Quantcast
Channel: Cisco Talos Blog
Viewing all 1927 articles
Browse latest View live

Vulnerability Spotlight: Code execution vulnerability in Microsoft Excel

May 12, 2020, 12:05 pm
$
0
0
Marcin “Icewall” Noga of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered a code execution vulnerability in some versions of Microsoft Excel. An attacker could exploit this vulnerability by tricking the victim into opening a specially crafted Excel file, triggering a use-after-free condition and allowing them to execute remote code on the victim machine. Microsoft disclosed and patched this bug as part of their monthly security update Tuesday. For...

[[ This is only the beginning! Please visit the blog for the complete entry ]]
Search

Microsoft Patch Tuesday — May 2020: Vulnerability disclosures and Snort coverage

May 12, 2020, 12:05 pm
$
0
0
By Jon Munshaw.  Microsoft released its monthly security update today, disclosing vulnerabilities across many of its products and releasing corresponding updates. This month's Patch Tuesday covers 123 vulnerabilities. Sixteen of the flaws Microsoft disclosed are considered critical. There are also 95 "important" vulnerabilities and six low- and moderate-severity vulnerabilities each. Cisco Talos specifically disclosed CVE-2020-0901, a code execution vulnerability in Excel. This month’s...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

The basics of a ransomware infection as Snake, Maze expands

May 14, 2020, 12:18 pm
$
0
0
By Joe Marshall (@ImmortanJo3) There have recently been several high-profile ransomware campaigns utilizing Maze and Snake malware. From critical medical supply companies, to large logistics firms, many businesses of all sizes have fallen victim to this cybercrime wave. When an organization falls victim to a ransomware attack, it is only the final stage in an otherwise lengthy compromise process on the adversary’s part. The public often only sees the outcome that makes the news headlines...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Roundup for May 8 to May 15

May 15, 2020, 2:37 pm
$
0
0
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between May 8 and May 15. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Vulnerability Spotlight: Multiple vulnerabilities in Nitro Pro PDF reader

May 18, 2020, 7:13 am
$
0
0
Aleksandar Nikolic and Cory Duplantis of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered two code execution vulnerabilities and an information disclosure flaw in Nitro Pro PDF reader. Nitro PDF allows users to save, read, sign and edit PDFs on their computers. The software contains vulnerabilities that could allow adversaries to carry out a variety of actions. In accordance with our coordinated disclosure policy, Cisco Talos worked with...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Beers with Talos Ep. #81: "The In-Between," Vol. 3

May 18, 2020, 10:36 am
$
0
0
Beers with Talos (BWT) Podcast episode No. 81 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Recorded May 1, 2020 Sammi is back and the rest of the crew is here to hang out and chat. As is The In-Between Way — we avoid discussing security at all. These episodes are all about just keeping in touch and having some fun. Despite Joel forgetting his one job on this podcast, we are taking your (sometimes crazy)...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

The wolf is back...

May 19, 2020, 10:26 am
$
0
0
By Warren Mercer, Paul Rascagneres and Vitor Ventura.  News summaryThai Android devices and users are being targeted by a modified version of DenDroid we are calling "WolfRAT," now targeting messaging apps like WhatsApp, Facebook Messenger and Line.We assess with high confidence that this modified version is operated by the infamous Wolf Research.This actor has shown a surprising level of amateur actions, including code overlaps, open-source project copy/paste, classes never being...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Source newsletter for May 14, 2020

May 20, 2020, 6:06 am
$
0
0
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. Our main focus this week is on Astaroth. This is a malware family that has been targeting Brazil with a variety of lures, including COVID-19-themed documents, for the past nine to 12 months. Astaroth implements a robust series of anti-analysis/evasion techniques, among the most thorough we've seen recently. We have the full rundown of...

[[ This is only the beginning! Please visit the blog for the complete entry ]]
Search

Vulnerability Spotlight: Authentication bypass vulnerability in some Epson projectors

May 21, 2020, 8:49 am
$
0
0
Yuri Kramarz of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. The Epson EB-1470UI Projector contains an authentication bypass vulnerability in its web control functionality. This projector allows users to control it over the web. However, an adversary could trick a user into opening a specifically crafted web page, which would allow the attacker to bypass authentication and giving them full read/write configuration access. Cisco Talos is disclosing this vulnerability...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Vulnerability Spotlight: Memory corruption vulnerability in GNU Glibc leaves smart vehicles open to attack

May 21, 2020, 8:45 am
$
0
0
By Sam Dytrych and Jason Royes. Executive summary Modern automobiles are complex machines, merging both mechanical and computer systems under one roof. As automobiles become more advanced, additional sensors and devices are added to help the vehicle understand its internal and external environments. These sensors provide drivers with real-time information, connect the vehicle to the global fleet network and, in some cases, actively use and interpret this telemetry data to drive the...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Source newsletter for May 21, 2020

May 21, 2020, 11:00 am
$
0
0
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. Beers with Talos chugs on during quarantine with the latest episode of “The In-Between.” Once again, the hosts talk about everything but security, answering listener questions from Twitter. The most pressing threat we have this week is WolfRAT, a variant of the DenDroid Android malware. WolfRAT is attempting to exploit users on...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Beers with Talos Ep. #82: Talos IR quarterly threat trends

May 26, 2020, 8:16 am
$
0
0
Beers with Talos (BWT) Podcast episode No. 82 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Recorded May 8, 2020 Brad Garnett from Cisco Talos Incident Response joins us today to talk about DFIR, the Talos Quarterly Trends Report, and how a high-speed police chase on reality TV kick-started his DFIR career. That’s not even clickbait, for real. After Brad drops a quick IR trends briefing on us, the crew...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Dynamic Data Resolver (DDR) — IDA Plugin 1.0 beta

May 28, 2020, 7:59 am
$
0
0
By Holger Unterbrink Executive summaryStatic reverse-engineering in IDA can often be problematic. Certain values are calculated at run time, which makes it difficult to understand what a certain basic block is doing. If you try to perform dynamic analysis by debugging a piece of malware, the malware will often detect it and start behaving differently. Today, Cisco Talos is releasing the 1.0 beta version of Dynamic Data Resolver (DDR) — a plugin for IDA that makes reverse-engineering malware...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Source newsletter for May 28, 2020

May 28, 2020, 11:00 am
$
0
0
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. We need to start things off by wishing a Happy Birthday to Beers with Talos! The first episode was released on May 12, 2017. To celebrate, we have a new episode out this week and are working on another “In Between” for next week. Send in your questions on Twitter to @TalosSecurity to have them answered on the show. Upcoming...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Roundup for May 22 to May 29

May 29, 2020, 2:21 pm
$
0
0
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between May 22 and May 29. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is...

[[ This is only the beginning! Please visit the blog for the complete entry ]]
Search

Vulnerability Spotlight: VMware Workstation 15 denial-of-service vulnerability

June 1, 2020, 6:13 am
$
0
0
Piotr Bania of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered a denial-of-service vulnerability in VMware Workstation 15. VMware allows users to set up virtual machines and operate various operating systems outside of the ones designed for their machines. This vulnerability exists in VMware guest mode, and could allow an attacker to cause a panic condition in VMware host, leading to a crash. In accordance with our coordinated disclosure...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Vulnerability Spotlight: Two vulnerabilities in Zoom could lead to code execution

June 3, 2020, 7:23 am
$
0
0
A member of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered two vulnerabilities in the popular Zoom video chatting application that could allow a malicious user to execute arbitrary code on victims’ machines. Video conferencing software has skyrocketed in popularity during the COVID-19 pandemic as individuals across the globe are encouraged to work from home and avoid close face-to-face contact with friends and family. In accordance with our...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Source newsletter for June 4, 2020

June 4, 2020, 10:40 am
$
0
0
Newsletter compiled by Jon Munshaw. Our social media content and promotion are on pause this week as there are more important issues being discussed and other voices that need to be heard. However, we still wanted to provide users with the latest IOCs and threats we’re seeing. Upcoming public engagementsEvent: “Everyone's Advanced Now: The evolution of actors on the threat landscape” at Interop Tokyo 2020Location: Streaming on the conference's website Date: June 10 -...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Roundup for May 29 to June 5

June 5, 2020, 2:18 pm
$
0
0
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between May 29 and June 5. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Vulnerability Spotlight: Multiple vulnerabilities in Siemens LOGO! PLC

June 9, 2020, 8:28 am
$
0
0
Alexander Perez-Palma of Cisco Talos and Emanuel Almeida of Cisco Systems discovered these vulnerabilities. Blog by Jon Munshaw. Cisco researchers recently discovered several vulnerabilities in the Siemens LOGO! PLC. The LOGO! allows users to control various automation projects, such as industrial control systems and other commercial and home settings. The product contains several vulnerabilities that an adversary could use to carry out a variety of malicious activities. In accordance with...

[[ This is only the beginning! Please visit the blog for the complete entry ]]
Viewing all 1927 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>