Lucene search
K
TalosblogRecent

2032 matches found

Talos Blog
Talos Blog
added 2018/05/23 6:0 a.m.30 views

New VPNFilter malware targets at least 500K networking devices worldwide

Intro For several months, Talos has been working with public- and private-sector threat intelligence partners and law enforcement in researching an advanced, likely state-sponsored or state-affiliated actor's widespread use of a sophisticated modular malware system we call "VPNFilter." We have no...

0.2AI score
Exploits0
Talos Blog
Talos Blog
added 2018/05/17 7:16 a.m.32 views

Beers with Talos EP29 - This is a PSA: Stop Clicking. There is No Prince.

Beers with Talos BWT Podcast Episode 29 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing: www.talosintelligence.com/podcast EP29 Show Notes: Recorded May 11, 2018 - First and foremost, we recorded this episode one day before ou...

Exploits0
Talos Blog
Talos Blog
added 2018/05/16 10:17 a.m.45 views

TeleGrab - Grizzly Attacks on Secure Messaging

This post was written by Vitor Ventura with contributions from Azim Khodjibaev Introduction Over the past month and a half, Talos has seen the emergence of a malware that collects cache and key files from end-to-end encrypted instant messaging service Telegram. This malware was first seen on Apri...

0.3AI score
Exploits0
Talos Blog
Talos Blog
added 2018/05/15 6:51 a.m.40 views

Vulnerability Spotlight: Multiple Adobe Acrobat Reader DC Vulnerabilities

Discovered by Aleksandar Nikolic of Cisco Talos Update 05/15/18: The CVE for TALOS-2018-0517 has been corrected below. Overview Today, Talos is releasing details of a new vulnerabilities within Adobe Acrobat Reader DC. Adobe Acrobat Reader is the most popular and most feature-rich PDF reader. It...

10.1AI score0.15976EPSS
Exploits2
Talos Blog
Talos Blog
added 2018/05/11 12:48 p.m.25 views

Threat Roundup for May 04 - 11

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between May 4 and May 11. As with previous round-ups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

7AI score
Exploits0
Talos Blog
Talos Blog
added 2018/05/09 8:40 a.m.19 views

Gandcrab Ransomware Walks its Way onto Compromised Sites

This blog post authored by Nick Biasini with contributions from Nick Lister and Christopher Marczewski. Despite the recent decline in the prevalence of ransomware in the threat landscape, Cisco Talos has been monitoring the now widely distributed ransomware called Gandcrab. Gandcrab uses both...

7.4AI score
Exploits0
Talos Blog
Talos Blog
added 2018/05/08 1:31 p.m.14 views

Wipers - Destruction as a means to an end

This whitepaper post is authored by Vitor Ventura and with contributions from Martin Lee In a digital era when everything and everyone is connected, malicious actors have the perfect space to perform their activities. During the past few years, organizations have suffered several kinds of attacks...

1.8AI score
Exploits0
Talos Blog
Talos Blog
added 2018/05/08 12:2 p.m.182 views

Microsoft Patch Tuesday - May 2018

Today, Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 67 new vulnerabilities, with 21 of them rated critical, 42 of them rated important, and four rated as low...

10CVSS1.4AI score0.87814EPSS
Exploits57
Talos Blog
Talos Blog
added 2018/05/07 11:53 a.m.22 views

Beers with Talos EP 28 - APT, BGP, RCEs, and an Old RAT

Beers with Talos BWT Podcast Episode 28 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing: www.talosintelligence.com/podcast EP28 Show Notes: Recorded April 27 - We have a special guest intro this week, since Mitch came down wit...

7.2AI score
Exploits0
Talos Blog
Talos Blog
added 2018/05/07 6:36 a.m.125 views

Vulnerability Spotlight: MySQL Multi-Master Manager Remote Command Injection Vulnerability

Discovered by Matthew Van Gundy of Asig Overview Today, Talos is releasing details of a new vulnerability within MySQL Multi-Master Manager. This is used to perform monitoring, failover and management of MySQL master-master replication configurations. By using MySQL MMM Multi-Master Replication...

10CVSS0.5AI score0.06164EPSS
Exploits3
Talos Blog
Talos Blog
added 2018/05/04 1:10 p.m.11 views

Threat Round Up for April 27 to May 04

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between April 27 and May 4. As with previous roundups, this post isn't meant to be an in-depth analysis. We'll summarize the threats we've observed by highlighting key behavioral characteristics, indicators of...

0.2AI score
Exploits0
Talos Blog
Talos Blog
added 2018/04/27 12:40 p.m.47 views

Threat Roundup for April 20-27

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between April 20 and 27. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

7.5AI score
Exploits0
Talos Blog
Talos Blog
added 2018/04/26 8:11 a.m.65 views

GravityRAT - The Two-Year Evolution Of An APT Targeting India

This blog post is authored by Warren Mercer and Paul Rascagneres. Update: 4/30 Since the publication of the blog post, one of the anti-VM capability was commented a lot on Twitter: the detection of Virtual Machines by checking the temperature of the system. We decided to add more details and...

0.3AI score
Exploits0
Talos Blog
Talos Blog
added 2018/04/26 6:54 a.m.66 views

Vulnerability Spotlight: Hyland Perceptive Document Filters Multiple Vulnerabilites

Vulnerabilities discovered by Marcin 'Icewall' Noga from Talos Overview Talos has discovered multiple vulnerabilities in Hyland Perceptive Document Filters software. This software is a toolkit that allows developers to read and extract metadata from a file. It supports a large set of common file...

6.8CVSS0.9AI score0.03002EPSS
Exploits5
Talos Blog
Talos Blog
added 2018/04/23 9:44 a.m.27 views

Cryptomining Campaign Returns Coal and Not Diamond

Executive summary Soon after a launch of a new cryptocurrency, Bitvote, in January, Talos discovered a new mining campaign affecting systems in India, Indonesia, Vietnam and several other countries that were tied to Bitvote. Apart from the fact that the attackers have chosen to target the new...

Exploits0
Talos Blog
Talos Blog
added 2018/04/20 12:25 p.m.12 views

Beers with Talos EP27: Smart Install, Vuln Process Realities, and Professional Wrestling

Beers with Talos BWT Podcast Episode 27 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing: www.talosintelligence.com/podcast EP27 Show Notes: Recorded 4/13/18 - We just upgraded all our gear, so naturally we had a straight tech...

7.2AI score
Exploits0
Talos Blog
Talos Blog
added 2018/04/19 10:5 a.m.75 views

Vulnerability Spotlight: Multiple Issues in Foxit PDF Reader

Overview Talos is disclosing five vulnerabilities in Foxit PDF Reader. Foxit PDF Reader is a popular free program for viewing, creating, and editing PDF documents. It is commonly used as an alternative to Adobe Acrobat Reader and has a widely used browser plugin available. Update to the current...

6.8CVSS1.2AI score0.24033EPSS
Exploits9
Talos Blog
Talos Blog
added 2018/04/19 8:35 a.m.40 views

Updates for BASS

This blog post was authored by Jonas Zaddach and Mariano Graziano. Cisco Talos has rolled out a series of improvements to the BASS open-source framework aimed at speeding up its ability to provide coverage for new malware families. Talos released BASS, pronounced "bæs" an open-source framework...

7.2AI score
Exploits0
Talos Blog
Talos Blog
added 2018/04/17 7:59 a.m.186 views

Vulnerability Spotlight: Foscam IP Video Camera Firmware Recovery Unsigned Image Vulnerability

This vulnerability was discovered by Claudio Bozzato of Cisco Talos. Executive Summary The Foscam C1 Indoor HD Camera is a network-based camera that is marketed for a variety of uses, including as a home security monitoring device. Talos recently identified 32 vulnerabilities present in these...

5.8CVSS0.4AI score0.01106EPSS
Exploits2
Talos Blog
Talos Blog
added 2018/04/13 1:11 p.m.18 views

Threat Roundup for April 6 - 13

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between April 6 and 13. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

0.1AI score
Exploits0
Talos Blog
Talos Blog
added 2018/04/13 8:57 a.m.60 views

Vulnerability Spotlight: Multiple Vulnerabilities in Moxa EDR-810 Industrial Secure Router

These vulnerabilities were discovered by Carlos Pacho of Cisco Talos Today, Talos is disclosing several vulnerabilities that have been identified in Moxa EDR-810 industrial secure router. Moxa EDR-810 is an industrial secure router with firewall/NAT/VPN and managed Layer 2 switch functions. It is...

0.7AI score0.48138EPSS
Exploits26
Talos Blog
Talos Blog
added 2018/04/13 7:0 a.m.22 views

Malware monitor - leveraging PyREBox for malware analysis

This post was authored by Xabier Ugarte Pedrero In July 2017 we released PyREBox, a Python Scriptable Reverse Engineering Sandbox as an open source tool. This project is part of our continuous effort to create new tools to improve our workflows. PyREBox is a versatile instrumentation framework...

0.3AI score
Exploits0
Talos Blog
Talos Blog
added 2018/04/12 12:10 p.m.58 views

Vulnerability Spotlight: TALOS-2018-0529-531 - Multiple Vulnerabilities in NASA CFITSIO library

Vulnerabilities discovered by Tyler Bohan from Talos Overview Talos is disclosing three remote code execution vulnerabilities in the NASA CFITSIO library. CFITSIO is a library of C and Fortran subroutines for reading and writing data files in the Flexible Image Transport System FITS data format...

6.8CVSS1.5AI score0.04034EPSS
Exploits4
Talos Blog
Talos Blog
added 2018/04/11 9:15 a.m.86 views

Vulnerability Spotlight: Multiple Simple DirectMedia Layer Vulnerabilities

Discovered by Lilith Wyatt of Cisco Talos Overview Talos is disclosing several vulnerabilities identified in Simple DirectMedia Layer's SDL2Image library that could allow code execution. Simple DirectMedia Layer is a cross-platform development library designed to provide low level access to audio...

6.8CVSS0.5AI score0.02598EPSS
Exploits3
Talos Blog
Talos Blog
added 2018/04/11 8:0 a.m.62 views

Vulnerability Spotlight: Multiple Computerinsel PhotoLine PSD Code Execution Vulnerabilities

Discovered by Tyler Bohan of Cisco Talos Overview Today, Cisco Talos is disclosing a vulnerability within Computerinsel PhotoLine's PSD-parsing functionality. Photoline is an image processing tool used to modify and edit images, as well as other graphic-related material. This product has a large...

6.8CVSS1.6AI score0.01501EPSS
Exploits6
Talos Blog
Talos Blog
added 2018/04/10 1:13 p.m.189 views

Microsoft Patch Tuesday - April 2018

Microsoft Patch Tuesday - April 2018 Today, Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 65 new vulnerabilities and one advisory, with 25 of them rated critica...

9.3CVSS0.9AI score0.66554EPSS
Exploits15
Talos Blog
Talos Blog
added 2018/04/10 1:12 p.m.45 views

IcedID Banking Trojan Teams up with Ursnif/Dreambot for Distribution

Update: 4/11 we have corrected the detection to Ursnif/Dreambot This post was authored by Ross Gibb with research contributions from Daphne Galme, and Michael Gorelik of Morphisec, a Cisco Security Technical Alliance partner. Cisco has noticed an increase in infections by the banking trojan IcedI...

7.3AI score
Exploits0
Talos Blog
Talos Blog
added 2018/04/06 12:27 p.m.32 views

Beers with Talos EP26: Talos is Holding a Conference, and the Evolving Battle at the Edge

Beers with Talos BWT Podcast Episode 26 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing: www.talosintelligence.com/podcast EP26 Show Notes: Recorded 3/29/18 - Joel is sitting out this week, and Bill Largent from the Outreach...

7.4AI score
Exploits0
Talos Blog
Talos Blog
added 2018/04/05 6:55 a.m.20 views

Critical Infrastructure at Risk: Advanced Actors Target Smart Install Client

Update: 4/9 Cisco PSIRT has released additional guidance available here. Cisco has recently become aware of specific advanced actors targeting Cisco switches by leveraging a protocol misuse issue in the Cisco Smart Install Client. Several incidents in multiple countries, including some specifical...

7.4AI score
Exploits0
Talos Blog
Talos Blog
added 2018/04/04 11:30 a.m.163 views

Vulnerability Spotlight: Natus NeuroWorks Multiple Vulnerabilities

Vulnerabilities discovered by Cory Duplantis from Talos Overview Talos has discovered multiple vulnerabilities in Natus NeuroWorks software. This software is used in the Natus Xltek EEG medical products from Natus Medical Inc. The vulnerable devices contain an ethernet connection for data...

7.5CVSS10.3AI score0.03436EPSS
Exploits0
Talos Blog
Talos Blog
added 2018/04/03 6:21 a.m.37 views

Vulnerability Spotlight: Moxa AWK-3131A Multiple Features Login Username Parameter OS Command Injection Vulnerability

This vulnerability is discovered by Patrick DeSantis and Dave McDaniel of Cisco Talos Today, Talos is disclosing TALOS-2017-0507 CVE-2017-14459, a vulnerability that has been identified in Moxa AWK-3131A industrial wireless access point. The Moxa AWK-3131A Industrial IEEE 802.11a/b/g/n wireless...

10.3AI score0.12169EPSS
Exploits1
Talos Blog
Talos Blog
added 2018/04/02 8:48 a.m.209 views

Fake AV Investigation Unearths KevDroid, New Android Malware

This blog post is authored by Warren Mercer, Paul Rascagneres, Vitor Ventura and with contributions from Jungsoo An. Summary Several days ago, EST Security published a post concerning a fake antivirus malware targeting the Android mobile platform. In the Korean media, it was mentioned that there...

9.3CVSS7.5AI score0.99945EPSS
Exploits39
Talos Blog
Talos Blog
added 2018/03/28 12:59 p.m.40 views

Vulnerability Spotlight: Multiple Vulnerabilities in Allen Bradley MicroLogix 1400 Series Devices

These vulnerabilities were discovered by Jared Rittle and Patrick DeSantis of Cisco Talos. Summary Rockwell Automation Allen-Bradley MicroLogix 1400 Programmable Logic Controllers PLCs are marketed for use in a variety of different Industrial Control System ICS applications and processes. As such...

7.7AI score0.37317EPSS
Exploits7
Talos Blog
Talos Blog
added 2018/03/28 11:26 a.m.26 views

Vulnerability Spotlight: Multiple Nvidia D3D10 Driver Pixel Shader Vulnerabilities

Discovered by Piotr Bania of Cisco Talos Overview Today, Cisco Talos is disclosing multiple vulnerabilities that exist within the Nvidia D3D10 driver. This driver is used throughout multiple GPU product lines available from Nvidia. This is a commonly used driver, and exploitation can even affect...

8.4AI score0.00411EPSS
Exploits0
Talos Blog
Talos Blog
added 2018/03/26 7:45 a.m.21 views

Forgot About Default Accounts? No Worries, GoScanSSH Didn’t

This blog post was authored by Edmund Brumaghin, Andrew Williams, and Alain Zidouemba. Executive Summary During a recent Incident Response IR engagement, Talos identified a new malware family that was being used to compromise SSH servers exposed to the internet. This malware, which we have named...

7AI score
Exploits0
Talos Blog
Talos Blog
added 2018/03/22 9:43 a.m.17 views

Talos Threat Research Summit at Cisco Live US 2018

Cisco Talos presents a conference by Defenders, for Defenders. Talos had one goal in mind when creating a brand new conference: Make something that we'd want to attend ourselves. As such, the Talos Threat Research Summit is aimed at being a one-day conference by defenders, for defenders. This...

6.7AI score
Exploits0
Talos Blog
Talos Blog
added 2018/03/19 9:46 p.m.37 views

Beers with Talos EP 25: WE'LL DO IT LIVE!!!

Beers with Talos BWT Podcast Episode 25 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing: www.talosintelligence.com/podcast EP25 Show Notes: Recorded 3/13/18 - LIVE from San Jose, California. First of all – we still have a...

6.9AI score
Exploits0
Talos Blog
Talos Blog
added 2018/03/13 2:38 p.m.150 views

Microsoft Patch Tuesday - March 2018

Microsoft Patch Tuesday - March 2018 Today, Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 74 new vulnerabilities, with 14 of them rated critical and 59 of them...

9.3CVSS1.9AI score0.82334EPSS
Exploits46
Talos Blog
Talos Blog
added 2018/03/08 1:15 p.m.30 views

Beers with Talos EP24: Reflections on DDoS and Bad Authentication Schemes

Beers with Talos BWT Podcast Episode 24 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing: www.talosintelligence.com/podcast EP24 Show Notes: Recorded 3/2/18 - Craig is out this week, but the rest of the crew goes through...

7.1AI score
Exploits0
Talos Blog
Talos Blog
added 2018/03/06 7:59 a.m.84 views

Gozi ISFB Remains Active in 2018, Leverages "Dark Cloud" Botnet For Distribution

This blog post was authored by Edmund Brumaghin and Holger Unterbrink, with contributions from Adam Weller. Executive Summary Gozi ISFB is a well-known and widely distributed banking trojan, and has been in the threat landscape for the past several years. Banking trojans are a type of malware tha...

7.2AI score
Exploits0
Talos Blog
Talos Blog
added 2018/03/01 1:21 p.m.38 views

Vulnerability Spotlight: Simple DirectMedia Layer’s SDL2_Image

Overview Talos is disclosing several vulnerabilities identified in Simple DirectMedia Layer's SDL2Image library that could allow code execution. Simple DirectMedia Layer is a cross-platform development library designed to provide low-level access to audio, keyboard, mouse, joystick and graphics...

1.7AI score0.02677EPSS
Exploits0
Talos Blog
Talos Blog
added 2018/03/01 7:29 a.m.147 views

Vulnerability Spotlight: Dovecot out-of-bounds Read Vulnerability

Overview Today, Cisco Talos is disclosing a single out-of-bounds read vulnerability in the Dovecot IMAP server. Dovecot is a popular internet message access protocol, or IMAP, server with performance and security-oriented design. It is a popular choice for robust email servers. In accordance with...

5.5CVSS0.9AI score0.17572EPSS
Exploits0
Talos Blog
Talos Blog
added 2018/02/28 7:16 a.m.43 views

CannibalRAT targets Brazil

This post was authored by Warren Mercer and Vitor Ventura Introduction Talos has identified two different versions of a RAT, otherwise known as a remote access trojan, that has been written entirely in Python and is wrapped into a standalone executable. The RAT is impacting users of a Brazilian...

7.1AI score
Exploits0
Talos Blog
Talos Blog
added 2018/02/26 10:3 a.m.32 views

Who Wasn’t Responsible for Olympic Destroyer?

This blog post is authored by Paul Rascagneres and Martin Lee. Summary Absent contributions from traditional intelligence capacities, the available evidence linking the Olympic Destroyer malware to a specific threat actor group is contradictory, and does not allow for unambiguous attribution. The...

6.9AI score
Exploits0
Talos Blog
Talos Blog
added 2018/02/23 9:40 a.m.66 views

Threat Round Up for Feb 16 - 23

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between February 16 and February 23. As with previous round-ups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavior...

6.5AI score
Exploits0
Talos Blog
Talos Blog
added 2018/02/23 7:22 a.m.173 views

Vulnerability Spotlight: Adobe Acrobat Reader DC Document ID Remote Code Execution Vulnerability

Discovered by Aleksandar Nikolic of Cisco Talos Overview Today, Talos is releasing details of a new vulnerability within Adobe Acrobat Reader DC. Adobe Acrobat Reader is the most popular and most feature-rich PDF reader. It has a big user base, is usually a default PDF reader on systems and...

6.8CVSS10AI score0.16805EPSS
Exploits0
Talos Blog
Talos Blog
added 2018/02/22 4:58 p.m.40 views

Beers with Talos EP23 - Eternal Fauxmance: Attribution Easter Eggs

Beers with Talos BWT Podcast Episode 23 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing: www.talosintelligence.com/podcast EP23 Show Notes: Recorded 2/16/18 - This week, Mitch learns about starting a show without Matt with no...

7AI score
Exploits0
Talos Blog
Talos Blog
added 2018/02/20 9:44 a.m.22 views

Talos Quarterly Threat Briefing - Winter 2018

Date: Tuesday, February 27, 2018 Time: 1:00pm ET/10:00am PT Topic: Miners, Malspam, and Meltdowns Recording available here: Space is limited for this event, so be sure to save your spot. Following the webinar, the video will also be made available here. In this edition of the Talos Quarterly Thre...

6.8AI score
Exploits0
Talos Blog
Talos Blog
added 2018/02/16 9:55 a.m.58 views

Threat Round Up for Feb 9 - Feb 16

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between February 9 and February 16. As with previous round-ups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavior...

7AI score
Exploits0
Talos Blog
Talos Blog
added 2018/02/14 7:54 a.m.27 views

COINHOARDER: Tracking a Ukrainian Bitcoin Phishing Ring DNS Style

This post is authored by Jeremiah O'Connor and Dave Maynor with contributions from Artsiom Holub and Austin McBride. Executive Summary Cisco has been tracking a bitcoin theft campaign for over 6 months. The campaign was discovered internally and researched with the aid of an intelligence sharing...

6.6AI score
Exploits0
Total number of security vulnerabilities2032