Quantcast
Channel: Cisco Talos Blog
Viewing all 1927 articles
Browse latest View live

Threat Roundup for March 13 to March 20

March 20, 2020, 1:01 pm
$
0
0
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between March 13 and March 20. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is...

[[ This is only the beginning! Please visit the blog for the complete entry ]]
Search

Vulnerability Spotlight: Denial-of-service vulnerability in GStreamer

March 23, 2020, 8:00 am
$
0
0
Peter Wang of Cisco ASIG discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered a denial-of-service vulnerability in GStreamer, a pipeline-based multimedia framework. GStreamer contains gst-rtsp-server, an open-source library that allows the user to build RTSP servers. This function contains an exploit that an attacker could use to cause a null pointer deference, resulting in a denial of service. In accordance with our coordinated disclosure policy, Cisco Talos...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Vulnerability Spotlight: Multiple vulnerabilities in Videolabs libmicrodns

March 23, 2020, 8:21 am
$
0
0
Claudio Bozzato of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. A specific library in the Videolabs family of software contains multiple vulnerabilities that could lead to denial of service and code execution. Videolabs is a company founded by VideoLAN members and is the current editor of the VLC mobile applications and one of the largest contributors to VLC. They also develop libmicrodns, a library which is used by VLC media player for mDNS services discovery. The...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Vulnerability Spotlight: Intel Raid Web Console 3 denial-of-service bugs

March 24, 2020, 7:30 am
$
0
0
Geoff Serrao of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.  Cisco Talos recently discovered two denial-of-service vulnerabilities in the web API functionality of Intel RAID Web Console 3. The Raid Web Console is a web-based application that provides several configuration functions for the Intel RAID line of products, which includes controllers and storage expanders. The console monitors, maintains and troubleshoots these products. An attacker could exploit both of...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Update: COVID-19

March 26, 2020, 1:42 pm
$
0
0
Executive Summary The COVID-19 pandemic is changing everyday life for workers across the globe. Cisco Talos continues to see attackers take advantage of the coronavirus situation to lure unsuspecting users into various pitfalls such as phishing, fraud, and disinformation campaigns. Talos has not yet observed any new techniques during this event. Rather, we have seen malicious actors shift the subject matter of their attacks to focus on COVID themes. We continue to monitor the situation and...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Source newsletter (March 26, 2020)

March 26, 2020, 11:00 am
$
0
0
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. Just because we’re all still working from home doesn’t mean you can stop patching. We’ve been busy this week with a new wave of vulnerabilities we disclosed, including in Intel Web Raid Console, Videolabs and GStreamer. If you’re looking to fill some silence at home or just want to hear a friendly voice, we’re still uploading new...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Roundup for March 20 to March 27

March 27, 2020, 4:37 pm
$
0
0
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between March 20 and March 27. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

COVID-19 relief package provides another platform for bad actors

March 30, 2020, 1:20 pm
$
0
0
The ongoing COVID-19 pandemic continues to yield new subject matter that bad actors can turn into fodder for enticing victims into clicking on malicious links and attachments. On March 27, the CARES Act was signed into law by the President, enacting a wide range of stimulus packages designed to aid Americans and businesses during the crisis. One such measure will authorize a supplemental stimulus check to American citizens. Along with the general increase in coronavirus and COVID-19-themed...

[[ This is only the beginning! Please visit the blog for the complete entry ]]
Search

Trickbot: A primer

March 31, 2020, 11:09 am
$
0
0
By Chris Neal Executive Summary Trickbot remains one of the most sophisticated banking trojans in the landscape while constantly evolving.Highly modular, Trickbot can adapt to different environments with the help of its various modules.The group behind Trickbot has expanded their activities beyond credential theft into leasing malware to APT groups.OverviewIn recent years, the modular banking trojan known as Trickbot has evolved to become one of the most advanced trojans in the threat...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

AZORult brings friends to the party

April 2, 2020, 8:24 am
$
0
0
By Vanja Svajcer. NEWS SUMMARY We are used to ransomware attacks and big game hunting making the headlines, but there is an undercurrent of other attack types that allow attackers to monetize their efforts in a less intrusive way.Here, we discuss a multi-pronged cyber criminal attack using a number of techniques that should alert blue team members with appropriate monitoring capability but are not immediately obvious to end-users.These threats demonstrate several techniques of the MITRE...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Source newsletter (April 2, 2020)

April 2, 2020, 11:00 am
$
0
0
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. As long as COVID-19 is in the headlines (which is going to be a long time) actors are going to try and capitalize. We fully expect to see a rise in spam that’s now related to the economic assistance package passed by the U.S. government. In non-virus-related news, we also have a new overview of the Trickbot banking trojan. This...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Roundup for March 27 to April 3

April 3, 2020, 10:03 am
$
0
0
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between March 27 and April 3. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Beers with Talos Ep. #76: When security hits home (and stays)

April 7, 2020, 5:15 am
$
0
0
Beers with Talos (BWT) Podcast episode No. 76 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Recorded March 27, 2020 Our goal is always to talk to you about what's on our minds. Right now, we are pretty sure we all have the same thing on our minds. In addition to our regular show material, we want to talk through some of the things that we are dealing with professionally and personally in the hopes that...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Fingerprint cloning: Myth or reality?

April 8, 2020, 6:34 am
$
0
0
Phone, computer fingerprint scanners can be defeated with 3-D printing By Paul Rascagneres and Vitor Ventura. A video of presentation of this research is available here. Executive summaryPasswords are the traditional authentication methods for computers and networks. But passwords can be stolen. Biometric authentication seems the perfect solution for that problem. There are several kinds of biometric authentication, including retina scanning, facial recognition and fingerprint authentication,...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Source newsletter for April 9, 2020

April 9, 2020, 11:00 am
$
0
0
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. Nearly all devices have some sort of fingerprint scanner now, used to log users in. But these scanners prevent their own unique attack vector. Two of our researchers discovered that they could trick many devices into unlocking with a replicated fingerprint from a 3-D printer or resin model. For the average user, this may not be a big...

[[ This is only the beginning! Please visit the blog for the complete entry ]]
Search

Threat Roundup for April 3 to April 10

April 10, 2020, 1:42 pm
$
0
0
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between April 3 and April 10. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Quarterly Report: Incident Response trends in Spring 2020

April 13, 2020, 8:03 am
$
0
0
By David Liebenberg. Cisco Talos Incident Response (CTIR) engagements continue to be dominated by ransomware and commodity trojans. As alluded to in last quarter’s report, ransomware actors have begun threatening to release sensitive information from victims as a means of further compelling them to pay. Additionally, DDoS and coinminer threats reemerged in spring 2020 after absences in the previous quarter. Looking at information from November 2019 through January 2020, ransomware maintains...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Microsoft Patch Tuesday — April 2020: Vulnerability disclosures and Snort coverage

April 14, 2020, 11:08 am
$
0
0
By Jon Munshaw.  Microsoft released its monthly security update today, disclosing vulnerabilities across many of its products and releasing corresponding updates. This month's Patch Tuesday covers 115 vulnerabilities. Nineteen of the flaws Microsoft disclosed are considered critical. The remainders are scored as being “important” updates. This month’s security update covers security issues in a variety of Microsoft services and software, including SharePoint, the Windows font library and...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Vulnerability Spotlight: Information disclosure vulnerability in Microsoft Media Foundation

April 14, 2020, 11:08 am
$
0
0
Marcin “Icewall” Noga of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Microsoft Media Foundation contains an information disclosure vulnerability that could allow an attacker to eventually remotely execute code on the victim machine. Media Foundation is a COM-based multimedia framework on most versions of Microsoft Windows that assists with many audio and video operations. An attacker must convince the user to open a specially crafted QuickTime file to trigger this...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Beers with Talos Ep. #77: Quittin’ Time, Vol. 1 — Tigers and tales of the in-between

April 15, 2020, 6:59 am
$
0
0
Beers with Talos (BWT) Podcast episode No. 77 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Recorded April 3, 2020 We’re kinda bored. We figured you are too. So we decided to get together between normal recordings to help save you from the bottom of the Netflix barrel. It gets weird down there. These Quittin’ Time episodes are just the crew hanging out for a bit without a security topic agenda. None of...

[[ This is only the beginning! Please visit the blog for the complete entry ]]
Viewing all 1927 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>