2032 matches found
Microsoft Patch Tuesday - February 2018
Microsoft Patch Tuesday - February 2018 Today Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 54 new vulnerabilities with 14 of them rated critical, 38 of them...
Olympic Destroyer Takes Aim At Winter Olympics
This blog post is authored by Warren Mercer and Paul Rascagneres. Ben Baker and Matthew Molyett contributed to this post. Update 2/13 08:30 We have updated the information regarding the use of stolen credentials Update 2/12 12:00: We have updated the destructor section with action taken against...
Threat Round Up for Feb 2 - Feb 9
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between February 2 and February 9. As with previous round-ups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavior...
Targeted Attacks In The Middle East
This blog post is authored by Paul Rascagneres with assistance of Martin Lee. Executive Summary Talos has identified a targeted attacks affecting the Middle East. This campaign contains the following elements, which are described in detail in this article. The use of allegedly confidential decoy...
Beers with Talos EP 22: Forget the ASA, Rob Joyce Favorited Craig’s Tweet
Beers with Talos BWT Podcast Episode 22 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing: www.talosintelligence.com/podcast EP22 Show Notes: Recorded 2/2/18 - Guests two EPs in a row! We are joined by Omar Santos from Cisco PSI...
Flash 0-Day In The Wild: Group 123 At The Controls
This blog post is authored by Warren Mercer and Paul Rascagneres. Executive Summary The 1st of February, Adobe published an advisory concerning a Flash vulnerability CVE-2018-4878. This vulnerability is a use after free that allows Remote Code Execute through a malformed Flash object. Additionall...
Ransom Where? Malicious Cryptocurrency Miners Takeover, Generating Millions
The Dark Side of the Digital Gold Rush This post was authored by Nick Biasini, Edmund Brumaghin, Warren Mercer and Josh Reynolds with contributions from Azim Khodijbaev and David Liebenberg. Executive Summary The threat landscape is constantly changing; over the last few years malware threat...
2017 in Snort Signatures.
This post was written by Martin Lee and Vanja Svajcer. 2017 was an eventful year for cyber security with high profile vulnerabilities that allowed self-replicating worm attacks such as WannaCry and BadRabbit to impact organizations throughout the world. In 2017, Talos researchers discovered many...
Beers with Talos EP 21: How to Hire the Best, Attribution Without Apaches is Useless
Beers with Talos BWT Podcast Episode 21 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing: www.talosintelligence.com/podcast EP21 Show Notes: It is a packed episode this time! We are joined by Edmund from the Talos Outreach Grou...
Vulnerability Spotlight: Walt Disney Per-Face Texture Mapping faceInfoSize Code Execution Vulnerability
This vulnerability was discovered by Tyler Bohan of Cisco Talos. Executive Summary Walt Disney PTEX is an open source software application maintained by Walt Disney Animation Studios. It is designed for use in post-production rendering. It allows for the storage of thousands of texture mappings...
SamSam - The Evolution Continues Netting Over $325,000 in 4 Weeks
This post was written by Vitor Ventura Introduction Talos has been working in conjunction with Cisco IR Services on what we believe to be a new variant of the SamSam ransomware. This ransomware has been observed across multiple industries including Government, Healthcare and ICS. These attacks do...
The Many Tentacles of the Necurs Botnet
This post was written by Jaeson Schultz. Introduction Over the past five years the Necurs botnet has established itself as the largest purveyor of spam worldwide. Necurs is responsible for emailing massive amounts of banking malware, ransomware, dating spam, pump-n-dump stock scams, work from hom...
Beers with Talos EP20: Crypto, Vuln Disco, and the Spectre Meltdown
Beers with Talos BWT Podcast Episode 20 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing: www.talosintelligence.com/podcast EP20 Show Notes: This is easily our best podcast of 2018 so far. The crew discusses the recent spike in...
Vulnerability Spotlight: Tinysvcmdns Multi-label DNS DoS Vulnerability
Overview Talos is disclosing a single NULL pointer dereference vulnerability in the tinysvcmdns library. Tinysvcmdns is a tiny MDNS responder implementation for publishing services. This is essentially a mini and embedded version of Avahi or Bonjour. Details Discovered by Claudio Bozzato, Yves...
Korea In The Crosshairs
This blog post is authored by Warren Mercer and Paul Rascagneres and with contributions from Jungsoo An. A one year review of campaigns performed by an actor with multiple campaigns mainly linked to South Korean targets. Executive Summary This article exposes the malicious activities of Group 123...
Threat Round Up for January 5 - 12
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between January 05 and January 12. As with previous round-ups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavior...
Vulnerability Spotlight: Multiple Unpatched Vulnerabilities in Blender Identified
Update 1/25/18: Blender has released version 2.79a to address these issues Technology has evolved in incredible ways that has helped people to create and visualize media like never before. Today, people can use tools such as Blender to visualize, model, and animate 3D content, especially since it...
Vulnerability Spotlight: Ruby Rails Gem XSS Vulnerabilities
Vulnerabilities discovered by Zachary Sanchez of Cisco ASIG Overview Talos has discovered two XSS vulnerabilities in Ruby Rails Gems. Rails is a Ruby framework designed to create web services or web pages. Ruby Gems is a package manager for distributing software packages as 'gems'. The two XSS...
Microsoft Patch Tuesday - January 2018
Today Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 56 new vulnerabilities with 16 of them rated critical, 39 of them rated important and 1 of them rated...
Vulnerability Spotlight: Multiple Vulnerabilities in the CPP and Parity Ethereum Client
Vulnerabilities discovered by Marcin Noga of Cisco Talos. Overview Talos is disclosing the presence of multiple vulnerabilities in the CPP and the Parity Ethereum clients. TALOS-2017-0503 / CVE-2017-14457 describes a denial of service vulnerability and potential memory leak in libevm. The functio...
Meltdown and Spectre
Cisco Talos is aware of three new vulnerabilities impacting Intel, AMD, Qualcomm and ARM processors used by almost all computers. We are investigating these issues and although we have not observed exploitation of these vulnerabilities in the wild, that does not mean that it has not occurred. We...
Threat Round Up for December 29 - January 5
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between December 29 and January 05. As with previous round-ups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavior...
Not So Crystal Clear - Zeus Variant Spoils Ukrainian Holiday
This post was authored by Edmund Brumaghin with contributions from Ben Baker, Dave Maynor and Matthew Molyett. Introduction Talos has observed a cyber attack which was launched using the official website of Ukraine-based accounting software developer Crystal Finance Millennium CFM. This vector is...
Tutorial: Mutiny Fuzzing Framework and Decept Proxy
Here's a basic demo video for our new opensource tools, Decept and Mutiny. Happy New Year ^^ Lilith Recently, Talos released new tools to assist in the monumental task of finding vulnerabilities in network applications. Mutiny and Decept work together to help researchers fuzz quickly and...
Beers with Talos EP 19: The "Best" of BWT
Beers with Talos BWT Podcast Episode 19 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing: www.talosintelligence.com/podcast EP19 Show Notes: Quotes intended, we think you know why. Mitch takes control to present the best of the...
Vulnerability Spotlight: VMWare VNC Vulnerabilities
Today, Talos is disclosing a pair of vulnerabilities in the VNC implementation used in VMWare's products that could result in code execution. VMWare implements VNC for its remote management, remote access, and automation purposes in VMWare products including Workstation, Player, and ESXi which...
Virus Bulletin Publication And Presentation
Virus Bulletin conference is a well regarded intimate technical conference focused on malware research. It provides a good balance between listening to technical talks and spending time exchanging experiences with colleagues from different companies; all working on the same task of making our...
Beers with Talos EP 18: Kitties in My Blockchain, Obfuscating Pronunciations, and Other Security Stuff
Beers with Talos BWT Podcast Episode 18 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing: www.talosintelligence.com/podcast EP18 Show Notes: It’s the last full episode of the year! Thanks to you and the diligent work of Matt’s...
Microsoft Patch Tuesday - December 2017
Today, Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 34 new vulnerabilities with 21 of them rated critical and 13 of them rated important. These vulnerabilities...
Threat Round Up for Dec 01 - Dec 08
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between December 01 and December 08. As with previous round-ups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavior...
Vulnerability Spotlight: TALOS-2017-0393 / CVE-2017-2886 - ACDSee Ultimate 10 Remote Code Execution Vulnerability
Vulnerability discovered by Piotr Bania of Cisco Talos. Overview Talos has discovered a remote code execution vulnerability in the ACDSee Ultimate 10 application from ACD Systems International Inc. Exploiting this vulnerabilities can potentially allow an attacker to gain full control over the...
The Mutiny Fuzzing Framework and Decept Proxy
This blog post is authored by James Spadaro of Cisco ASIG and Lilith Wyatt of Cisco Talos. Imagine a scenario where you, as a vulnerability researcher, are tasked with auditing a network application to identify vulnerabilities. By itself, the task may not seem too daunting until you learn of a...
Recam Redux - DeConfusing ConfuserEx
This post is authored by Holger Unterbrink and Christopher MarczewskiOverviewThis report shows how to deobfuscate a custom .NET ConfuserEx protected malware. We identified this recent malware campaign in our Advanced Malware Protection AMP telemetry. Initial infection is via a malicious Word...
Vulnerability Walkthrough: 7zip CVE-2016-2334 HFS+ Code Execution Vulnerability
This blog post was authored by Marcin Noga of Cisco Talos.IntroductionIn 2016 Talos released an advisory for CVE-2016-2334, which was a remote code execution vulnerability affecting certain versions of 7zip, a popular compression utility. In this blog post we will walk through the process of...
ROKRAT Reloaded
This post was authored by Warren Mercer, Paul Rascagneres and with contributions from Jungsoo An.Executive SummaryEarlier this year, Talos published 2 articles concerning South Korean threats. The first one was about the use of a malicious HWP document which dropped downloaders used to retrieve...
Talos Wins The 5th Volatility Plugin Contest With Pyrebox
Talos has won this year's 5th Volatility plugin contest with Pyrebox. Volatility is a well-known open-source framework designed to analyze operating system memory. The framework has existed since 2007. For the previous 5 years they have run a plugin contest to find the most innovative, interestin...
Beers with Talos EP 17: Greek Gods, Trojans, and the Spice Girls as Spirit Animals
Beers with Talos BWT Podcast Episode 17 is now available. Download this episode and subscribe to Beers with Talos:img bo...
This Holiday Season - Buy One IoT Device, Get Free CVEs
As the Internet of Things gains steam and continues to develop, so are adversaries and the threats affecting these systems. Companies throughout the world are busy deploying low cost Internet-connected computing devices aka the Internet of Things to solve business problems and improve our lives. ...
Threat Round Up for Nov 10 - Nov 17
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between November 10 and November 17. As with previous round-ups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavior...
Vulnerability Spotlight: Multiple Remote Code Execution Vulnerabilities Within libxls
Vulnerabilities discovered by Marcin Noga of Cisco TalosTalos is releasing seven new vulnerabilities discovered within the libxls library: TALOS-2017-0403, TALOS-2017-0404, TALOS-2017-0426, TALOS-2017-0460, TALOS-2017-0461, TALOS-2017-0462, and TALOS-2017-0463. These vulnerabilities result in...
Microsoft Patch Tuesday - November 2017
Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 53 new vulnerabilities with 19 of them rated critical, 31 of them rated important and 3 of them rated moderate...
Vulnerability Spotlight: Multiple Vulnerabilities in Foscam C1 Indoor HD Cameras
These vulnerabilities were discovered by Claudio Bozzato of Cisco Talos.Executive SummaryThe Foscam C1 Indoor HD Camera is a network-based camera that is marketed for use in a variety of applications, including use as a home security monitoring device. Talos recently identified several...
Beers with Talos EP 16: Strong Copy - Bad Rabbit and the Nyetya Connection
Beers with Talos BWT Podcast Episode 16 is now available. Download this episode and subscribe to Beers with Talos:img border="0" data-original-height="45" data-original-width="160" src="https://2.bp.blogspot.com/-E-RSSZ9jbUY/WaWCkLGZnZI/AAAAAAAAAJE/Ciiz-Si...
Poisoning the Well: Banking Trojan Targets Google Search Results
This blog post was authored by Edmund Brumaghin, Earl Carter and Emmanuel Tacheau.SummaryIt has become common for users to use Google to find information that they do not know. In a quick Google search you can find practically anything you need to know. Links returned by a Google search, however,...
Vulnerability Spotlight: The Circle of a Bug’s Life
OverviewCisco Talos is disclosing several vulnerabilities identified in Circle with Disney. Circle with Disney is a network device designed to monitor the Internet use of children on a given network. Circle pairs wirelessly, with your home Wi-Fi and allows you to manage every device on the networ...
Vulnerability Spotlight: Multiple Vulnerabilities in Cesanta Mongoose Server
These vulnerabilities were discovered by Aleksandar Nikolic of Cisco TalosToday, Talos is disclosing several vulnerabilities that have been identified in Cesanta Mongoose server. Cesanta Mongoose is a library implementing a number of networking protocols, including HTTP, MQTT, MDNS and others. It...
Threat Round Up for Oct 20 - Oct 27
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between October 20 and October 27. As with previous round-ups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavior...
Vulnerability Spotlight: Apache OpenOffice Vulnerabilities
Discovered by Marcin ‘Icewall’ Noga of Cisco TalosOverviewToday, Talos is releasing details of three new vulnerabilities discovered within Apache OpenOffice application. The first vulnerability, TALOS-2017-0295 within OpenOffice Writer, the second TALOS-2017-0300 in the Draw application, and the...
Threat Spotlight: Follow the Bad Rabbit
Note: This blog post discusses active research by Talos into a new threat. This information should be considered preliminary and will be updated as research continues.Update 2017-10-26 16:10 EDT: added additional information regarding the links between Nyetya and BadRabbitUpdate 2017-10-26 09:20...
“Cyber Conflict” Decoy Document Used In Real Cyber Conflict
This post was authored by Warren Mercer, Paul Rascagneres and Vitor VenturaUpdate 10/23: CCDCOE released a statement today on their websiteIntroductionCisco Talos discovered a new malicious campaign from the well known actor Group 74 aka Tsar Team, Sofacy, APT28, Fancy Bear…. Ironically the decoy...