Quantcast
Channel: Cisco Talos Blog
Viewing all 1927 articles
Browse latest View live

Microsoft Patch Tuesday for June 2020 — Snort rules and prominent vulnerabilities

June 9, 2020, 5:49 pm
$
0
0
By Jon Munshaw.  Microsoft released its monthly security update Tuesday, disclosing more than 120 vulnerabilities across its array of products. While none of the vulnerabilities disclosed have been exploited in the wild, users of all Microsoft and Windows products are urged to update their software as soon as possible to avoid possible exploitation.  The security updates cover several different products including the VBScript engine, SharePoint file-sharing service and GDI+. Talos...

[[ This is only the beginning! Please visit the blog for the complete entry ]]
Search

Vulnerability Spotlight: Remote code execution vulnerability in Firefox’s SharedWorkerService function

June 10, 2020, 7:00 am
$
0
0
Marcin “Icewall” Noga of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. The Mozilla Firefox web browser contains a vulnerability in its SharedWorkerService function that could allow an attacker to gain the ability to remotely execute code on a target’s machine. This vulnerability can be triggered if the user visits a malicious web page. The attacker can design this page in a way that it would cause a race condition, eventually leading to a use-after-free vulnerability and...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Vulnerability Spotlight: Two code execution vulnerabilities in Microsoft Excel

June 10, 2020, 1:21 pm
$
0
0
Marcin “Icewall” Noga of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos researchers recently discovered two code execution vulnerabilities in Microsoft Excel. Microsoft released updates for these two bugs as part of their Patch Tuesday security update this week. Both vulnerabilities specifically relate to the component in Excel that handles the Microsoft Office HTML and XML file types. An adversary could exploit these vulnerabilities in such a way that would...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Source newsletter for June 11, 2020

June 11, 2020, 11:00 am
$
0
0
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. We are back this week with new content, mainly around Microsoft Patch Tuesday. We have our complete breakdown of all the vulns here, as well as in-depth information on two remote code execution vulnerabilities one of our researchers discovered in Excel.  We also have new dates for Cisco Live, which will take place on June 15 - 17. You can see the full signup details below, and after the 17th, you can access Talos’...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Tor2Mine is up to their old tricks — and adds a few new ones

June 11, 2020, 12:00 pm
$
0
0
By Kendall McKay and Joe Marshall THREAT SUMMARY Cisco Talos has identified a resurgence of activity by Tor2Mine, a cryptocurrency mining group that was likely last active in 2018. Tor2Mine is deploying additional malware to harvest credentials and steal more money, including AZORult, an information-stealing malware; the remote access tool Remcos; the DarkVNC backdoor trojan; and a clipboard cryptocurrency stealer.The actors are also using a new IP address and two new domains to carry out...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Beers with Talos Ep. #83: The In-between, Vol. 4

June 12, 2020, 8:07 am
$
0
0
Beers with Talos (BWT) Podcast episode No. 83 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. By Mitch Neff. Recorded May 15, 2020 Prod. Note: Things are a hot mess right now and the team thinks that there are voices you have needed to hear more than ours, so we held back on releasing a few episodes. We are releasing those now, please pardon any weeks-old info. Be safe, be kind, and listen to each other....

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Roundup for June 5 to June 12

June 12, 2020, 3:57 pm
$
0
0
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between June 5 and June 12. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Quarterly report: Incident Response trends in Summer 2020

June 15, 2020, 11:46 am
$
0
0
By David Liebenberg and Caitlin Huey. For the fourth quarter in a row, Ryuk dominated the threat landscape in incident response. As we mentioned in last quarter’s report, Ryuk has shifted from relying on commodity trojans to using living-off-the-land tools. This has led to a decrease in observations of attacks leveraging commodity trojans. Email remained the top infection vector, though we observe increased compromises of remote desktop services (RDS) as well as Citrix devices and Pulse VPN....

[[ This is only the beginning! Please visit the blog for the complete entry ]]
Search

Updates to Snort setup guides

June 15, 2020, 11:49 am
$
0
0
Our documentation on Snort 3 running on CentOS and the Snort Rules Writing guide to Snort 3. Thanks to community member Yaser for providing the updates. The Snort 3 guide now has expanded information on logging options — such as syslog and JSON. There is also a new performance optimization section. The Rules Writing guide has new syntax comparisons for various file_type detection for various Snort versions, as well as a comparison of app ID. As always, you can view all of our guides on the...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Roundup for May 29 to June 5

June 5, 2020, 2:18 pm
$
0
0
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between May 29 and June 5. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Beers with Talos Ep. #84: Mid-career advancement in cyber security

June 18, 2020, 5:57 am
$
0
0
Beers with Talos (BWT) Podcast episode No. 84 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. By Mitch Neff. Recorded May 26, 2020 Prod. Note: Things are a hot mess right now and the team thinks that there are voices you have needed to hear more than ours, so we held back on releasing a few episodes. We are releasing those now, please pardon any weeks-old info. Be safe, be kind, and listen to each other....

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Source newsletter for June 18, 2020

June 18, 2020, 11:00 am
$
0
0
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. Now that Cisco Live is over, you can access both of Talos’ talks on-demand here if you registered for the online event.  The latest Beers with Talos episode covers how to push your career in cyber security forward when you feel like you’re stuck in a rut. Surprisingly, the hosts actually had some helpful insights to offer. We also have our latest quarterly insights from Cisco Talos Incident Response, which recaps the...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

IndigoDrop spreads via military-themed lures to deliver Cobalt Strike

June 22, 2020, 10:40 am
$
0
0
By Asheer Malhotra. Cisco Talos has observed a malware campaign that utilizes military-themed malicious Microsoft Office documents (maldocs) to spread Cobalt Strike beacons containing full-fledged RAT capabilities. These maldocs use malicious macros to deliver a multistage and highly modular infection. This campaign appears to target military and government organizations in South Asia.Network-based detection, although important, should be combined with endpoint protections to combat this...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Cisco Talos replacing all mentions of 'blacklist,' 'whitelist'

June 23, 2020, 5:56 am
$
0
0
There are many ways to respond to injustice, both large and small, but each response is important. While we acknowledge it is a small change, Cisco Talos is moving to replace our use of the terms "blacklist" and "whitelist" with "block list" and "allow list.” Even though these terms are commonly in use in the security industry, we will not go along with casually assigning positive connotations to "white" while assigning negative connotations to "black.” We stand by Cisco CEO Chuck Robbins’...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Vulnerability Spotlight: Denial-of-service vulnerability in NVIDIA driver

June 24, 2020, 12:53 pm
$
0
0
Piotr Bania of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Executive summaryThe NVWGF2UMX_CFG.DLL driver contains a denial-of-service vulnerability that an attacker could use to disrupt processes over a virtual machine. An adversary could exploit this bug by providing a specially crafted pixel shader over VMware guests and VMware hosts, leading to VMware to process crash on the host machine. In accordance with our coordinated disclosure policy, Cisco Talos worked with...

[[ This is only the beginning! Please visit the blog for the complete entry ]]
Search

Threat Source newsletter for June 25, 2020

June 25, 2020, 11:00 am
$
0
0
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. We recently decided to replace our use of the terms "blacklist" and "whitelist" with "block list" and "allow list.” Even though these terms are commonly in use in the security industry, we will not go along with casually assigning positive connotations to "white" while assigning negative connotations to "black.” Elsewhere, we have new episodes of Beers with Talos and Talos Takes up. Check them out on our podcasts page or...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Roundup for June 19 to June 26

June 26, 2020, 1:04 pm
$
0
0
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between June 19 and June 26. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Beers with Talos Ep. #85: The In-Between, Vol. 5

June 29, 2020, 6:51 am
$
0
0
Beers with Talos (BWT) Podcast episode No. 85 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. By Mitch Neff. Recorded May 29, 2020 Prod. Note: Things are a hot mess right now and the team thinks that there are voices you have needed to hear more than ours, so we held back on releasing a few episodes. We are releasing those now, please pardon any weeks-old info. Be safe, be kind, and listen to each other....

[[ This is only the beginning! Please visit the blog for the complete entry ]]

PROMETHIUM extends global reach with StrongPity3 APT

June 29, 2020, 11:54 am
$
0
0
By Warren Mercer, Paul Rascagneres and Vitor Ventura. News summaryThe threat actor behind StrongPity is not deterred despite being exposed multiple times over the past four years.They continue to expand their victimology and attack seemingly non related countries.This kind of continuous improvement suggests there is a possibility that this is an exported solution for other actors to use.Executive summaryThe PROMETHIUM threat actor — active since 2012 — has been exposed multiple times over the...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Spotlight: Valak Slithers Its Way Into Manufacturing and Transportation Networks

July 1, 2020, 8:21 am
$
0
0
By Nick Biasini, Edmund Brumaghin and Mariano Graziano. Threat summary Attackers are actively distributing the Valak malware family around the globe, with enterprises, in particular, being targeted.These campaigns make use of existing email threads from compromised accounts to greatly increase success.The additional use of password-protected ZIP files can create a blind spot in security protections.The overwhelming majority of campaigns occurred over the last couple of months and targeted...

[[ This is only the beginning! Please visit the blog for the complete entry ]]
Viewing all 1927 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>