Lucene search
K
TalosblogRecent

2032 matches found

Talos Blog
Talos Blog
added 2018/11/13 10:53 a.m.333 views

Microsoft Patch Tuesday — November 2018: Vulnerability disclosures and Snort coverage

Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 53 vulnerabilities, 11 of which are rated "critical," 40 that are rated "important” and one “moderate” and “low” vulnerability, each. The...

10CVSS1.8AI score0.63294EPSS
Exploits20
Talos Blog
Talos Blog
added 2018/11/09 8:50 a.m.15 views

Threat Roundup for November 2 to November 9

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Nov. 02 and Nov. 09. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...

Exploits0
Talos Blog
Talos Blog
added 2018/11/08 9:9 a.m.52 views

Metamorfo Banking Trojan Keeps Its Sights on Brazil

This blog post was authored by Edmund Brumaghin, Warren Mercer, Paul Rascagneres, and Vitor Ventura. Executive Summary Financially motivated cybercriminals have used banking trojans for years to steal sensitive financial information from victims. They are often created to gather credit card...

0.9AI score
Exploits0
Talos Blog
Talos Blog
added 2018/11/05 8:55 a.m.113 views

Persian Stalker pillages Iranian users of Instagram and Telegram

This blog post is authored by Danny Adamatis, Warren Mercer, Paul Rascagneres, Vitor Ventura and with the contributions of Eric Kuhla. Introduction State-sponsored actors have a number of different techniques at their disposal to remotely gain access to social media and secure messaging...

0.6AI score
Exploits0
Talos Blog
Talos Blog
added 2018/11/02 11:3 a.m.56 views

Threat Roundup for Oct. 26 to Nov. 2

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Oct. 26 and Nov. 02. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...

0.2AI score
Exploits0
Talos Blog
Talos Blog
added 2018/11/01 11:48 a.m.19 views

CyberVets U.S.A.: The mission after transition

Christopher Marshall, a veteran of the U.S. Navy, currently serves as Director of Cybersecurity Research for Cisco Talos Intelligence Group. As a veteran of the U.S. Navy, I’ve had the opportunity to use some of the greatest technology this country has to offer — from night vision goggles, to...

Exploits0
Talos Blog
Talos Blog
added 2018/11/01 8:0 a.m.98 views

Talos Vulnerability Deep Dive - TALOS-2018-0636 / CVE-2018-3971 Sophos HitmanPro.Alert vulnerability

Marcin Noga of Cisco Talos discovered this vulnerability. Introduction Sophos patched two vulnerabilities in Sophos HitmanPro.Alert in version 3.7.9.759. We publicly disclosed these issues last week here, Cisco Talos will show you the process of developing an exploit for one of these bugs. We wil...

0.2AI score0.00541EPSS
Exploits1
Talos Blog
Talos Blog
added 2018/10/31 1:18 p.m.105 views

Vulnerability Spotlight: Multiple Vulnerabilities in Yi Technology Home Camera

Vulnerabilities Discovered by Lilith xx of Cisco Talos. Overview Cisco Talos is disclosing multiple vulnerabilities in the firmware of the Yi Technology Home Camera. In order to prevent the exploitation of these vulnerabilities, Talos worked with Yi Technology to make sure a newer version of the...

7.5CVSS0.3AI score0.02633EPSS
Exploits9
Talos Blog
Talos Blog
added 2018/10/31 7:31 a.m.108 views

Anatomy of a sextortion scam

This blog was written by Jaeson Schultz. Since this July, attackers are increasingly spreading sextortion-type attacks across the internet. Cisco Talos has been investigating these campaigns over the past few months. In many cases the spammers harvested email addresses and passwords from a public...

0.2AI score
Exploits0
Talos Blog
Talos Blog
added 2018/10/30 11:13 a.m.17 views

Talos Vulnerability Discovery Year in Review - 2018

Introduction Cisco Talos' Vulnerability Discovery Team investigates software and operating system vulnerabilities in order to discover them before malicious threat actors. We provide this information to vendors so that they can create patches and protect their customers as soon as possible. We...

Exploits0
Talos Blog
Talos Blog
added 2018/10/29 8:30 a.m.20 views

GPlayed's younger brother is a banker — and it's after Russian banks

This blog post is authored by Vitor Ventura. Introduction Cisco Talos published its findings on a new Android trojan known as "GPlayed" on Oct. 11. At the time, we wrote that the trojan seemed to be in the testing stages of development, based on the malware's code patterns, strings and telemetry...

Exploits0
Talos Blog
Talos Blog
added 2018/10/26 12:25 p.m.125 views

Threat Roundup for October 19 to October 26

Today, Talos is is publishing a glimpse into the most prevalent threats we've observed between Oct. 19 and Oct. 26. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral...

7.3AI score
Exploits0
Talos Blog
Talos Blog
added 2018/10/26 9:16 a.m.184 views

Vulnerability Spotlight: Talos-2018-0694 - MKVToolNix mkvinfo read_one_element Code Execution Vulnerability

Piotr Bania, Cory Duplantis and Martin Zeiser of Cisco Talos discovered this vulnerability. Overview Today, Cisco Talos is disclosing a vulnerability that we identified in the MKVToolNix mkvinfo utility that parses the Matroska file format video files .mkv files. MKVToolNix is a set of tools to...

0.8AI score0.01522EPSS
Exploits1
Talos Blog
Talos Blog
added 2018/10/25 8:43 a.m.84 views

Vulnerability Spotlight: TALOS-2018-0635/0636 - Sophos HitmanPro.Alert memory disclosure and code execution vulnerabilities

Marcin Noga of Cisco Talos discovered this vulnerability. Overview Cisco Talos is disclosing two vulnerabilities in Sophos HitmanPro.Alert, a malware detection and protection tool. Both vulnerabilities lie in the input/output control IOCTL message handler. One could allow an attacker to read kern...

1.3AI score0.00541EPSS
Exploits2
Talos Blog
Talos Blog
added 2018/10/24 3:3 p.m.40 views

Beers with Talos EP40: BWT XL feat. SuperMicro, Giant Patches, and More Mobile Malware

Beers with Talos BWT Podcast Ep. 40 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Ep. 40 show notes: Recorded Oct. 19, 2018 — In celebration of episode No. 40 and hitting over 1 million downloads!!!, we go XL...

0.4AI score
Exploits0
Talos Blog
Talos Blog
added 2018/10/19 1:39 p.m.44 views

Threat Roundup for October 12 to October 19

Today, as we do every week, Talos is giving you a glimpse into the most prevalent threats we’ve observed this week — covering the dates between Oct. 12 and 19. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, we will summarize the threats we’ve observed by...

0.6AI score
Exploits0
Talos Blog
Talos Blog
added 2018/10/19 9:37 a.m.29 views

Beers with Talos EP 39: VB 2018 Rundown and Prevalent Problems with PDF

Beers with Talos BWT Podcast Ep. 39 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Ep. 39 show notes: Recorded Oct. 5, 2018 - We start out with a quick chat to get to know this week’s special guests from the Talo...

0.7AI score
Exploits0
Talos Blog
Talos Blog
added 2018/10/18 9:49 a.m.41 views

Tracking Tick Through Recent Campaigns Targeting East Asia

This blog post is authored by Ashlee Benge and Jungsoo An, with contributions from Dazhuo Li. Summary Since 2016, an advanced threat group that Cisco Talos is tracking has carried out cyberattacks against South Korea and Japan. This group is known by several different names: Tick, Redbaldknight a...

7.6AI score
Exploits0
Talos Blog
Talos Blog
added 2018/10/18 7:48 a.m.77 views

Vulnerability Spotlight: Live Networks LIVE555 streaming media RTSPServer code execution vulnerability

These vulnerabilities were discovered by Lilith Wyatt of Cisco Talos. Cisco Talos is disclosing a code execution vulnerability that has been identified in Live Networks LIVE555 streaming media RTSPServer. LIVE555 Streaming Media is a set of open-source C++ libraries developed by Live Networks Inc...

1.5AI score0.09487EPSS
Exploits3
Talos Blog
Talos Blog
added 2018/10/16 9:25 a.m.82 views

Vulnerability Spotlight: Linksys ESeries Multiple OS Command Injection Vulnerabilities

These vulnerabilities were discovered by Jared Rittle of Cisco Talos. Cisco Talos is disclosing several vulnerabilities in the operating system on the Linksys E Series of routers. Multiple exploitable OS command injection vulnerabilities exist in the Linksys E Series line of routers. An attacker...

0.2AI score0.13335EPSS
Exploits3
Talos Blog
Talos Blog
added 2018/10/15 9:0 a.m.1711 views

Old dog, new tricks - Analysing new RTF-based campaign distributing Agent Tesla, Loki with PyREbox

This blog post was authored by Edmund Brumaghin and Holger Unterbrink with contributions from Emmanuel Tacheau. Executive Summary Cisco Talos has discovered a new malware campaign that drops the sophisticated information-stealing trojan called "Agent Tesla," and other malware such as the Loki...

9.3CVSS8.6AI score0.99945EPSS
Exploits62
Talos Blog
Talos Blog
added 2018/10/12 11:18 a.m.26 views

Threat Roundup for October 5 to October 12

Today, as we do every week, Talos is giving you a glimpse into the most prevalent threats we’ve observed this week — covering the dates between Oct. 5 and 12. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, we will summarize the threats we’ve observed by...

0.3AI score
Exploits0
Talos Blog
Talos Blog
added 2018/10/11 6:6 a.m.42 views

GPlayed Trojan - .Net playing with Google Market

This blog post is authored by Vitor Ventura. Introduction In a world where everything is always connected, and mobile devices are involved in individuals' day-to-day lives more and more often, malicious actors are seeing increased opportunities to attack these devices. Cisco Talos has identified...

7.4AI score
Exploits0
Talos Blog
Talos Blog
added 2018/10/10 9:21 a.m.81 views

Microsoft WindowsCodecs.dll SniffAndConvertToWideString Information Leak Vulnerability

These vulnerabilities were discovered by Marcin Noga of Cisco Talos. Today, Cisco Talos is disclosing a vulnerability in the WindowsCodecs.dll component of the Windows operating system. WindowsCodecs.dll is a component library that exists in the implementation of Windows Imaging Component WIC,...

6.9AI score0.0436EPSS
Exploits0
Talos Blog
Talos Blog
added 2018/10/09 11:59 a.m.27 views

Vulnerability Spotlight: VMWare Workstation DoS Vulnerability

Today, Cisco Talos is disclosing a vulnerability in VMware Workstation that could result in denial of service. VMware Workstation is a widely used virtualization platform designed to run alongside a normal operating system, allowing users to use both virtualized and physical systems concurrently...

6.5AI score0.00426EPSS
Exploits0
Talos Blog
Talos Blog
added 2018/10/09 11:38 a.m.203 views

Microsoft Patch Tuesday — October 18: Vulnerability disclosures and Snort coverage

Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 49 vulnerabilities, 12 of which are rated "critical," 34 that are rated "important,” two that are considered to have “moderate” severity and on...

9.3CVSS0.9AI score0.69833EPSS
Exploits33
Talos Blog
Talos Blog
added 2018/10/09 11:4 a.m.57 views

Vulnerability in the Intel Unified Shader compiler for the Intel Graphics Accelerator

Vulnerabilities discovered by Piotr Bania of Cisco Talos Talos is disclosing a pointer corruption vulnerability in the Intel Unified Shader compiler for the Intel Graphics Accelerator. Overview In order for the graphics to be produced, the graphics accelerators need to process the OpenGL scripts...

1AI score0.00871EPSS
Exploits0
Talos Blog
Talos Blog
added 2018/10/05 9:23 a.m.40 views

Threat Roundup Sept 28 - Oct 5

Today, as we do every week, Talos is giving you a glimpse into the most prevalent threats we’ve observed this week — covering the dates between Sept. 28 and Oct. 5. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, we will summarize the threats we’ve observed b...

6.7AI score
Exploits0
Talos Blog
Talos Blog
added 2018/10/03 7:38 a.m.45 views

Vulnerability Spotlight: Google PDFium JBIG2 Image ComposeToOpt2WithRect Information Disclosure Vulnerability

Discovered by Aleksandar Nikolic of Cisco Talos Overview Cisco Talos is releasing details of a new vulnerability in Google PDFium's JBIG2 library. An exploitable out-of-bounds read on the heap vulnerability exists in the JBIG2-parsing code in Google Chrome, version 67.0.3396.99. A specially craft...

0.4AI score0.01469EPSS
Exploits0
Talos Blog
Talos Blog
added 2018/10/02 1:25 p.m.62 views

BruCON Primer: 10 Years and Cisco Talos Talks

Cisco Talos will have a significant presence at the 10th edition of BruCON, which kicks off this week. Below, you will find the presentations that Talos researchers will give, along with a brief overview of the topics they will discuss. We are fortunate to have multiple speakers presenting this...

7.3AI score
Exploits0
Talos Blog
Talos Blog
added 2018/10/02 9:7 a.m.50 views

Vulnerability Spotlight: Adobe Acrobat Reader DC Collab reviewServer Remote Code Execution Vulnerability

Discovered by Aleksandar Nikolic of Cisco Talos Overview Today, Cisco Talos is releasing details of a new vulnerability within Adobe Acrobat Reader DC. Adobe Acrobat Reader is the most popular and most feature-rich PDF reader. It has a large user base, is usually a default PDF reader on systems a...

8.1AI score0.04833EPSS
Exploits0
Talos Blog
Talos Blog
added 2018/10/01 9:59 a.m.37 views

Vulnerability Spotlight: Multiple Issues in Foxit PDF Reader

Vulnerabilities discovered by Aleksandar Nikolic of Cisco Talos Overview Cisco Talos is disclosing eightteen vulnerabilities in Foxit PDF Reader, a popular free program for viewing, creating and editing PDF documents. It is commonly used as an alternative to Adobe Acrobat Reader and has a widely...

1.1AI score0.09482EPSS
Exploits14
Talos Blog
Talos Blog
added 2018/10/01 5:30 a.m.50 views

Vulnerability Spotlight: Multiple vulnerabilities in Atlantis Word Processor

Vulnerabilities discovered by Cory Duplantis of Cisco Talos. Overview Cisco Talos is disclosing several vulnerabilities discovered in Atlantis Word Processor. Atlantis Word Processor is a portable word processor that is also capable of converting any TXT, RTF, ODT, DOC, WRI, or DOCX document into...

1.8AI score0.01458EPSS
Exploits8
Talos Blog
Talos Blog
added 2018/09/28 10:4 a.m.15 views

Beers with Talos Ep. #38 — More fun with VPNFilter; Getting pwnd via spreadsheet

Beers with Talos BWT Podcast Ep. 38 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Ep. 38 show notes: Recorded Sept. 21, 2018 — The whole crew is back together! On the agenda today is VPNFilter part III, now...

1AI score
Exploits0
Talos Blog
Talos Blog
added 2018/09/28 6:14 a.m.42 views

Threat Roundup Sept 21 - 28

Today, as we do every week, Talos is giving you a glimpse into the most prevalent threats we’ve observed this week — covering the dates between Sept. 21 and 28. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, we will summarize the threats we’ve observed by...

0.5AI score
Exploits0
Talos Blog
Talos Blog
added 2018/09/26 7:59 a.m.196 views

VPNFilter III: More Tools for the Swiss Army Knife of Malware

Summary VPNFilter — a multi-stage, modular framework that has infected hundreds of thousands of network devices across the globe — is now known to possess even greater capabilities. Cisco Talos recently discovered seven additional third-stage VPNFilter modules that add significant functionality t...

5CVSS0.96087EPSS
Exploits23
Talos Blog
Talos Blog
added 2018/09/25 10:21 a.m.26 views

Vulnerability Spotlight: Epee Levin Packet Deserialization Code Execution Vulnerability

This vulnerability was discovered by Lilith of Cisco Talos. Overview The Epee library, which is leveraged by a large number of cryptocurrencies, contains an exploitable code execution vulnerability in the Levin deserialization functionality. An attacker can send a specially crafted network packet...

1.5AI score0.03686EPSS
Exploits1
Talos Blog
Talos Blog
added 2018/09/25 8:5 a.m.25 views

IDA-minsc Wins Second Place in Hex-Rays Plugins Contest

Introduction Ali Rizvi-Santiago of Cisco Talos recently tied for second place in the IDA plugin contest with a plugin named "IDA-minsc." IDA is a multi-processor disassembler and debugger created by the company Hex-Rays and this year there were a total of four winners with nine submissions total...

6.1AI score
Exploits0
Talos Blog
Talos Blog
added 2018/09/24 7:45 a.m.13 views

Adwind Dodges AV via DDE

This blog post is authored by Paul Rascagneres, Vitor Ventura and with the contribution of Tomislav Pericin and Robert Perica from ReversingLabs. Introduction Cisco Talos, along with fellow cybersecurity firm ReversingLabs, recently discovered a new spam campaign that is spreading the Adwind 3.0...

1.3AI score
Exploits0
Talos Blog
Talos Blog
added 2018/09/22 7:23 a.m.29 views

Threat Roundup for September 14 to September 21

Today, as we do every week, Talos is giving you a glimpse into the most prevalent threats we’ve observed this week — covering the dates between Sept. 14 and 21. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, we will summarize the threats we’ve observed by...

0.4AI score
Exploits0
Talos Blog
Talos Blog
added 2018/09/19 6:0 a.m.20 views

Cyber Threat Alliance Releases Cryptomining Whitepaper

This post is authored by Ashlee Benge. Despite the recent devaluation of some cryptocurrencies, illicit cryptocurrency miners remain a lucrative and widespread attack vector in the threat landscape. These miners are easy to deploy, and attackers see it as a quick way to steal other users'...

2.5AI score
Exploits0
Talos Blog
Talos Blog
added 2018/09/17 1:13 p.m.17 views

Beers with Talos EP 37: Snort 3 Beta Uses Multithreading. It’s Super Effective!

Beers with Talos BWT Podcast Ep. 37 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing: www.talosintelligence.com/podcast. Ep. 37 show notes: Recorded Sept. 7, 2018 — We have Joel back this week and he is very happy to have himse...

7.2AI score
Exploits0
Talos Blog
Talos Blog
added 2018/09/14 10:32 a.m.27 views

Threat Roundup for September 7 to September 14

Today, as we do every week, Talos is giving you a glimpse into the most prevalent threats we’ve observed this week — covering the dates between Sept. 7 and 14. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, we will summarize the threats we’ve observed by...

0.1AI score
Exploits0
Talos Blog
Talos Blog
added 2018/09/13 8:24 a.m.11 views

SigAnalyzer: Signature analysis with CASC

Executive summary ClamAV Signature Creator CASC is an IDA Pro plugin that assists in the creation of ClamAV pattern signatures. We have enhanced this plugin to also analyze these signatures. The plugin highlights matching parts in a binary when its given a particular signature. This function is...

1.5AI score
Exploits0
Talos Blog
Talos Blog
added 2018/09/11 11:56 a.m.124 views

Microsoft Patch Tuesday - September 2018

Microsoft released its monthly set of security updates today for a variety of its products that address a variety of bugs. The latest Patch Tuesday covers 61 vulnerabilities, 17 of which are rated "critical," 43 that are rated "important" and one that is considered to have "moderate" severity. Th...

1.3AI score0.69019EPSS
Exploits16
Talos Blog
Talos Blog
added 2018/09/07 12:35 p.m.51 views

Threat Roundup for August 31 to September 7

Today, as we do every week, Talos is giving you a glimpse into the most prevalent threats we’ve observed this week — covering the dates between Aug. 31 and Sept. 7. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, we will summarize the threats we’ve observed b...

0.6AI score
Exploits0
Talos Blog
Talos Blog
added 2018/09/07 5:44 a.m.116 views

Vulnerability Spotlight: CVE-2018-3952 / CVE-2018-4010 - Multi-provider VPN Client Privilege Escalation Vulnerabilities

Discovered by Paul Rascagneres. Overview Cisco Talos has discovered two similar vulnerabilities in the ProtonVPN and NordVPN VPN clients. The vulnerabilities allow attackers to execute code as an administrator on Microsoft Windows operating systems from a standard user. The vulnerabilities were...

10CVSS1.2AI score0.04651EPSS
Exploits2
Talos Blog
Talos Blog
added 2018/09/06 6:39 a.m.148 views

Vulnerability Spotlight: TALOS-2018-0560 - ERPNext SQL Injection Vulnerabilities

Vulnerabilities discovered by Yuri Kramar from the Cisco Security Advisor Team Overview Talos is disclosing multiple SQL injection vulnerabilities in the Frappe ERPNext Version 10.1.6 application. Frappe ERPNext is an open-source enterprise resource planning ERP cloud application. These...

1.1AI score0.00919EPSS
Exploits4
Talos Blog
Talos Blog
added 2018/09/05 7:58 a.m.22 views

Malicious MDM: Let's Hide This App

This blog post is authored by Warren Mercer and Paul Rascagneres with contributions from Nick Biasini Summary Since our initial discovery of a malicious mobile device management MDM platform that was loading fake applications onto smartphones, we have gained greater insight into the attacker's...

Exploits0
Talos Blog
Talos Blog
added 2018/08/31 12:47 p.m.52 views

Threat Roundup for August 24-31

Today, as we do every week, Talos is giving you a glimpse into the most prevalent threats we’ve observed this week — covering the dates between Aug. 24 and 31. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, we will summarize the threats we’ve observed by...

0.4AI score
Exploits0
Total number of security vulnerabilities2032