Lucene search
K
TalosblogRecent

2032 matches found

Talos Blog
Talos Blog
added 2018/02/13 1:26 p.m.95 views

Microsoft Patch Tuesday - February 2018

Microsoft Patch Tuesday - February 2018 Today Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 54 new vulnerabilities with 14 of them rated critical, 38 of them...

9.3CVSS8.4AI score0.65858EPSS
Exploits38
Talos Blog
Talos Blog
added 2018/02/12 5:16 a.m.14 views

Olympic Destroyer Takes Aim At Winter Olympics

This blog post is authored by Warren Mercer and Paul Rascagneres. Ben Baker and Matthew Molyett contributed to this post. Update 2/13 08:30 We have updated the information regarding the use of stolen credentials Update 2/12 12:00: We have updated the destructor section with action taken against...

7.4AI score
Exploits0
Talos Blog
Talos Blog
added 2018/02/09 9:29 a.m.22 views

Threat Round Up for Feb 2 - Feb 9

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between February 2 and February 9. As with previous round-ups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavior...

6.8AI score
Exploits0
Talos Blog
Talos Blog
added 2018/02/06 9:48 p.m.32 views

Targeted Attacks In The Middle East

This blog post is authored by Paul Rascagneres with assistance of Martin Lee. Executive Summary Talos has identified a targeted attacks affecting the Middle East. This campaign contains the following elements, which are described in detail in this article. The use of allegedly confidential decoy...

6.8AI score
Exploits0
Talos Blog
Talos Blog
added 2018/02/06 11:15 a.m.114 views

Beers with Talos EP 22: Forget the ASA, Rob Joyce Favorited Craig’s Tweet

Beers with Talos BWT Podcast Episode 22 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing: www.talosintelligence.com/podcast EP22 Show Notes: Recorded 2/2/18 - Guests two EPs in a row! We are joined by Omar Santos from Cisco PSI...

10CVSS9.5AI score0.87397EPSS
Exploits7
Talos Blog
Talos Blog
added 2018/02/02 8:27 a.m.235 views

Flash 0-Day In The Wild: Group 123 At The Controls

This blog post is authored by Warren Mercer and Paul Rascagneres. Executive Summary The 1st of February, Adobe published an advisory concerning a Flash vulnerability CVE-2018-4878. This vulnerability is a use after free that allows Remote Code Execute through a malformed Flash object. Additionall...

7.5CVSS9.4AI score0.89618EPSS
Exploits19
Talos Blog
Talos Blog
added 2018/01/31 7:58 a.m.1774 views

Ransom Where? Malicious Cryptocurrency Miners Takeover, Generating Millions

The Dark Side of the Digital Gold Rush This post was authored by Nick Biasini, Edmund Brumaghin, Warren Mercer and Josh Reynolds with contributions from Azim Khodijbaev and David Liebenberg. Executive Summary The threat landscape is constantly changing; over the last few years malware threat...

5.8CVSS8.9AI score0.99993EPSS
Exploits46
Talos Blog
Talos Blog
added 2018/01/29 11:37 a.m.749 views

2017 in Snort Signatures.

This post was written by Martin Lee and Vanja Svajcer. 2017 was an eventful year for cyber security with high profile vulnerabilities that allowed self-replicating worm attacks such as WannaCry and BadRabbit to impact organizations throughout the world. In 2017, Talos researchers discovered many...

10CVSS9.9AI score0.99999EPSS
Exploits45
Talos Blog
Talos Blog
added 2018/01/26 1:31 p.m.14 views

Beers with Talos EP 21: How to Hire the Best, Attribution Without Apaches is Useless

Beers with Talos BWT Podcast Episode 21 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing: www.talosintelligence.com/podcast EP21 Show Notes: It is a packed episode this time! We are joined by Edmund from the Talos Outreach Grou...

6.8AI score
Exploits0
Talos Blog
Talos Blog
added 2018/01/26 8:0 a.m.104 views

Vulnerability Spotlight: Walt Disney Per-Face Texture Mapping faceInfoSize Code Execution Vulnerability

This vulnerability was discovered by Tyler Bohan of Cisco Talos. Executive Summary Walt Disney PTEX is an open source software application maintained by Walt Disney Animation Studios. It is designed for use in post-production rendering. It allows for the storage of thousands of texture mappings...

6.8CVSS9.5AI score0.02458EPSS
Exploits1
Talos Blog
Talos Blog
added 2018/01/22 9:29 a.m.20 views

SamSam - The Evolution Continues Netting Over $325,000 in 4 Weeks

This post was written by Vitor Ventura Introduction Talos has been working in conjunction with Cisco IR Services on what we believe to be a new variant of the SamSam ransomware. This ransomware has been observed across multiple industries including Government, Healthcare and ICS. These attacks do...

7.7AI score
Exploits0
Talos Blog
Talos Blog
added 2018/01/18 8:2 a.m.45 views

The Many Tentacles of the Necurs Botnet

This post was written by Jaeson Schultz. Introduction Over the past five years the Necurs botnet has established itself as the largest purveyor of spam worldwide. Necurs is responsible for emailing massive amounts of banking malware, ransomware, dating spam, pump-n-dump stock scams, work from hom...

6.9AI score
Exploits0
Talos Blog
Talos Blog
added 2018/01/18 6:0 a.m.34 views

Beers with Talos EP20: Crypto, Vuln Disco, and the Spectre Meltdown

Beers with Talos BWT Podcast Episode 20 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing: www.talosintelligence.com/podcast EP20 Show Notes: This is easily our best podcast of 2018 so far. The crew discusses the recent spike in...

6.9AI score
Exploits0
Talos Blog
Talos Blog
added 2018/01/17 9:46 a.m.168 views

Vulnerability Spotlight: Tinysvcmdns Multi-label DNS DoS Vulnerability

Overview Talos is disclosing a single NULL pointer dereference vulnerability in the tinysvcmdns library. Tinysvcmdns is a tiny MDNS responder implementation for publishing services. This is essentially a mini and embedded version of Avahi or Bonjour. Details Discovered by Claudio Bozzato, Yves...

5CVSS0.8AI score0.02426EPSS
Exploits1
Talos Blog
Talos Blog
added 2018/01/15 9:57 p.m.2149 views

Korea In The Crosshairs

This blog post is authored by Warren Mercer and Paul Rascagneres and with contributions from Jungsoo An. A one year review of campaigns performed by an actor with multiple campaigns mainly linked to South Korean targets. Executive Summary This article exposes the malicious activities of Group 123...

9.3CVSS8.4AI score0.99933EPSS
Exploits29
Talos Blog
Talos Blog
added 2018/01/12 9:31 a.m.38 views

Threat Round Up for January 5 - 12

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between January 05 and January 12. As with previous round-ups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavior...

7.2AI score
Exploits0
Talos Blog
Talos Blog
added 2018/01/11 7:17 a.m.28 views

Vulnerability Spotlight: Multiple Unpatched Vulnerabilities in Blender Identified

Update 1/25/18: Blender has released version 2.79a to address these issues Technology has evolved in incredible ways that has helped people to create and visualize media like never before. Today, people can use tools such as Blender to visualize, model, and animate 3D content, especially since it...

8AI score
Exploits0
Talos Blog
Talos Blog
added 2018/01/10 6:3 a.m.103 views

Vulnerability Spotlight: Ruby Rails Gem XSS Vulnerabilities

Vulnerabilities discovered by Zachary Sanchez of Cisco ASIG Overview Talos has discovered two XSS vulnerabilities in Ruby Rails Gems. Rails is a Ruby framework designed to create web services or web pages. Ruby Gems is a package manager for distributing software packages as 'gems'. The two XSS...

4.3CVSS6.9AI score0.01279EPSS
Exploits6
Talos Blog
Talos Blog
added 2018/01/09 1:36 p.m.193 views

Microsoft Patch Tuesday - January 2018

Today Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 56 new vulnerabilities with 16 of them rated critical, 39 of them rated important and 1 of them rated...

9.3CVSS10.3AI score0.95121EPSS
Exploits51
Talos Blog
Talos Blog
added 2018/01/09 8:12 a.m.253 views

Vulnerability Spotlight: Multiple Vulnerabilities in the CPP and Parity Ethereum Client

Vulnerabilities discovered by Marcin Noga of Cisco Talos. Overview Talos is disclosing the presence of multiple vulnerabilities in the CPP and the Parity Ethereum clients. TALOS-2017-0503 / CVE-2017-14457 describes a denial of service vulnerability and potential memory leak in libevm. The functio...

6.8CVSS8.4AI score0.02086EPSS
Exploits8
Talos Blog
Talos Blog
added 2018/01/08 9:16 a.m.198 views

Meltdown and Spectre

Cisco Talos is aware of three new vulnerabilities impacting Intel, AMD, Qualcomm and ARM processors used by almost all computers. We are investigating these issues and although we have not observed exploitation of these vulnerabilities in the wild, that does not mean that it has not occurred. We...

4.7CVSS7.4AI score0.93838EPSS
Exploits13
Talos Blog
Talos Blog
added 2018/01/05 11:46 a.m.187 views

Threat Round Up for December 29 - January 5

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between December 29 and January 05. As with previous round-ups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavior...

9.3CVSS7.9AI score0.88698EPSS
Exploits14
Talos Blog
Talos Blog
added 2018/01/04 8:39 a.m.19 views

Not So Crystal Clear - Zeus Variant Spoils Ukrainian Holiday

This post was authored by Edmund Brumaghin with contributions from Ben Baker, Dave Maynor and Matthew Molyett. Introduction Talos has observed a cyber attack which was launched using the official website of Ukraine-based accounting software developer Crystal Finance Millennium CFM. This vector is...

7.6AI score
Exploits0
Talos Blog
Talos Blog
added 2018/01/03 9:26 a.m.194 views

Tutorial: Mutiny Fuzzing Framework and Decept Proxy

Here's a basic demo video for our new opensource tools, Decept and Mutiny. Happy New Year ^^ Lilith Recently, Talos released new tools to assist in the monumental task of finding vulnerabilities in network applications. Mutiny and Decept work together to help researchers fuzz quickly and...

7AI score
Exploits0
Talos Blog
Talos Blog
added 2017/12/29 2:29 p.m.20 views

Beers with Talos EP 19: The "Best" of BWT

Beers with Talos BWT Podcast Episode 19 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing: www.talosintelligence.com/podcast EP19 Show Notes: Quotes intended, we think you know why. Mitch takes control to present the best of the...

6.8AI score
Exploits0
Talos Blog
Talos Blog
added 2017/12/19 11:0 a.m.115 views

Vulnerability Spotlight: VMWare VNC Vulnerabilities

Today, Talos is disclosing a pair of vulnerabilities in the VNC implementation used in VMWare's products that could result in code execution. VMWare implements VNC for its remote management, remote access, and automation purposes in VMWare products including Workstation, Player, and ESXi which...

6CVSS9.5AI score0.03571EPSS
Exploits2
Talos Blog
Talos Blog
added 2017/12/19 7:57 a.m.14 views

Virus Bulletin Publication And Presentation

Virus Bulletin conference is a well regarded intimate technical conference focused on malware research. It provides a good balance between listening to technical talks and spending time exchanging experiences with colleagues from different companies; all working on the same task of making our...

6.9AI score
Exploits0
Talos Blog
Talos Blog
added 2017/12/15 7:44 a.m.14 views

Beers with Talos EP 18: Kitties in My Blockchain, Obfuscating Pronunciations, and Other Security Stuff

Beers with Talos BWT Podcast Episode 18 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing: www.talosintelligence.com/podcast EP18 Show Notes: It’s the last full episode of the year! Thanks to you and the diligent work of Matt’s...

6.7AI score
Exploits0
Talos Blog
Talos Blog
added 2017/12/12 3:32 p.m.174 views

Microsoft Patch Tuesday - December 2017

Today, Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 34 new vulnerabilities with 21 of them rated critical and 13 of them rated important. These vulnerabilities...

9.3CVSS1AI score0.68491EPSS
Exploits38
Talos Blog
Talos Blog
added 2017/12/08 11:24 a.m.23 views

Threat Round Up for Dec 01 - Dec 08

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between December 01 and December 08. As with previous round-ups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavior...

6.8AI score
Exploits0
Talos Blog
Talos Blog
added 2017/12/08 5:40 a.m.17 views

Vulnerability Spotlight: TALOS-2017-0393 / CVE-2017-2886 - ACDSee Ultimate 10 Remote Code Execution Vulnerability

Vulnerability discovered by Piotr Bania of Cisco Talos. Overview Talos has discovered a remote code execution vulnerability in the ACDSee Ultimate 10 application from ACD Systems International Inc. Exploiting this vulnerabilities can potentially allow an attacker to gain full control over the...

8.4AI score0.01023EPSS
Exploits0
Talos Blog
Talos Blog
added 2017/12/07 10:6 a.m.276 views

The Mutiny Fuzzing Framework and Decept Proxy

This blog post is authored by James Spadaro of Cisco ASIG and Lilith Wyatt of Cisco Talos. Imagine a scenario where you, as a vulnerability researcher, are tasked with auditing a network application to identify vulnerabilities. By itself, the task may not seem too daunting until you learn of a...

5CVSS8.1AI score0.03742EPSS
Exploits0
Talos Blog
Talos Blog
added 2017/12/06 8:2 a.m.1291 views

Recam Redux - DeConfusing ConfuserEx

This post is authored by Holger Unterbrink and Christopher MarczewskiOverviewThis report shows how to deobfuscate a custom .NET ConfuserEx protected malware. We identified this recent malware campaign in our Advanced Malware Protection AMP telemetry. Initial infection is via a malicious Word...

7.4AI score
Exploits0
Talos Blog
Talos Blog
added 2017/11/30 7:0 a.m.188 views

Vulnerability Walkthrough: 7zip CVE-2016-2334 HFS+ Code Execution Vulnerability

This blog post was authored by Marcin Noga of Cisco Talos.IntroductionIn 2016 Talos released an advisory for CVE-2016-2334, which was a remote code execution vulnerability affecting certain versions of 7zip, a popular compression utility. In this blog post we will walk through the process of...

9.3CVSS9.1AI score0.14742EPSS
Exploits3
Talos Blog
Talos Blog
added 2017/11/27 9:52 p.m.74 views

ROKRAT Reloaded

This post was authored by Warren Mercer, Paul Rascagneres and with contributions from Jungsoo An.Executive SummaryEarlier this year, Talos published 2 articles concerning South Korean threats. The first one was about the use of a malicious HWP document which dropped downloaders used to retrieve...

7.4AI score
Exploits0
Talos Blog
Talos Blog
added 2017/11/22 5:18 a.m.45 views

Talos Wins The 5th Volatility Plugin Contest With Pyrebox

Talos has won this year's 5th Volatility plugin contest with Pyrebox. Volatility is a well-known open-source framework designed to analyze operating system memory. The framework has existed since 2007. For the previous 5 years they have run a plugin contest to find the most innovative, interestin...

6.7AI score
Exploits0
Talos Blog
Talos Blog
added 2017/11/21 11:5 a.m.14 views

Beers with Talos EP 17: Greek Gods, Trojans, and the Spice Girls as Spirit Animals

Beers with Talos BWT Podcast Episode 17 is now available. Download this episode and subscribe to Beers with Talos:img bo...

6.9AI score
Exploits0
Talos Blog
Talos Blog
added 2017/11/20 9:14 a.m.23 views

This Holiday Season - Buy One IoT Device, Get Free CVEs

As the Internet of Things gains steam and continues to develop, so are adversaries and the threats affecting these systems. Companies throughout the world are busy deploying low cost Internet-connected computing devices aka the Internet of Things to solve business problems and improve our lives. ...

7.4AI score
Exploits0
Talos Blog
Talos Blog
added 2017/11/17 8:7 a.m.124 views

Threat Round Up for Nov 10 - Nov 17

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between November 10 and November 17. As with previous round-ups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavior...

6.8AI score
Exploits0
Talos Blog
Talos Blog
added 2017/11/15 7:36 a.m.24 views

Vulnerability Spotlight: Multiple Remote Code Execution Vulnerabilities Within libxls

Vulnerabilities discovered by Marcin Noga of Cisco TalosTalos is releasing seven new vulnerabilities discovered within the libxls library: TALOS-2017-0403, TALOS-2017-0404, TALOS-2017-0426, TALOS-2017-0460, TALOS-2017-0461, TALOS-2017-0462, and TALOS-2017-0463. These vulnerabilities result in...

8.4AI score
Exploits0
Talos Blog
Talos Blog
added 2017/11/14 11:54 a.m.206 views

Microsoft Patch Tuesday - November 2017

Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 53 new vulnerabilities with 19 of them rated critical, 31 of them rated important and 3 of them rated moderate...

9.3CVSS9.6AI score0.99945EPSS
Exploits68
Talos Blog
Talos Blog
added 2017/11/13 7:43 a.m.89 views

Vulnerability Spotlight: Multiple Vulnerabilities in Foscam C1 Indoor HD Cameras

These vulnerabilities were discovered by Claudio Bozzato of Cisco Talos.Executive SummaryThe Foscam C1 Indoor HD Camera is a network-based camera that is marketed for use in a variety of applications, including use as a home security monitoring device. Talos recently identified several...

9.7AI score0.0504EPSS
Exploits24
Talos Blog
Talos Blog
added 2017/11/03 8:6 a.m.29 views

Beers with Talos EP 16: Strong Copy - Bad Rabbit and the Nyetya Connection

Beers with Talos BWT Podcast Episode 16 is now available. Download this episode and subscribe to Beers with Talos:img border="0" data-original-height="45" data-original-width="160" src="https://2.bp.blogspot.com/-E-RSSZ9jbUY/WaWCkLGZnZI/AAAAAAAAAJE/Ciiz-Si...

6.9AI score
Exploits0
Talos Blog
Talos Blog
added 2017/11/02 8:55 a.m.97 views

Poisoning the Well: Banking Trojan Targets Google Search Results

This blog post was authored by Edmund Brumaghin, Earl Carter and Emmanuel Tacheau.SummaryIt has become common for users to use Google to find information that they do not know. In a quick Google search you can find practically anything you need to know. Links returned by a Google search, however,...

7.2AI score
Exploits0
Talos Blog
Talos Blog
added 2017/10/31 12:4 p.m.129 views

Vulnerability Spotlight: The Circle of a Bug’s Life

OverviewCisco Talos is disclosing several vulnerabilities identified in Circle with Disney. Circle with Disney is a network device designed to monitor the Internet use of children on a given network. Circle pairs wirelessly, with your home Wi-Fi and allows you to manage every device on the networ...

9.3CVSS8.6AI score0.03245EPSS
Exploits41
Talos Blog
Talos Blog
added 2017/10/31 8:12 a.m.57 views

Vulnerability Spotlight: Multiple Vulnerabilities in Cesanta Mongoose Server

These vulnerabilities were discovered by Aleksandar Nikolic of Cisco TalosToday, Talos is disclosing several vulnerabilities that have been identified in Cesanta Mongoose server. Cesanta Mongoose is a library implementing a number of networking protocols, including HTTP, MQTT, MDNS and others. It...

7.8CVSS10.6AI score0.31045EPSS
Exploits13
Talos Blog
Talos Blog
added 2017/10/27 3:45 p.m.22 views

Threat Round Up for Oct 20 - Oct 27

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between October 20 and October 27. As with previous round-ups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavior...

7.5AI score
Exploits0
Talos Blog
Talos Blog
added 2017/10/26 7:26 a.m.61 views

Vulnerability Spotlight: Apache OpenOffice Vulnerabilities

Discovered by Marcin ‘Icewall’ Noga of Cisco TalosOverviewToday, Talos is releasing details of three new vulnerabilities discovered within Apache OpenOffice application. The first vulnerability, TALOS-2017-0295 within OpenOffice Writer, the second TALOS-2017-0300 in the Draw application, and the...

6.8CVSS8.8AI score0.02889EPSS
Exploits3
Talos Blog
Talos Blog
added 2017/10/24 1:51 p.m.59 views

Threat Spotlight: Follow the Bad Rabbit

Note: This blog post discusses active research by Talos into a new threat. This information should be considered preliminary and will be updated as research continues.Update 2017-10-26 16:10 EDT: added additional information regarding the links between Nyetya and BadRabbitUpdate 2017-10-26 09:20...

7.4AI score
Exploits0
Talos Blog
Talos Blog
added 2017/10/22 9:22 a.m.35 views

“Cyber Conflict” Decoy Document Used In Real Cyber Conflict

This post was authored by Warren Mercer, Paul Rascagneres and Vitor VenturaUpdate 10/23: CCDCOE released a statement today on their websiteIntroductionCisco Talos discovered a new malicious campaign from the well known actor Group 74 aka Tsar Team, Sofacy, APT28, Fancy Bear…. Ironically the decoy...

7.3AI score
Exploits0
Total number of security vulnerabilities2032