Quantcast
Channel: Cisco Talos Blog
Viewing all 1927 articles
Browse latest View live

Threat Source newsletter for April 16, 2020

April 16, 2020, 11:14 am
$
0
0
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. It’s what — week 5 of this quarantine in the U.S.? Week 6? We’ve lost count. And so did the Beers with Talos guys. But lucky for you, that led to a — shall we say — unique podcast episode. This week was Microsoft Patch Tuesday. The company disclosed more than 100 vulnerabilities and more than a dozen that were considered critical. We...

[[ This is only the beginning! Please visit the blog for the complete entry ]]
Search

PoetRAT: Python RAT uses COVID-19 lures to target Azerbaijan public and private sectors

April 16, 2020, 11:14 am
$
0
0
By Warren Mercer, Paul Rascagneres and Vitor Ventura. News summaryAzerbaijan government and energy sector likely targeted by an unknown actor.From the energy sector, the actor demonstrates interest in SCADA systems related to wind turbines.The actor uses Word documents to drop malware that allows remote control over the victims.The new remote access trojan, dubbed PoetRAT, is written in Python and is split into multiple parts.The actor collects files, passwords and even images from the webcam,...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Roundup for April 10 to April 17

April 17, 2020, 12:09 pm
$
0
0
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between April 10 and April 17. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Vulnerability Spotlight: Zoom Communications user enumeration

April 21, 2020, 8:21 am
$
0
0
Video conferencing and calling software has spiked in popularity as individuals across the globe are forced to stay home due to the COVID-19 pandemic. There are a plethora of players in this space, with one or two getting increased attention. One service in particular — Zoom — has received an enormous amount of attention from the media and users. Today, Cisco Talos is disclosing a user enumeration vulnerability in Zoom Communications that could allow a malicious user to obtain a complete list...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Beers with Talos Ep. #78: Fingerprints and hunting parties

April 21, 2020, 2:30 pm
$
0
0
Beers with Talos (BWT) Podcast episode No. 78 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Recorded April 10, 2020 We have a couple great topics today — and only one of them is a COVID-19 related topic. So, it turns out that you can fake fingerprints. The good news is that it takes a lot of time, equipment and expertise. It is much easier for a criminal to just make you unlock it yourself. We have also...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Talos Incident Response announces new, lower price through July 25

April 22, 2020, 6:40 am
$
0
0
Today’s world looks very different than three months ago. More people work remotely than ever before. IT teams work around the clock to expand capacity and new software and services are being deployed to handle the load. Within this new remote environment, we have seen new malware families and threat actors taking advantage of our current situation by increasing spam and phishing schemes. Cisco Talos Incident Response wants to help address the increased need for security planning and...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Spotlight: MedusaLocker

April 23, 2020, 8:37 am
$
0
0
By Edmund Brumaghin, with contributions from Amit Raut. Overview MedusaLocker is a ransomware family that has been observed being deployed since its discovery in 2019. Since its introduction to the threat landscape, there have been several variants observed. However, most of the functionality remains consistent. The most notable differences are changes to the file extension used for encrypted files and the look and feel of the ransom note that is left on systems following the encryption...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Source newsletter for April 23, 2020

April 23, 2020, 11:00 am
$
0
0
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. There’s a new Beers with Talos podcast out now. And guess what? They actually talk about security this time! The guys are looking for listener questions to answer on the next episode. If you have something you want to ask, just @ us on Twitter.  Everyone is using some type of video chatting software at this point as we all work...

[[ This is only the beginning! Please visit the blog for the complete entry ]]
Search

Threat Roundup for April 17 to April 24

April 24, 2020, 12:45 pm
$
0
0
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between April 17 and April 24. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Upgraded Aggah malspam campaign delivers multiple RATs

April 29, 2020, 8:54 am
$
0
0
By Asheer Malhotra Cisco Talos has observed an upgraded version of a malspam campaign known to distribute multiple remote access trojans (RATs).The infection chain utilized in the attacks is highly modularized.The attackers utilize publicly available infrastructure such as Bitly and Pastebin (spread over a number of accounts) to direct and host their attack components.Network-based detection, although important, should be combined with endpoint protections to combat this threat and provide...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Beers with Talos Ep. #79: The In-Between vol. 2 (It's a better name than Quittin' Time)

April 30, 2020, 10:40 am
$
0
0
Beers with Talos (BWT) Podcast episode No. 79 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Recorded April 22, 2020 We are renaming these episodes. “Quittin’ time” was OK and all, but “The In-between” better captures what these episodes are. Compared to our normal episodes, you can expect the same lack of actual security content presented in Vol. 1, just a shorter format. You seem to enjoy us taking...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Source newsletter for April 30, 2020

April 30, 2020, 11:00 am
$
0
0
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. Our newest research post focuses on the Aggah campaign. Threat actors are pushing Aggah to victims via malicious Microsoft Word documents, eventually using the infection to install Agent Tesla, njRAT and Nanocore RAT. Here’s what to be on the lookout for, and what you can do to fend off these attacks. And, as always, we have...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Roundup for April 24 to May 1

May 1, 2020, 11:11 am
$
0
0
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between April 24 and May 1. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Vulnerability Spotlight: Multiple code execution vulnerabilities in Accusoft ImageGear

May 5, 2020, 12:31 pm
$
0
0
Emmanuel Tacheau of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered four code execution vulnerabilities in Accusoft ImageGear. The ImageGear library is a document-imaging developer toolkit to assist users with image conversion, creation, editing and more. There are vulnerabilities in certain functions of ImageGear that could allow an attacker to execute code on the victim machine. In accordance with our coordinated disclosure policy, Cisco...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Vulnerability Spotlight: Code execution vulnerability in 3S CODESYS

May 6, 2020, 10:41 am
$
0
0
Carl Hurd of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered an exploitable code execution vulnerability in 3S’ CODESYS Control SoftPLC runtime system. The system allows any embedded or PC device to convert into an IEC 61131-3-complaint industrial controller. A specific task in this system contains a code execution vulnerability that an attacker could exploit by sending a malicious packet to the victim machine.  In accordance with our...

[[ This is only the beginning! Please visit the blog for the complete entry ]]
Search

Beers with Talos Ep. #80: Working securely in a new (not yet) normal

May 6, 2020, 12:58 pm
$
0
0
Beers with Talos (BWT) Podcast episode No. 80 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Recorded April 24, 2020 Matt isn’t with us today, but the rest of the crew discusses some current security issues in our new work-from-home environment, including some better-than-just-the-basics advice on how to protect yourself and your organization’s data. We go a bit more in-depth on VPN and explain how VPNs...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Source newsletter for May 7, 2020

May 7, 2020, 11:00 am
$
0
0
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week.  With all of us working from home, Beers with Talos episodes are coming out faster than ever. This week, we have an actual episode with security discussions rather than the “Cats” movie, including the importance of split-tunneling.   There are also two Vulnerability Spotlights out alerting users of bugs in 3S CODESYS and...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Roundup for May 1 to May 8

May 8, 2020, 1:04 pm
$
0
0
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between May 1 and May 8. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Spotlight: Astaroth — Maze of obfuscation and evasion reveals dark stealer

May 11, 2020, 8:45 am
$
0
0
By Nick Biasini, Edmund Brumaghin and Nick Lister. Cisco Talos is detailing an information stealer, Astaroth, that has been targeting Brazil with a variety of lures, including COVID-19 for the past nine to 12 months.Complex maze of obfuscation and anti-analysis/evasion techniques implemented by Astaroth inhibit both detection and analysis of the malware family.Creative use of YouTube channel descriptions for encoded and encrypted command and control communications (C2) implemented by...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Vulnerability Spotlight: Remote code execution vulnerabilities in Adobe Acrobat Reader

May 12, 2020, 10:00 am
$
0
0
Aleksandar Nikolic of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered two remote code execution vulnerabilities in Adobe Acrobat Reader. Acrobat supports a number of features, including the ability to process embedded JavaScript. These flaws specifically exist in the way the software handles the destruction of annotations from inside event handlers. An attacker could trigger these exploits by tricking a user into opening a malicious file or web...

[[ This is only the beginning! Please visit the blog for the complete entry ]]
Viewing all 1927 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>