2032 matches found
Beers with Talos EP 36: There Are Few Shades in the Grey Market
Beers with Talos BWT Podcast Ep. 36 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing: www.talosintelligence.com/podcast. Ep. 36 show notes: Recorded Aug. 24, 2018 — We’re finally back in the studio after Hacker Summer Camp!...
Rocke: The Champion of Monero Miners
This post was authored by David Liebenberg. Summary Cryptocurrency miners are becoming an increasingly significant part of the threat landscape. These malicious miners steal CPU cycles from compromised devices to mine cryptocurrencies and bring in income for the threat actor. In this post, we loo...
Threat Roundup for August 17-24
Today, as we do every week, Talos is giving you a glimpse into the most prevalent threats we’ve observed this week — covering the dates between Aug. 17 and 24. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, we will summarize the threats we’ve observed by...
Picking Apart Remcos Botnet-In-A-Box
This blog post was authored by Edmund Brumaghin and Holger Unterbrink with contributions from Eric Kuhla and Lilia Gonzalez Medina. Overview Cisco Talos has recently observed multiple campaigns using the Remcos remote access tool RAT that is offered for sale by a company called Breaking Security...
Threat Roundup for August 10-17
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between August 10 and August 17. As with previous round-ups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral...
Beers with Talos EP 35: Live from the RiRa at Black Hat
Beers with Talos BWT Podcast Ep. 35 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing: www.talosintelligence.com/podcast. Ep. 35 show notes: Recorded Aug. 8, 2018 — We decided to broadcast while we were all together at Black Hat...
Microsoft Tuesday August 2018
Microsoft released its monthly set of security advisories today for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 62 new vulnerabilities, 20 of which are rated “critical,” 38 that are rated “important,” one that is rated...
Threat Roundup for August 3-10
Today, as we do every week, Talos is giving you a glimpse into the most prevalent threats we’ve observed this week — covering the dates between Aug. 3 - 10. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, we will summarize the threats we’ve observed by...
Playback: A TLS 1.3 Story
Introduction Secure communications are one of the most important topics in information security, and the Transport Layer Security TLS protocol is currently the most used protocol to provide secure communications on the internet. For example, when you are connecting to your online banking...
The Official Talos Guide to Security Summer Camp 2018
It is once again time for the week in the summer when many of us descend on Las Vegas for Black Hat, DEF CON, and B-Sides LasVegas. This is your official guide to what the Cisco Talos Threat Intelligence team is doing at these shows and what some of our colleagues around Cisco Security are doing,...
Exploitable or Not Exploitable? Using REVEN to Examine a NULL Pointer Dereference.
Authored by Aleksandar Nikolic. Executive summary It can be very time-consuming to determine if a bug is exploitable or not. In this post, we’ll show how to decide if a vulnerability is exploitable by tracing back along the path of execution that led to a crash. In this case, we are using the...
Multiple Cobalt Personality Disorder
Introduction Despite the notion that modern cybersecurity protocols have stopped email-based attacks, email continues to be one of the primary attack vectors for malicious actors — both for widespread and targeted operations. Recently, Cisco Talos has observed numerous email-based attacks that ar...
Threat Roundup for July 20-27
Today, as we do every week, Talos is giving you a glimpse into the most prevalent threats we’ve observed this week — covering the dates between July 20 and 27. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, we will summarize the threats we’ve observed by...
Beers with Talos EP 34: Click Here to Assign New Mobile Device Owner
Beers with Talos BWT Podcast Ep. 34 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing: www.talosintelligence.com/podcast. Ep. 34 show notes: Recorded July 20, 2018 — This week, we touch on several topics, but we spend the lion’s...
Vulnerability Spotlight: Multiple Vulnerabilities in Samsung SmartThings Hub
These vulnerabilities were discovered by Claudio Bozzato of Cisco Talos. Executive Summary Cisco Talos recently discovered several vulnerabilities present within the firmware of the Samsung SmartThings Hub. In accordance with our coordinated disclosure policy, Cisco Talos has worked with Samsung ...
Advanced Mobile Malware Campaign in India uses Malicious MDM - Part 2
This blog post is authored by Warren Mercer and Paul Rascagneres and Andrew Williams. Summary Since our initial post on malicious mobile device management MDM platforms, we have gathered more information about this actor that we believe shows it is part of a broader campaign targeting multiple...
TalosIntelligence.com is rolling out a new dispute system
At Cisco Talos, we need customers to be able to provide feedback at all times, whether it be about false positives, false negatives, or missed categories. Because we deal with an abundance of data across our platforms — such as IPS alerts, AMP alerts and more — feedback helps us test the efficacy...
Threat Roundup for July 13-20
Today, as we do every week, Talos is giving you a glimpse into the most prevalent threats we've observed this week — covering the dates between July 13 and 20. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, we will summarize the threats we've observed by...
Vulnerability Spotlight: Multiple Vulnerabilities in Sony IPELA E Series Camera
Vulnerabilities discovered by Cory Duplantis and Claudio Bozzato of Cisco Talos. Overview Today, Cisco Talos is disclosing several vulnerabilities discovered with the Sony IPELA E Series Network Camera. Sony IPELA Cameras are network-facing cameras used for monitoring and surveillance...
Blocking Cryptocurrency Mining Using Cisco Security Products
Cisco Talos is releasing a whitepaper addressing Cryptocurrency mining and all the ways to block it using Cisco Security products. The value of cryptocurrencies has fluctuated wildly, but the value is still high enough to garner a lot of attention, both legitimate and malicious. Most of the...
Vulnerability Spotlight: Foxit PDF Reader JavaScript Remote Code Execution Vulns
Overview Discovered by Aleksandar Nikolic of Cisco Talos. Talos is disclosing a pair of vulnerabilities in Foxit PDF Reader. Foxit PDF Reader is a popular free program for viewing, creating, and editing PDF documents. It is commonly used as an alternative to Adobe Acrobat Reader and has a widely...
Vulnerability Spotlight: Multiple Vulnerabilities in ACD Systems Canvas Draw 4
These vulnerabilities were discovered by Tyler Bohan of Cisco Talos Today, Talos is disclosing several vulnerabilities that have been identified in Canvas Draw graphics editing tool for Macs. Canvas Draw 4 is a graphics editing tool used to create and edit images, as well as other graphic-related...
Beers with Talos EP33 - Change the Conversation or the People Having It?
Beers with Talos BWT Podcast Episode 33 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing: www.talosintelligence.com/podcast. Ep. 33 show notes: Recorded July 6, 2018 - This episode is a bit less technical than most, as we discu...
Threat Roundup for July 6-13
Today, as we do every week, Talos is giving you a glimpse into the most prevalent threats we've observed this week — covering the dates between July 6 and 13. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed ...
Advanced Mobile Malware Campaign in India uses Malicious MDM
This blog post is authored by Warren Mercer and Paul Rascagneres and Andrew Williams. Summary Cisco Talos has identified a highly targeted campaign against 13 iPhones which appears to be focused on India. The attacker deployed an open-source mobile device management MDM system to control enrolled...
Vulnerability Spotlight: Computerinsel Photoline Multiple Vulnerabilities
Vulnerabilities discovered by Tyler Bohan from Talos Overview Today, Cisco Talos is disclosing several vulnerabilities in Computerinsel Photoline. Photoline is an image-processing tool used to modify and edit images, as well as other graphic-related material. This product has a sizable user base...
Vulnerability Spotlight: Multiple Antenna House Vulnerabilities
Discovered by Marcin Noga of Cisco Talos Overview Cisco Talos has identified six vulnerabilities in the Antenna House Office Server Document Converter OSDC. These vulnerabilities can be used to remotely execute code on a vulnerable system. Antenna House Office Server Document Converter is a produ...
Microsoft Patch Tuesday - July 2018
Microsoft released its monthly set of security advisories today for vulnerabilities that have been identified and addressed in various products. This month's release addresses 53 new vulnerabilities, 17 of which are rated critical, 34 are rated important, one is rated moderate, and one is rated a...
Vulnerability Spotlight: Multiple Adobe Acrobat DC Remote Code Execution Vulnerabilties
Discovered by Aleksandar Nikolic of Cisco Talos Overview Today, Talos is releasing details of new vulnerabilities within Adobe Acrobat Reader DC. Adobe Acrobat Reader is the most popular and most feature-rich PDF reader. It has a big user base, is usually a default PDF reader on systems and...
Threat Roundup for June 29 to July 6th
Today, as we do every week, Talos is giving you a glimpse into the most prevalent threats we've observed this week — covering the dates between June 29 and July 6. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, it will summarize the threats we've observed by...
Smoking Guns - Smoke Loader learned new tricks
This post is authored by Ben Baker and Holger Unterbrink Overview Cisco Talos has been tracking a new version of Smoke Loader — a malicious application that can be used to load other malware — for the past several months following an alert from Cisco Advanced Malware Protection’s AMP Exploit...
Threat Roundup for June 22-29
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between June 22 and June 29. As with previous round-ups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristic...
Vulnerability Spotlight: VMWare Workstation DoS Vulnerability
Today, Talos is disclosing a vulnerability in VMWare Workstation that could result in Denial of Service. VMWare Workstation is a widely used virtualization platform designed to run alongside a normal operating system, allowing users to use both virtualized and physical systems concurrently...
Beers with Talos EP 32 - Live from Orlando Part 2: Take All the Things Off the Internet
Beers with Talos BWT Podcast Episode 32 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing: www.talosintelligence.com/podcast. Ep. 32 show notes: Recorded June 13, 2018 — Still live in Orlando, just this time from the lovely lobb...
Files Cannot Be Decrypted? Challenge Accepted. Talos Releases ThanatosDecryptor
This blog post was authored by Edmund Brumaghin, Earl Carter and Andrew Williams. Executive summary Cisco Talos has analyzed Thanatos, a ransomware variant that is being distributed via multiple malware campaigns that have been conducted over the past few months. As a result of our research, we...
Threat Roundup for June 16-22
As usual, we are bringing you the weekly Threat Roundup to highlight the most prevalent threats we've seen between June 15 and 22. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavior...
Beers with Talos EP31 - Live from Cisco Live! - VPNFilter and Our First Summit Recap
Beers with Talos BWT Podcast Episode 31 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing: www.talosintelligence.com/podcast EP31 Show Notes: Recorded June 12, 2018 — This is a special episode for two reasons! To start, we...
My Little FormBook
This blog post is authored by Warren Mercer and Paul Rascagneres. Summary Cisco Talos has been tracking a new campaign involving the FormBook malware since May 2018 that utilizes four different malicious documents in a single phishing email. FormBook is an inexpensive stealer available as "malwar...
Vulnerability Spotlight: Multiple Remote Vulnerabilities In Insteon Hub PubNub
Vulnerabilities discovered by Claudio Bozzato of Cisco Talos Talos is disclosing twelve new vulnerabilities in Insteon Hub, ranging from remote code execution, to denial of service. The majority of the vulnerabilities have their root cause in the unsafe usage of the strcpy function, leading eithe...
Threat Roundup for June 1-15
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between June 01 and June 15. As with previous round-ups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristic...
Vulnerability Spotlight: TALOS-2018-0523-24 - Multiple Vulnerabilities in Pixars Renderman application
Vulnerabilities discovered by Tyler Bohan from Talos Overview Talos is disclosing two denial-of-service vulnerabilities in Pixar’s Renderman application. Renderman is a rendering application used in animation and film production. It is widely used for advanced rendering and shading in many...
Vulnerability Spotlight: TALOS-2018-0545 - Microsoft wimgapi LoadIntegrityInfo Code Execution Vulnerability
Vulnerabilities discovered by Marcin Noga from Talos Overview Talos is disclosing a remote code execution vulnerability in the Microsoft wimgapi library. The wimgapi DLL is used in the Microsoft Windows operating system to perform operations on Windows Imaging Format WIM files. WIM is a file-base...
Microsoft Patch Tuesday - June 2018
Executive Summary Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 50 flaws, with 11 of them rated "critical," and 39 rated "important." These vulnerabilities impa...
VPNFilter Update - VPNFilter exploits endpoints, targets new devices
Introduction Cisco Talos, while working with our various intelligence partners, has discovered additional details regarding "VPNFilter." In the days since we first published our findings on the campaign, we have seen that VPNFilter is targeting more makes/models of devices than initially thought,...
Talos Threat Research Summit Guide and Cisco Live Preview
The first Cisco Talos Threat Research Summit is coming up at Cisco Live! in Orlando, so we are providing a quick guide to all the activities going on at the summit and beyond. The response to the summit was stronger than we could have anticipated for the first year - it sold out fast! Next time, ...
Vulnerability Spotlight: TALOS-2018-0535 - Ocularis Recorder VMS_VA Denial of Service Vulnerability
Vulnerabilities discovered by Carlos Pacho from Talos Overview Talos is disclosing a denial-of-service vulnerability in the Ocularis Recorder. Ocularis is a video management software VMS platform used in a variety of settings, from convenience stores, to city-wide deployments. An attacker can...
NavRAT Uses US-North Korea Summit As Decoy For Attacks In South Korea
This blog post is authored by Warren Mercer and Paul Rascagneres with contributions from Jungsoo An. Executive Summary Talos has discovered a new malicious Hangul Word Processor HWP document targeting Korean users. If a malicious document is opened, a remote access trojan that we're calling...
Vulnerability Spotlight: Natus NeuroWorks Multiple Vulnerabilites
Vulnerabilities discovered by Cory Duplantis from Talos Overview In April 2018, Talos published 5 vulnerabilities in Natus NeuroWorks software. We have also identified 3 additional vulnerabilities. This software is used in the Natus Xltek EEG medical products from Natus Medical Inc. The vulnerabl...
Beers with Talos EP 30 - VPNFilter, the Unfiltered Story
Beers with Talos BWT Podcast Episode 30 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing: www.talosintelligence.com/podcast EP30 Show Notes: Recorded May 25, 2018 - As you can expect, this episode focuses on VPNFilter. We discu...
Threat Roundup for May 18-25
Welcome to Cisco Talos' weekly Threat Roundup, where we go over some of the most prevalent malware and vulnerabilities we've seen over the past week. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by...