Lucene search
K
TalosblogRecent

2032 matches found

Talos Blog
Talos Blog
added 2018/08/30 12:59 p.m.47 views

Beers with Talos EP 36: There Are Few Shades in the Grey Market

Beers with Talos BWT Podcast Ep. 36 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing: www.talosintelligence.com/podcast. Ep. 36 show notes: Recorded Aug. 24, 2018 — We’re finally back in the studio after Hacker Summer Camp!...

Exploits0
Talos Blog
Talos Blog
added 2018/08/30 8:26 a.m.914 views

Rocke: The Champion of Monero Miners

This post was authored by David Liebenberg. Summary Cryptocurrency miners are becoming an increasingly significant part of the threat landscape. These malicious miners steal CPU cycles from compromised devices to mine cryptocurrencies and bring in income for the threat actor. In this post, we loo...

7.5CVSS8.5AI score0.99993EPSS
Exploits51
Talos Blog
Talos Blog
added 2018/08/24 11:44 a.m.30 views

Threat Roundup for August 17-24

Today, as we do every week, Talos is giving you a glimpse into the most prevalent threats we’ve observed this week — covering the dates between Aug. 17 and 24. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, we will summarize the threats we’ve observed by...

0.5AI score
Exploits0
Talos Blog
Talos Blog
added 2018/08/22 9:0 a.m.55 views

Picking Apart Remcos Botnet-In-A-Box

This blog post was authored by Edmund Brumaghin and Holger Unterbrink with contributions from Eric Kuhla and Lilia Gonzalez Medina. Overview Cisco Talos has recently observed multiple campaigns using the Remcos remote access tool RAT that is offered for sale by a company called Breaking Security...

0.1AI score
Exploits0
Talos Blog
Talos Blog
added 2018/08/17 10:26 a.m.55 views

Threat Roundup for August 10-17

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between August 10 and August 17. As with previous round-ups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral...

0.2AI score
Exploits0
Talos Blog
Talos Blog
added 2018/08/16 4:45 a.m.24 views

Beers with Talos EP 35: Live from the RiRa at Black Hat

Beers with Talos BWT Podcast Ep. 35 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing: www.talosintelligence.com/podcast. Ep. 35 show notes: Recorded Aug. 8, 2018 — We decided to broadcast while we were all together at Black Hat...

Exploits0
Talos Blog
Talos Blog
added 2018/08/14 11:26 a.m.110 views

Microsoft Tuesday August 2018

Microsoft released its monthly set of security advisories today for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 62 new vulnerabilities, 20 of which are rated “critical,” 38 that are rated “important,” one that is rated...

9.3CVSS0.9AI score0.73968EPSS
Exploits16
Talos Blog
Talos Blog
added 2018/08/10 12:5 p.m.17 views

Threat Roundup for August 3-10

Today, as we do every week, Talos is giving you a glimpse into the most prevalent threats we’ve observed this week — covering the dates between Aug. 3 - 10. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, we will summarize the threats we’ve observed by...

1.3AI score
Exploits0
Talos Blog
Talos Blog
added 2018/08/08 10:59 a.m.47 views

Playback: A TLS 1.3 Story

Introduction Secure communications are one of the most important topics in information security, and the Transport Layer Security TLS protocol is currently the most used protocol to provide secure communications on the internet. For example, when you are connecting to your online banking...

7.1AI score
Exploits0
Talos Blog
Talos Blog
added 2018/08/06 6:39 a.m.28 views

The Official Talos Guide to Security Summer Camp 2018

It is once again time for the week in the summer when many of us descend on Las Vegas for Black Hat, DEF CON, and B-Sides LasVegas. This is your official guide to what the Cisco Talos Threat Intelligence team is doing at these shows and what some of our colleagues around Cisco Security are doing,...

6.7AI score
Exploits0
Talos Blog
Talos Blog
added 2018/08/02 5:48 a.m.29 views

Exploitable or Not Exploitable? Using REVEN to Examine a NULL Pointer Dereference.

Authored by Aleksandar Nikolic. Executive summary It can be very time-consuming to determine if a bug is exploitable or not. In this post, we’ll show how to decide if a vulnerability is exploitable by tracing back along the path of execution that led to a crash. In this case, we are using the...

7.8AI score
Exploits0
Talos Blog
Talos Blog
added 2018/07/31 9:38 a.m.1160 views

Multiple Cobalt Personality Disorder

Introduction Despite the notion that modern cybersecurity protocols have stopped email-based attacks, email continues to be one of the primary attack vectors for malicious actors — both for widespread and targeted operations. Recently, Cisco Talos has observed numerous email-based attacks that ar...

9.3CVSS0.99945EPSS
Exploits79
Talos Blog
Talos Blog
added 2018/07/27 12:55 p.m.26 views

Threat Roundup for July 20-27

Today, as we do every week, Talos is giving you a glimpse into the most prevalent threats we’ve observed this week — covering the dates between July 20 and 27. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, we will summarize the threats we’ve observed by...

Exploits0
Talos Blog
Talos Blog
added 2018/07/26 1:19 p.m.12 views

Beers with Talos EP 34: Click Here to Assign New Mobile Device Owner

Beers with Talos BWT Podcast Ep. 34 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing: www.talosintelligence.com/podcast. Ep. 34 show notes: Recorded July 20, 2018 — This week, we touch on several topics, but we spend the lion’s...

7.2AI score
Exploits0
Talos Blog
Talos Blog
added 2018/07/26 8:6 a.m.163 views

Vulnerability Spotlight: Multiple Vulnerabilities in Samsung SmartThings Hub

These vulnerabilities were discovered by Claudio Bozzato of Cisco Talos. Executive Summary Cisco Talos recently discovered several vulnerabilities present within the firmware of the Samsung SmartThings Hub. In accordance with our coordinated disclosure policy, Cisco Talos has worked with Samsung ...

0.7AI score0.03444EPSS
Exploits46
Talos Blog
Talos Blog
added 2018/07/24 10:24 p.m.862 views

Advanced Mobile Malware Campaign in India uses Malicious MDM - Part 2

This blog post is authored by Warren Mercer and Paul Rascagneres and Andrew Williams. Summary Since our initial post on malicious mobile device management MDM platforms, we have gathered more information about this actor that we believe shows it is part of a broader campaign targeting multiple...

9.3CVSS7.9AI score0.93289EPSS
Exploits7
Talos Blog
Talos Blog
added 2018/07/23 12:9 p.m.80 views

TalosIntelligence.com is rolling out a new dispute system

At Cisco Talos, we need customers to be able to provide feedback at all times, whether it be about false positives, false negatives, or missed categories. Because we deal with an abundance of data across our platforms — such as IPS alerts, AMP alerts and more — feedback helps us test the efficacy...

6.8AI score
Exploits0
Talos Blog
Talos Blog
added 2018/07/20 12:27 p.m.16 views

Threat Roundup for July 13-20

Today, as we do every week, Talos is giving you a glimpse into the most prevalent threats we've observed this week — covering the dates between July 13 and 20. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, we will summarize the threats we've observed by...

0.5AI score
Exploits0
Talos Blog
Talos Blog
added 2018/07/20 6:43 a.m.86 views

Vulnerability Spotlight: Multiple Vulnerabilities in Sony IPELA E Series Camera

Vulnerabilities discovered by Cory Duplantis and Claudio Bozzato of Cisco Talos. Overview Today, Cisco Talos is disclosing several vulnerabilities discovered with the Sony IPELA E Series Network Camera. Sony IPELA Cameras are network-facing cameras used for monitoring and surveillance...

0.7AI score0.09617EPSS
Exploits2
Talos Blog
Talos Blog
added 2018/07/19 11:9 a.m.39 views

Blocking Cryptocurrency Mining Using Cisco Security Products

Cisco Talos is releasing a whitepaper addressing Cryptocurrency mining and all the ways to block it using Cisco Security products. The value of cryptocurrencies has fluctuated wildly, but the value is still high enough to garner a lot of attention, both legitimate and malicious. Most of the...

Exploits0
Talos Blog
Talos Blog
added 2018/07/19 10:52 a.m.78 views

Vulnerability Spotlight: Foxit PDF Reader JavaScript Remote Code Execution Vulns

Overview Discovered by Aleksandar Nikolic of Cisco Talos. Talos is disclosing a pair of vulnerabilities in Foxit PDF Reader. Foxit PDF Reader is a popular free program for viewing, creating, and editing PDF documents. It is commonly used as an alternative to Adobe Acrobat Reader and has a widely...

8.8AI score0.4414EPSS
Exploits2
Talos Blog
Talos Blog
added 2018/07/19 5:28 a.m.50 views

Vulnerability Spotlight: Multiple Vulnerabilities in ACD Systems Canvas Draw 4

These vulnerabilities were discovered by Tyler Bohan of Cisco Talos Today, Talos is disclosing several vulnerabilities that have been identified in Canvas Draw graphics editing tool for Macs. Canvas Draw 4 is a graphics editing tool used to create and edit images, as well as other graphic-related...

1.4AI score0.01795EPSS
Exploits6
Talos Blog
Talos Blog
added 2018/07/15 5:27 p.m.50 views

Beers with Talos EP33 - Change the Conversation or the People Having It?

Beers with Talos BWT Podcast Episode 33 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing: www.talosintelligence.com/podcast. Ep. 33 show notes: Recorded July 6, 2018 - This episode is a bit less technical than most, as we discu...

7.3AI score
Exploits0
Talos Blog
Talos Blog
added 2018/07/13 8:23 a.m.14 views

Threat Roundup for July 6-13

Today, as we do every week, Talos is giving you a glimpse into the most prevalent threats we've observed this week — covering the dates between July 6 and 13. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed ...

0.7AI score
Exploits0
Talos Blog
Talos Blog
added 2018/07/12 12:0 p.m.22 views

Advanced Mobile Malware Campaign in India uses Malicious MDM

This blog post is authored by Warren Mercer and Paul Rascagneres and Andrew Williams. Summary Cisco Talos has identified a highly targeted campaign against 13 iPhones which appears to be focused on India. The attacker deployed an open-source mobile device management MDM system to control enrolled...

1.2AI score
Exploits0
Talos Blog
Talos Blog
added 2018/07/11 11:0 a.m.20 views

Vulnerability Spotlight: Computerinsel Photoline Multiple Vulnerabilities

Vulnerabilities discovered by Tyler Bohan from Talos Overview Today, Cisco Talos is disclosing several vulnerabilities in Computerinsel Photoline. Photoline is an image-processing tool used to modify and edit images, as well as other graphic-related material. This product has a sizable user base...

1.8AI score0.01484EPSS
Exploits3
Talos Blog
Talos Blog
added 2018/07/10 11:28 a.m.40 views

Vulnerability Spotlight: Multiple Antenna House Vulnerabilities

Discovered by Marcin Noga of Cisco Talos Overview Cisco Talos has identified six vulnerabilities in the Antenna House Office Server Document Converter OSDC. These vulnerabilities can be used to remotely execute code on a vulnerable system. Antenna House Office Server Document Converter is a produ...

1.7AI score0.02525EPSS
Exploits5
Talos Blog
Talos Blog
added 2018/07/10 10:36 a.m.277 views

Microsoft Patch Tuesday - July 2018

Microsoft released its monthly set of security advisories today for vulnerabilities that have been identified and addressed in various products. This month's release addresses 53 new vulnerabilities, 17 of which are rated critical, 34 are rated important, one is rated moderate, and one is rated a...

7.6CVSS0.7AI score0.75339EPSS
Exploits14
Talos Blog
Talos Blog
added 2018/07/10 10:31 a.m.54 views

Vulnerability Spotlight: Multiple Adobe Acrobat DC Remote Code Execution Vulnerabilties

Discovered by Aleksandar Nikolic of Cisco Talos Overview Today, Talos is releasing details of new vulnerabilities within Adobe Acrobat Reader DC. Adobe Acrobat Reader is the most popular and most feature-rich PDF reader. It has a big user base, is usually a default PDF reader on systems and...

10AI score0.10486EPSS
Exploits0
Talos Blog
Talos Blog
added 2018/07/06 9:48 a.m.17 views

Threat Roundup for June 29 to July 6th

Today, as we do every week, Talos is giving you a glimpse into the most prevalent threats we've observed this week — covering the dates between June 29 and July 6. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, it will summarize the threats we've observed by...

0.5AI score
Exploits0
Talos Blog
Talos Blog
added 2018/07/03 3:0 a.m.49 views

Smoking Guns - Smoke Loader learned new tricks

This post is authored by Ben Baker and Holger Unterbrink Overview Cisco Talos has been tracking a new version of Smoke Loader — a malicious application that can be used to load other malware — for the past several months following an alert from Cisco Advanced Malware Protection’s AMP Exploit...

0.1AI score
Exploits0
Talos Blog
Talos Blog
added 2018/06/29 8:42 a.m.13 views

Threat Roundup for June 22-29

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between June 22 and June 29. As with previous round-ups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristic...

0.4AI score
Exploits0
Talos Blog
Talos Blog
added 2018/06/29 7:28 a.m.36 views

Vulnerability Spotlight: VMWare Workstation DoS Vulnerability

Today, Talos is disclosing a vulnerability in VMWare Workstation that could result in Denial of Service. VMWare Workstation is a widely used virtualization platform designed to run alongside a normal operating system, allowing users to use both virtualized and physical systems concurrently...

8.1AI score0.02975EPSS
Exploits0
Talos Blog
Talos Blog
added 2018/06/27 1:32 p.m.12 views

Beers with Talos EP 32 - Live from Orlando Part 2: Take All the Things Off the Internet

Beers with Talos BWT Podcast Episode 32 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing: www.talosintelligence.com/podcast. Ep. 32 show notes: Recorded June 13, 2018 — Still live in Orlando, just this time from the lovely lobb...

7.2AI score
Exploits0
Talos Blog
Talos Blog
added 2018/06/26 8:0 a.m.27 views

Files Cannot Be Decrypted? Challenge Accepted. Talos Releases ThanatosDecryptor

This blog post was authored by Edmund Brumaghin, Earl Carter and Andrew Williams. Executive summary Cisco Talos has analyzed Thanatos, a ransomware variant that is being distributed via multiple malware campaigns that have been conducted over the past few months. As a result of our research, we...

0.1AI score
Exploits0
Talos Blog
Talos Blog
added 2018/06/22 4:5 p.m.88 views

Threat Roundup for June 16-22

As usual, we are bringing you the weekly Threat Roundup to highlight the most prevalent threats we've seen between June 15 and 22. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavior...

7.3AI score
Exploits0
Talos Blog
Talos Blog
added 2018/06/22 5:58 a.m.22 views

Beers with Talos EP31 - Live from Cisco Live! - VPNFilter and Our First Summit Recap

Beers with Talos BWT Podcast Episode 31 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing: www.talosintelligence.com/podcast EP31 Show Notes: Recorded June 12, 2018 — This is a special episode for two reasons! To start, we...

7.2AI score
Exploits0
Talos Blog
Talos Blog
added 2018/06/20 8:0 a.m.1587 views

My Little FormBook

This blog post is authored by Warren Mercer and Paul Rascagneres. Summary Cisco Talos has been tracking a new campaign involving the FormBook malware since May 2018 that utilizes four different malicious documents in a single phishing email. FormBook is an inexpensive stealer available as "malwar...

9.3CVSS8.5AI score0.99945EPSS
Exploits62
Talos Blog
Talos Blog
added 2018/06/19 8:25 a.m.138 views

Vulnerability Spotlight: Multiple Remote Vulnerabilities In Insteon Hub PubNub

Vulnerabilities discovered by Claudio Bozzato of Cisco Talos Talos is disclosing twelve new vulnerabilities in Insteon Hub, ranging from remote code execution, to denial of service. The majority of the vulnerabilities have their root cause in the unsafe usage of the strcpy function, leading eithe...

0.3AI score0.01879EPSS
Exploits32
Talos Blog
Talos Blog
added 2018/06/15 12:8 p.m.123 views

Threat Roundup for June 1-15

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between June 01 and June 15. As with previous round-ups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristic...

0.5AI score
Exploits0
Talos Blog
Talos Blog
added 2018/06/14 7:54 a.m.20 views

Vulnerability Spotlight: TALOS-2018-0523-24 - Multiple Vulnerabilities in Pixars Renderman application

Vulnerabilities discovered by Tyler Bohan from Talos Overview Talos is disclosing two denial-of-service vulnerabilities in Pixar’s Renderman application. Renderman is a rendering application used in animation and film production. It is widely used for advanced rendering and shading in many...

0.9AI score0.01633EPSS
Exploits2
Talos Blog
Talos Blog
added 2018/06/13 8:14 a.m.161 views

Vulnerability Spotlight: TALOS-2018-0545 - Microsoft wimgapi LoadIntegrityInfo Code Execution Vulnerability

Vulnerabilities discovered by Marcin Noga from Talos Overview Talos is disclosing a remote code execution vulnerability in the Microsoft wimgapi library. The wimgapi DLL is used in the Microsoft Windows operating system to perform operations on Windows Imaging Format WIM files. WIM is a file-base...

7.2CVSS8.5AI score0.24706EPSS
Exploits1
Talos Blog
Talos Blog
added 2018/06/12 11:58 a.m.153 views

Microsoft Patch Tuesday - June 2018

Executive Summary Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 50 flaws, with 11 of them rated "critical," and 39 rated "important." These vulnerabilities impa...

9.3CVSS8.7AI score0.7131EPSS
Exploits8
Talos Blog
Talos Blog
added 2018/06/06 6:2 a.m.28 views

VPNFilter Update - VPNFilter exploits endpoints, targets new devices

Introduction Cisco Talos, while working with our various intelligence partners, has discovered additional details regarding "VPNFilter." In the days since we first published our findings on the campaign, we have seen that VPNFilter is targeting more makes/models of devices than initially thought,...

0.1AI score
Exploits0
Talos Blog
Talos Blog
added 2018/06/05 7:54 p.m.48 views

Talos Threat Research Summit Guide and Cisco Live Preview

The first Cisco Talos Threat Research Summit is coming up at Cisco Live! in Orlando, so we are providing a quick guide to all the activities going on at the summit and beyond. The response to the summit was stronger than we could have anticipated for the first year - it sold out fast! Next time, ...

7.2AI score
Exploits0
Talos Blog
Talos Blog
added 2018/06/04 9:53 p.m.37 views

Vulnerability Spotlight: TALOS-2018-0535 - Ocularis Recorder VMS_VA Denial of Service Vulnerability

Vulnerabilities discovered by Carlos Pacho from Talos Overview Talos is disclosing a denial-of-service vulnerability in the Ocularis Recorder. Ocularis is a video management software VMS platform used in a variety of settings, from convenience stores, to city-wide deployments. An attacker can...

0.3AI score
Exploits0
Talos Blog
Talos Blog
added 2018/05/31 4:0 p.m.51 views

NavRAT Uses US-North Korea Summit As Decoy For Attacks In South Korea

This blog post is authored by Warren Mercer and Paul Rascagneres with contributions from Jungsoo An. Executive Summary Talos has discovered a new malicious Hangul Word Processor HWP document targeting Korean users. If a malicious document is opened, a remote access trojan that we're calling...

Exploits0
Talos Blog
Talos Blog
added 2018/05/31 12:34 p.m.108 views

Vulnerability Spotlight: Natus NeuroWorks Multiple Vulnerabilites

Vulnerabilities discovered by Cory Duplantis from Talos Overview In April 2018, Talos published 5 vulnerabilities in Natus NeuroWorks software. We have also identified 3 additional vulnerabilities. This software is used in the Natus Xltek EEG medical products from Natus Medical Inc. The vulnerabl...

7.5CVSS1.2AI score0.03436EPSS
Exploits0
Talos Blog
Talos Blog
added 2018/05/29 8:57 a.m.18 views

Beers with Talos EP 30 - VPNFilter, the Unfiltered Story

Beers with Talos BWT Podcast Episode 30 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing: www.talosintelligence.com/podcast EP30 Show Notes: Recorded May 25, 2018 - As you can expect, this episode focuses on VPNFilter. We discu...

Exploits0
Talos Blog
Talos Blog
added 2018/05/26 12:21 p.m.25 views

Threat Roundup for May 18-25

Welcome to Cisco Talos' weekly Threat Roundup, where we go over some of the most prevalent malware and vulnerabilities we've seen over the past week. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by...

6.9AI score
Exploits0
Total number of security vulnerabilities2032