.122 views

Vulnerability Spotlight: Multiple WIBU SYSTEMS WubiKey vulnerabilities

Marcin "Icewall" Noga of Cisco Talos discovered these vulnerabilities. Executive Summary Cisco Talos discovered two vulnerabilities that could allow remote code execution and memory disclosure at the kernel level in WIBU-SYSTEMS WibuKey. WibuKey is a USB key designed to protect software and...

7.5CVSS1.2AI score0.34329EPSS
Exploits3
Talos Blog
Talos Blog
added 2019/01/25 11:52 a.m.301 views

Threat Roundup for Jan. 18 to Jan. 25

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Jan. 18 and Jan. 25. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...

8AI score
Exploits0
Talos Blog
Talos Blog
added 2019/01/24 10:39 a.m.271 views

Cisco AMP tracks new campaign that delivers Ursnif

This blog post was authored by John Arneson of Cisco Talos Executive Summary Cisco Talos once again spotted the Ursnif malware in the wild. We tracked this information stealer after Cisco's Advanced Malware Protection AMP Exploit Prevention engine alerted us to these Ursnif infections. Thanks to...

0.6AI score
Exploits0
Talos Blog
Talos Blog
added 2019/01/22 11:59 a.m.45 views

Beers with Talos Ep. #45: SoHo attacks, IoT devices, and the cesspool setting

Beers with Talos BWT Podcast Ep. 45 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Ep. 45 show notes: Recorded Jan. 18, 2019 We have an extended roundtable today even more than usual because we accidentally...

0.9AI score
Exploits0
Talos Blog
Talos Blog
added 2019/01/18 3:13 p.m.209 views

Threat Roundup for Jan. 11 to Jan. 18

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Jan. 11 and Jan. 18. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...

7.2AI score
Exploits0
Talos Blog
Talos Blog
added 2019/01/17 11:30 a.m.43 views

What we learned by unpacking a recent wave of Imminent RAT infections using AMP

This blog post was authored by Chris Marczewski Cisco Talos has been tracking a series of Imminent RAT infections for the past two months following reported data from Cisco Advanced Malware Protection's AMP Exploit Prevention engine. AMP successfully stopped the malware before it was able to infe...

6.8AI score
Exploits0
Talos Blog
Talos Blog
added 2019/01/17 8:25 a.m.73 views

Cisco Talos' new reputation dispute system

We know users have been waiting for this feature for a while, and we are here to say: It’s ready. Cisco Talos’ new reputation system rolled out Jan. 14 on TalosIntelligence.com. We have been working on this change since the rollout was initially announced this past summer. Starting today, all use...

7AI score
Exploits0
Talos Blog
Talos Blog
added 2019/01/17 4:59 a.m.59 views

Beers with Talos EP44: Fun with 2018’s Worst and Talks We Want to Hear

Beers with Talos BWT Podcast Ep. 44 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Ep. 44 show notes: Recorded Jan. 7, 2019 Most of the episode after an extended roundtable — we all had a lot to get out after tim...

7.2AI score
Exploits0
Talos Blog
Talos Blog
added 2019/01/16 7:55 a.m.293 views

Dynamic Data Resolver (DDR) - IDA Plugin

This blog post was authored by Holger Unterbrink Executive Summary Static reverse-engineering in IDA can often be problematic. Certain values are calculated at run time, which makes it difficult to understand what a certain basic block is doing. But, if you try to perform dynamic analysis by...

7AI score
Exploits0
Talos Blog
Talos Blog
added 2019/01/15 1:14 p.m.77 views

Emotet re-emerges after the holidays

While Emotet has been around for many years and is one of the most well-known pieces of malware in the wild, that doesn't mean attackers don't try to freshen it up. Cisco Talos recently discovered several new campaigns distributing the infamous banking trojan via email. These new campaigns have...

0.8AI score
Exploits0
Talos Blog
Talos Blog
added 2019/01/15 12:2 p.m.83 views

Vulnerability Deep Dive: TP-Link TL-R600VPN remote code execution vulnerabilities

Vulnerability discovery and research by Jared Rittle and Carl Hurd of Cisco Talos. Introduction TP-Link recently patched three vulnerabilities in their TL-R600VPN gigabit broadband VPN router, firmware version 1.3.0. Cisco Talos publicly disclosed these issues after working with TP-Link to ensure...

0.2AI score
Exploits0
Talos Blog
Talos Blog
added 2019/01/10 7:56 a.m.55 views

Pylocky Unlocked: Cisco Talos releases PyLocky ransomware decryptor

This tool was developed by Mike Bautista. PyLocky is a family of ransomware written in Python that attempts to masquerade as a Locky variant. This ransomware will encrypt all files on a victim machine before demanding that the user pay a ransom to gain access to their decrypted files. To combat...

0.8AI score
Exploits0
Talos Blog
Talos Blog
added 2019/01/09 11:6 a.m.34 views

Why we want users' feedback on Snort rule documentation

Today, Talos is launching a new community survey to solicit feedback on SNORTⓇ documentation. When Snort alerts the end user, the rule documentation is their first and possibly only avenue to find information on malicious traffic in their network. We know this can be better, and we want your help...

0.3AI score
Exploits0
Talos Blog
Talos Blog
added 2019/01/08 11:40 a.m.305 views

Microsoft Patch Tuesday — January 2019: Vulnerability disclosures and Snort coverage

Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 49 vulnerabilities, seven of which are rated “critical,” 40 that are considered “important” and one that is “moderate.” This release also...

10CVSS0.9AI score0.82902EPSS
Exploits39
Talos Blog
Talos Blog
added 2019/01/08 10:0 a.m.109 views

Vulnerability Spotlight: Multiple Apple IntelHD5000 privilege escalation vulnerabilities

Tyler Bohan of Cisco Talos discovered this vulnerability. Executive Summary A memory corruption vulnerability exists in the IntelHD5000 kernel extension when dealing with graphics resources inside of Apple OSX 10.13.4. A library inserted into the VLC media application can cause an out-of-bounds...

6.8AI score0.01101EPSS
Exploits0
Talos Blog
Talos Blog
added 2019/01/02 10:50 a.m.36 views

Vulnerability Spotlight: Multiple privilege escalation vulnerabilities in CleanMyMac X

Tyler Bohan of Cisco Talos discovered these vulnerabilities. Executive summary Today, Cisco Talos is disclosing several vulnerabilities in MacPaw’s CleanMyMac X software. CleanMyMac X is a cleanup application for Mac operating systems that allows users to free up extra space on their machines by...

6.6CVSS0.8AI score0.00497EPSS
Exploits1
Talos Blog
Talos Blog
added 2018/12/21 3:7 p.m.66 views

Threat Roundup for Dec. 14 to Dec. 21

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Dec. 14 and Dec. 21. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...

0.1AI score
Exploits0
Talos Blog
Talos Blog
added 2018/12/21 6:0 a.m.67 views

Submissions for talks at the 2019 Talos Threat Research Summit are now open

When Cisco Talos launched the first ever Talos Threat Research Summit last year, we never could have anticipated how popular it would be. Tickets sold out quickly, and our inaugural Talos-backed conference was packed in the days leading up to Cisco Live. This year, we are bringing back the Threat...

0.5AI score
Exploits0
Talos Blog
Talos Blog
added 2018/12/20 12:0 p.m.45 views

Year in Malware 2018: The most prominent threats Talos tracked this year

It was easy to see a wild year coming in cybersecurity. It started with a bang, with Olympic Destroyer targeting the Winter Olympics in February in an attempt to disrupt the opening ceremonies. Things only got crazier from there, with cryptocurrency miners popping up everywhere, and VPNFilter...

7AI score
Exploits0
Talos Blog
Talos Blog
added 2018/12/20 9:48 a.m.89 views

Vulnerability Spotlight : Multiple Vulnerabilities in WIBU-SYSTEMS WibuKey.sys

These vulnerabilities were discovered by Marcin 'Icewall' Noga of Cisco Talos. Executive Summary WibuKey is a Digital Rights Management DRM solution that has been used in a large number of solutions such as Straton, Archicad, GRAPHISOFT, V-Ray and others. It has been leveraged by over 3,000...

0.9AI score0.34329EPSS
Exploits3
Talos Blog
Talos Blog
added 2018/12/19 4:19 p.m.176 views

Microsoft Patches Out-of-Band Internet Explorer Scripting Engine Vulnerability After Exploitation Detected in the Wild

Overview Microsoft released an out-of-band OOB patch on Wednesday related to a vulnerability in the scripting engine of Internet Explorer. This particular vulnerability is believed to be actively exploited in the wild and should be patched immediately. This remote code execution bug lies in the w...

7.6CVSS8AI score0.29822EPSS
Exploits0
Talos Blog
Talos Blog
added 2018/12/18 8:33 a.m.3591 views

Connecting the dots between recently active cryptominers

Post authored by David Liebenberg and Andrew Williams. Executive Summary Through Cisco Talos' investigation of illicit cryptocurrency mining campaigns in the past year, we began to notice that many of these campaigns shared remarkably similar TTPs, which we at first mistakenly interpreted as bein...

9.3CVSS8.9AI score0.99993EPSS
Exploits41
Talos Blog
Talos Blog
added 2018/12/18 8:33 a.m.53 views

As Cryptocurrency Crash Continues, Will Mining Threat Follow?

Post authored by Nick Biasini. Executive Summary As 2018 draws to a close, one technology has definitively left its mark on the year: cryptocurrencies. Digital currencies started the year out strong after a meteoric rise toward the end of 2017. Since then, it's safe to say that cryptocurrencies...

Exploits0
Talos Blog
Talos Blog
added 2018/12/14 11:46 a.m.47 views

Beers with Talos EP 43: Espionage, Encryption, and CISO Square One

Beers with Talos BWT Podcast Ep. 43 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Ep. 43 show notes: Recorded Dec. 7, 2018. Several of us are under the weather, but the show must go on. We did our best, as alway...

Exploits0
Talos Blog
Talos Blog
added 2018/12/14 9:57 a.m.344 views

Bitcoin Bomb Scare Associated with Sextortion Scammers

This blog was written by Jaeson Schultz. Organizations across the country are on edge today after a flurry of phony bomb threats hit several public entities Thursday, such as universities, schools and news outlets, among others. The attackers distributed malicious emails claiming to have placed...

1.3AI score
Exploits0
Talos Blog
Talos Blog
added 2018/12/14 9:52 a.m.53 views

Threat Roundup for Dec. 7 to Dec. 14

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Dec. 07 and Dec. 14. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...

0.8AI score
Exploits0
Talos Blog
Talos Blog
added 2018/12/14 8:30 a.m.1068 views

Cisco Coverage for Shamoon 2 & 3

Update Dec. 14, 2018 10:30 CST: Added new Shamoon 3 IOCs Shamoon is a type of destructive malware that has been previously associated with attacks against various organizations in the oil and gas industry that we've been tracking since 2012. A new variant of this threat, identified as Shamoon 2,...

1.3AI score
Exploits0
Talos Blog
Talos Blog
added 2018/12/11 12:54 p.m.44 views

Vulnerability Spotlight: Adobe Acrobat Reader DC text field remote code execution vulnerability

Aleksandar Nikolic of Cisco Talos discovered this vulnerability. Executive summary Adobe Acrobat Reader DC contains a vulnerability that could allow an attacker to remotely execute code on the victim’s machine. If the attacker tricks the user into opening a specially crafted PDF with specific...

1.2AI score0.09744EPSS
Exploits0
Talos Blog
Talos Blog
added 2018/12/11 10:35 a.m.89 views

Microsoft Patch Tuesday — December 2018: Vulnerability disclosures and Snort coverage

Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 38 vulnerabilities, nine of which are rated “critical” and 29 that are considered “important.” There are no “moderate” or “low” vulnerabilities...

10CVSS1.5AI score0.69214EPSS
Exploits10
Talos Blog
Talos Blog
added 2018/12/10 8:51 a.m.62 views

in(Secure) messaging apps — How side-channel attacks can compromise privacy in WhatsApp, Telegram, and Signal

This blog post is authored by Vitor Ventura. Executive summary Messaging applications have been around since the inception of the internet. But recently, due to the increased awareness around mass surveillance in some countries, more users are installing end-to-end encrypted apps dubbed "secure...

6.8CVSS7.8AI score0.04778EPSS
Exploits1
Talos Blog
Talos Blog
added 2018/12/07 11:44 a.m.29 views

Threat Roundup for Nov. 30 to Dec. 7

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Nov. 30 and Dec. 07. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...

0.2AI score
Exploits0
Talos Blog
Talos Blog
added 2018/12/04 8:21 a.m.10 views

An introduction to offensive capabilities of Active Directory on UNIX

Tim Wadhwa-Brown of Portcullis Labs authored this post. In preparation for our talk at Black Hat Europe, Security Advisory EMEAR would like to share the background on our recent research into some common Active Directory integration solutions. Just as with Windows, these solutions can be utilized...

2.2AI score
Exploits0
Talos Blog
Talos Blog
added 2018/12/03 11:51 a.m.39 views

Vulnerability Spotlight: Netgate pfSense system_advanced_misc.php powerd_normal_mode Command Injection Vulnerability

Brandon Stultz of Cisco Talos discovered these vulnerabilities. Executive summary Today, Cisco Talos is disclosing a command injection vulnerability in Netgate pfSense systemadvancedmisc.php powerdnormalmode. pfSense is a free and open source firewall and router that also features unified threat...

6.5CVSS0.9AI score0.7221EPSS
Exploits3
Talos Blog
Talos Blog
added 2018/11/30 12:33 p.m.27 views

Threat Roundup for Nov. 23 to Nov. 30

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Nov. 23 and Nov. 30. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...

1AI score
Exploits0
Talos Blog
Talos Blog
added 2018/11/27 7:2 a.m.54 views

DNSpionage Campaign Targets Middle East

This blog post was authored by Warren Mercer and Paul Rascagneres. Update 2018-11-27 15:30:00 EDT: A Russian-language document has been removed. Subsequent analysis leads us to believe it is unrelated to this investigation. Executive Summary Cisco Talos recently discovered a new campaign targetin...

Exploits0
Talos Blog
Talos Blog
added 2018/11/21 12:19 p.m.9 views

Beers with Talos EP42: To the Moon, Everyone!

Beers with Talos BWT Podcast Ep. 42 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Ep. 42 show notes: Recorded Nov. 16, 2018. Cyber moonshot, baby! It’s just like that time the U.S. raced everyone to the moon,...

7.2AI score
Exploits0
Talos Blog
Talos Blog
added 2018/11/20 7:35 a.m.48 views

Vulnerability Spotlight: Multiple remote code execution vulnerabilities in Atlantis Word Processor

A member of Cisco Talos discovered these vulnerabilities. Executive summary Today, Cisco Talos is disclosing three remote code execution vulnerabilities in the Atlantis Word Processor. Atlantis Word Processor is a traditional word processor that provides a number of basic features for users, in...

6.8CVSS1.4AI score0.01426EPSS
Exploits3
Talos Blog
Talos Blog
added 2018/11/19 12:28 p.m.15 views

What scams shoppers should look out for on Black Friday and Cyber Monday

Every year, more and more Americans are taking care of their holiday shopping on Cyber Monday. Last year, consumers spent a record $6.59 billion during the annual online shopping day, an all-time record, according to Adobe Insights. Still, that doesn’t mean no one is rushing out the night of...

7AI score
Exploits0
Talos Blog
Talos Blog
added 2018/11/19 6:30 a.m.83 views

Vulnerability Spotlight: Multiple remote vulnerabilities in TP-Link TL-R600VPN

Vulnerabilities discovered by Carl Hurd and Jared Rittle of Cisco Talos. Cisco Talos is disclosing multiple vulnerabilities in the TP-Link TL-R600VPN router. TP-Link produces a number of different types of small and home office SOHO routers. Talos discovered several bugs in this particular router...

6.5CVSS1.5AI score0.53297EPSS
Exploits4
Talos Blog
Talos Blog
added 2018/11/16 11:20 a.m.38 views

Threat Roundup for Nov. 9 to Nov. 16

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Nov. 09 and Nov. 16. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...

0.4AI score
Exploits0
Talos Blog
Talos Blog
added 2018/11/14 8:38 a.m.23 views

Beers with Talos Ep. #41: Sex, money and malware

Beers with Talos BWT Podcast Ep. 41 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Ep. 41 show notes: Recorded Nov. 9, 2018 — We tried to make this episode last week, but thanks to some technical difficulties, we...

0.6AI score
Exploits0
Total number of security vulnerabilities2032