2032 matches found
New VPNFilter malware targets at least 500K networking devices worldwide
Intro For several months, Talos has been working with public- and private-sector threat intelligence partners and law enforcement in researching an advanced, likely state-sponsored or state-affiliated actor's widespread use of a sophisticated modular malware system we call "VPNFilter." We have no...
Beers with Talos EP29 - This is a PSA: Stop Clicking. There is No Prince.
Beers with Talos BWT Podcast Episode 29 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing: www.talosintelligence.com/podcast EP29 Show Notes: Recorded May 11, 2018 - First and foremost, we recorded this episode one day before ou...
TeleGrab - Grizzly Attacks on Secure Messaging
This post was written by Vitor Ventura with contributions from Azim Khodjibaev Introduction Over the past month and a half, Talos has seen the emergence of a malware that collects cache and key files from end-to-end encrypted instant messaging service Telegram. This malware was first seen on Apri...
Vulnerability Spotlight: Multiple Adobe Acrobat Reader DC Vulnerabilities
Discovered by Aleksandar Nikolic of Cisco Talos Update 05/15/18: The CVE for TALOS-2018-0517 has been corrected below. Overview Today, Talos is releasing details of a new vulnerabilities within Adobe Acrobat Reader DC. Adobe Acrobat Reader is the most popular and most feature-rich PDF reader. It...
Threat Roundup for May 04 - 11
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between May 4 and May 11. As with previous round-ups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...
Gandcrab Ransomware Walks its Way onto Compromised Sites
This blog post authored by Nick Biasini with contributions from Nick Lister and Christopher Marczewski. Despite the recent decline in the prevalence of ransomware in the threat landscape, Cisco Talos has been monitoring the now widely distributed ransomware called Gandcrab. Gandcrab uses both...
Wipers - Destruction as a means to an end
This whitepaper post is authored by Vitor Ventura and with contributions from Martin Lee In a digital era when everything and everyone is connected, malicious actors have the perfect space to perform their activities. During the past few years, organizations have suffered several kinds of attacks...
Microsoft Patch Tuesday - May 2018
Today, Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 67 new vulnerabilities, with 21 of them rated critical, 42 of them rated important, and four rated as low...
Beers with Talos EP 28 - APT, BGP, RCEs, and an Old RAT
Beers with Talos BWT Podcast Episode 28 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing: www.talosintelligence.com/podcast EP28 Show Notes: Recorded April 27 - We have a special guest intro this week, since Mitch came down wit...
Vulnerability Spotlight: MySQL Multi-Master Manager Remote Command Injection Vulnerability
Discovered by Matthew Van Gundy of Asig Overview Today, Talos is releasing details of a new vulnerability within MySQL Multi-Master Manager. This is used to perform monitoring, failover and management of MySQL master-master replication configurations. By using MySQL MMM Multi-Master Replication...
Threat Round Up for April 27 to May 04
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between April 27 and May 4. As with previous roundups, this post isn't meant to be an in-depth analysis. We'll summarize the threats we've observed by highlighting key behavioral characteristics, indicators of...
Threat Roundup for April 20-27
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between April 20 and 27. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...
GravityRAT - The Two-Year Evolution Of An APT Targeting India
This blog post is authored by Warren Mercer and Paul Rascagneres. Update: 4/30 Since the publication of the blog post, one of the anti-VM capability was commented a lot on Twitter: the detection of Virtual Machines by checking the temperature of the system. We decided to add more details and...
Vulnerability Spotlight: Hyland Perceptive Document Filters Multiple Vulnerabilites
Vulnerabilities discovered by Marcin 'Icewall' Noga from Talos Overview Talos has discovered multiple vulnerabilities in Hyland Perceptive Document Filters software. This software is a toolkit that allows developers to read and extract metadata from a file. It supports a large set of common file...
Cryptomining Campaign Returns Coal and Not Diamond
Executive summary Soon after a launch of a new cryptocurrency, Bitvote, in January, Talos discovered a new mining campaign affecting systems in India, Indonesia, Vietnam and several other countries that were tied to Bitvote. Apart from the fact that the attackers have chosen to target the new...
Beers with Talos EP27: Smart Install, Vuln Process Realities, and Professional Wrestling
Beers with Talos BWT Podcast Episode 27 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing: www.talosintelligence.com/podcast EP27 Show Notes: Recorded 4/13/18 - We just upgraded all our gear, so naturally we had a straight tech...
Vulnerability Spotlight: Multiple Issues in Foxit PDF Reader
Overview Talos is disclosing five vulnerabilities in Foxit PDF Reader. Foxit PDF Reader is a popular free program for viewing, creating, and editing PDF documents. It is commonly used as an alternative to Adobe Acrobat Reader and has a widely used browser plugin available. Update to the current...
Updates for BASS
This blog post was authored by Jonas Zaddach and Mariano Graziano. Cisco Talos has rolled out a series of improvements to the BASS open-source framework aimed at speeding up its ability to provide coverage for new malware families. Talos released BASS, pronounced "bæs" an open-source framework...
Vulnerability Spotlight: Foscam IP Video Camera Firmware Recovery Unsigned Image Vulnerability
This vulnerability was discovered by Claudio Bozzato of Cisco Talos. Executive Summary The Foscam C1 Indoor HD Camera is a network-based camera that is marketed for a variety of uses, including as a home security monitoring device. Talos recently identified 32 vulnerabilities present in these...
Threat Roundup for April 6 - 13
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between April 6 and 13. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...
Vulnerability Spotlight: Multiple Vulnerabilities in Moxa EDR-810 Industrial Secure Router
These vulnerabilities were discovered by Carlos Pacho of Cisco Talos Today, Talos is disclosing several vulnerabilities that have been identified in Moxa EDR-810 industrial secure router. Moxa EDR-810 is an industrial secure router with firewall/NAT/VPN and managed Layer 2 switch functions. It is...
Malware monitor - leveraging PyREBox for malware analysis
This post was authored by Xabier Ugarte Pedrero In July 2017 we released PyREBox, a Python Scriptable Reverse Engineering Sandbox as an open source tool. This project is part of our continuous effort to create new tools to improve our workflows. PyREBox is a versatile instrumentation framework...
Vulnerability Spotlight: TALOS-2018-0529-531 - Multiple Vulnerabilities in NASA CFITSIO library
Vulnerabilities discovered by Tyler Bohan from Talos Overview Talos is disclosing three remote code execution vulnerabilities in the NASA CFITSIO library. CFITSIO is a library of C and Fortran subroutines for reading and writing data files in the Flexible Image Transport System FITS data format...
Vulnerability Spotlight: Multiple Simple DirectMedia Layer Vulnerabilities
Discovered by Lilith Wyatt of Cisco Talos Overview Talos is disclosing several vulnerabilities identified in Simple DirectMedia Layer's SDL2Image library that could allow code execution. Simple DirectMedia Layer is a cross-platform development library designed to provide low level access to audio...
Vulnerability Spotlight: Multiple Computerinsel PhotoLine PSD Code Execution Vulnerabilities
Discovered by Tyler Bohan of Cisco Talos Overview Today, Cisco Talos is disclosing a vulnerability within Computerinsel PhotoLine's PSD-parsing functionality. Photoline is an image processing tool used to modify and edit images, as well as other graphic-related material. This product has a large...
Microsoft Patch Tuesday - April 2018
Microsoft Patch Tuesday - April 2018 Today, Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 65 new vulnerabilities and one advisory, with 25 of them rated critica...
IcedID Banking Trojan Teams up with Ursnif/Dreambot for Distribution
Update: 4/11 we have corrected the detection to Ursnif/Dreambot This post was authored by Ross Gibb with research contributions from Daphne Galme, and Michael Gorelik of Morphisec, a Cisco Security Technical Alliance partner. Cisco has noticed an increase in infections by the banking trojan IcedI...
Beers with Talos EP26: Talos is Holding a Conference, and the Evolving Battle at the Edge
Beers with Talos BWT Podcast Episode 26 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing: www.talosintelligence.com/podcast EP26 Show Notes: Recorded 3/29/18 - Joel is sitting out this week, and Bill Largent from the Outreach...
Critical Infrastructure at Risk: Advanced Actors Target Smart Install Client
Update: 4/9 Cisco PSIRT has released additional guidance available here. Cisco has recently become aware of specific advanced actors targeting Cisco switches by leveraging a protocol misuse issue in the Cisco Smart Install Client. Several incidents in multiple countries, including some specifical...
Vulnerability Spotlight: Natus NeuroWorks Multiple Vulnerabilities
Vulnerabilities discovered by Cory Duplantis from Talos Overview Talos has discovered multiple vulnerabilities in Natus NeuroWorks software. This software is used in the Natus Xltek EEG medical products from Natus Medical Inc. The vulnerable devices contain an ethernet connection for data...
Vulnerability Spotlight: Moxa AWK-3131A Multiple Features Login Username Parameter OS Command Injection Vulnerability
This vulnerability is discovered by Patrick DeSantis and Dave McDaniel of Cisco Talos Today, Talos is disclosing TALOS-2017-0507 CVE-2017-14459, a vulnerability that has been identified in Moxa AWK-3131A industrial wireless access point. The Moxa AWK-3131A Industrial IEEE 802.11a/b/g/n wireless...
Fake AV Investigation Unearths KevDroid, New Android Malware
This blog post is authored by Warren Mercer, Paul Rascagneres, Vitor Ventura and with contributions from Jungsoo An. Summary Several days ago, EST Security published a post concerning a fake antivirus malware targeting the Android mobile platform. In the Korean media, it was mentioned that there...
Vulnerability Spotlight: Multiple Vulnerabilities in Allen Bradley MicroLogix 1400 Series Devices
These vulnerabilities were discovered by Jared Rittle and Patrick DeSantis of Cisco Talos. Summary Rockwell Automation Allen-Bradley MicroLogix 1400 Programmable Logic Controllers PLCs are marketed for use in a variety of different Industrial Control System ICS applications and processes. As such...
Vulnerability Spotlight: Multiple Nvidia D3D10 Driver Pixel Shader Vulnerabilities
Discovered by Piotr Bania of Cisco Talos Overview Today, Cisco Talos is disclosing multiple vulnerabilities that exist within the Nvidia D3D10 driver. This driver is used throughout multiple GPU product lines available from Nvidia. This is a commonly used driver, and exploitation can even affect...
Forgot About Default Accounts? No Worries, GoScanSSH Didn’t
This blog post was authored by Edmund Brumaghin, Andrew Williams, and Alain Zidouemba. Executive Summary During a recent Incident Response IR engagement, Talos identified a new malware family that was being used to compromise SSH servers exposed to the internet. This malware, which we have named...
Talos Threat Research Summit at Cisco Live US 2018
Cisco Talos presents a conference by Defenders, for Defenders. Talos had one goal in mind when creating a brand new conference: Make something that we'd want to attend ourselves. As such, the Talos Threat Research Summit is aimed at being a one-day conference by defenders, for defenders. This...
Beers with Talos EP 25: WE'LL DO IT LIVE!!!
Beers with Talos BWT Podcast Episode 25 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing: www.talosintelligence.com/podcast EP25 Show Notes: Recorded 3/13/18 - LIVE from San Jose, California. First of all – we still have a...
Microsoft Patch Tuesday - March 2018
Microsoft Patch Tuesday - March 2018 Today, Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 74 new vulnerabilities, with 14 of them rated critical and 59 of them...
Beers with Talos EP24: Reflections on DDoS and Bad Authentication Schemes
Beers with Talos BWT Podcast Episode 24 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing: www.talosintelligence.com/podcast EP24 Show Notes: Recorded 3/2/18 - Craig is out this week, but the rest of the crew goes through...
Gozi ISFB Remains Active in 2018, Leverages "Dark Cloud" Botnet For Distribution
This blog post was authored by Edmund Brumaghin and Holger Unterbrink, with contributions from Adam Weller. Executive Summary Gozi ISFB is a well-known and widely distributed banking trojan, and has been in the threat landscape for the past several years. Banking trojans are a type of malware tha...
Vulnerability Spotlight: Simple DirectMedia Layer’s SDL2_Image
Overview Talos is disclosing several vulnerabilities identified in Simple DirectMedia Layer's SDL2Image library that could allow code execution. Simple DirectMedia Layer is a cross-platform development library designed to provide low-level access to audio, keyboard, mouse, joystick and graphics...
Vulnerability Spotlight: Dovecot out-of-bounds Read Vulnerability
Overview Today, Cisco Talos is disclosing a single out-of-bounds read vulnerability in the Dovecot IMAP server. Dovecot is a popular internet message access protocol, or IMAP, server with performance and security-oriented design. It is a popular choice for robust email servers. In accordance with...
CannibalRAT targets Brazil
This post was authored by Warren Mercer and Vitor Ventura Introduction Talos has identified two different versions of a RAT, otherwise known as a remote access trojan, that has been written entirely in Python and is wrapped into a standalone executable. The RAT is impacting users of a Brazilian...
Who Wasn’t Responsible for Olympic Destroyer?
This blog post is authored by Paul Rascagneres and Martin Lee. Summary Absent contributions from traditional intelligence capacities, the available evidence linking the Olympic Destroyer malware to a specific threat actor group is contradictory, and does not allow for unambiguous attribution. The...
Threat Round Up for Feb 16 - 23
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between February 16 and February 23. As with previous round-ups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavior...
Vulnerability Spotlight: Adobe Acrobat Reader DC Document ID Remote Code Execution Vulnerability
Discovered by Aleksandar Nikolic of Cisco Talos Overview Today, Talos is releasing details of a new vulnerability within Adobe Acrobat Reader DC. Adobe Acrobat Reader is the most popular and most feature-rich PDF reader. It has a big user base, is usually a default PDF reader on systems and...
Beers with Talos EP23 - Eternal Fauxmance: Attribution Easter Eggs
Beers with Talos BWT Podcast Episode 23 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing: www.talosintelligence.com/podcast EP23 Show Notes: Recorded 2/16/18 - This week, Mitch learns about starting a show without Matt with no...
Talos Quarterly Threat Briefing - Winter 2018
Date: Tuesday, February 27, 2018 Time: 1:00pm ET/10:00am PT Topic: Miners, Malspam, and Meltdowns Recording available here: Space is limited for this event, so be sure to save your spot. Following the webinar, the video will also be made available here. In this edition of the Talos Quarterly Thre...
Threat Round Up for Feb 9 - Feb 16
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between February 9 and February 16. As with previous round-ups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavior...
COINHOARDER: Tracking a Ukrainian Bitcoin Phishing Ring DNS Style
This post is authored by Jeremiah O'Connor and Dave Maynor with contributions from Artsiom Holub and Austin McBride. Executive Summary Cisco has been tracking a bitcoin theft campaign for over 6 months. The campaign was discovered internally and researched with the aid of an intelligence sharing...