Quantcast
Channel: Cisco Talos Blog
Viewing all 1927 articles
Browse latest View live

Vulnerability Spotlight: Remote code execution vulnerabilities in LEADTOOLS 20

July 1, 2020, 1:07 pm
$
0
0
Cory Duplantis of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered a remote code execution vulnerability in the LEADTOOLS line of imaging toolkits. LEADTOOLS is a collection of toolkits designed to perform a variety of functions aimed at integrating documents, multimedia and imaging technologies into applications. All of the software is produced by LEAD Technologies Inc. LEADTOOLS offers prebuilt and portable libraries with an SDK for most...

[[ This is only the beginning! Please visit the blog for the complete entry ]]
Search

Vulnerability Spotlight: Information disclosure vulnerability in Mozilla Firefox

July 1, 2020, 12:51 pm
$
0
0
Marcin "Icewall" Noga of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered an information disclosure vulnerability in Mozilla Firefox. An attacker can exploit this bug by tricking a user into visiting a specially crafted web page through the browser. If successful, the adversary could use leaked memory to bypass ASLR and, in combination with other vulnerabilities, obtain the ability to execute arbitrary code. In accordance with our coordinated...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Beers with Talos Ep. #86: It’s just an exploit popularity contest...

July 2, 2020, 6:52 am
$
0
0
Beers with Talos (BWT) Podcast episode No. 85 is now available. Download this episode and subscribe to Beers with Talos:Apple Podcasts Google PodcastsSpotify   StitcherIf iTunes and Google Play aren't your thing, click here. By Mitch Neff. Recorded June 5, 2020 Prod. Note: The team decided to hold back on releasing a few episodes for a period of time, acknowledging that there are voices people need to hear more than ours discussing issues vital to...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Vulnerability Spotlight: Google Chrome PDFium memory corruption vulnerability

July 2, 2020, 9:13 am
$
0
0
Aleksandar Nikolic of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. The PDF renderer inside Google Chrome, known as PDFium, contains a memory corruption vulnerability that could be exploited by an adversary. PDFium is open-source software that is utilized in the Chrome browser and other applications.  The software supports the use of JavaScript embedded inside PDFs and other specially crafted documents could corrupt the memory of the application, allowing an adversary to...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Source newsletter for July 2, 2020

July 2, 2020, 11:00 am
$
0
0
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. Our latest research you should catch up on is the Valak malware. This information-stealer sneaks its way onto victim machines by hijacking legitimate email threads. The threat actors send their phishing emails and attachments in email threads, hoping to trick users into thinking they’re legitimate. We also have two vulnerability spotlights that alert users to patches you should make now. One is an information leak in Mozilla...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

WastedLocker Goes "Big-Game Hunting" in 2020

July 8, 2020, 7:12 am
$
0
0
By Ben Baker, Edmund Brumaghin, JJ Cummings and Arnaud Zobec. Threat summary After initially compromising corporate networks, the attacker behind WastedLocker performs privilege escalation and lateral movement prior to activating ransomware and demanding ransom payment.The use of "dual-use" tools and "LoLBins" enables adversaries to evade detection and stay under the radar as they further operate towards their objectives in corporate environments.WastedLocker is one of the latest examples of...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

New Snort rule addresses critical vulnerability in F5 BIG-IP

July 6, 2020, 2:19 pm
$
0
0
By Jon Munshaw. Cisco Talos just released Snort coverage for a prominent vulnerability in F5’s BIG-IP. BIG-IP is one of the most popular networking products on the modern market. This product is used to shape web traffic, access gateways, limit rates and much more. F5 disclosed a remote code execution over the weekend that was assigned a maximum 10 out of 10 severity score. CVE-2020-5902 is a remote code execution vulnerability in BIG-IP's configuration interface. Users are urged to make...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Beers with Talos Ep. #87: Happy 3rd birthday BWT — It’s story time!

July 8, 2020, 8:21 am
$
0
0
Beers with Talos (BWT) Podcast episode No. 85 is now available. Download this episode and subscribe to Beers with Talos:Apple Podcasts Google PodcastsSpotify   StitcherIf iTunes and Google Play aren't your thing, click here. By Mitch Neff. Recorded June 24, 2020 Has it been three years already? We have a great episode to celebrate! We start off chatting about the origins of BWT and what made it… I don’t know… the way that it is. We also have some great guests. Hazel...

[[ This is only the beginning! Please visit the blog for the complete entry ]]
Search

Vulnerability Spotlight: SQL injection vulnerability in Glacies IceHRM

July 10, 2020, 8:52 am
$
0
0
Yuri Kramarz of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos researchers recently discovered that the Glacies' IceHRM software contains a vulnerability that could allow an adversary to inject SQL. IceHRM is a human resource management tool, allowing users to create and track timesheets for employees, upload documents and manage payroll. An attacker could send the software a specially crafted HTTP request, which can open the door for SQL injection. This could...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Roundup for July 3 to July 10

July 10, 2020, 10:43 am
$
0
0
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between July 3 and July 10. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Microsoft Patch Tuesday for July 2020 — Snort rules and prominent vulnerabilities

July 14, 2020, 1:05 pm
$
0
0
By Jon Munshaw. Microsoft released its monthly security update Tuesday, disclosing more than 120 vulnerabilities across its array of products. While only a few vulnerabilities are considered critical, users of all Microsoft and Windows products are urged to update their software as soon as possible to avoid possible exploitation. The security updates cover several different products including the Hyper-V engine, Microsoft Word and the rest of the Microsoft Office suite of products. Talos...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Vulnerability Spotlight: Multiple vulnerabilities in RemoteFX affects, AMD, Intel chips

July 14, 2020, 1:04 pm
$
0
0
Piotr Bania of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered multiple vulnerabilities in Intel’s Graphics Accelerator Driver and in an AMD Radeon driver. The Intel driver was released in 2019 and is used in multiple Intel integrated and non-integrated GPUs. It is likely that an attacker could use these vulnerabilities to exploit users remotely. The vulnerability could also be used to escape out of a Hyper-V virtual machine to access the host...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

What to expect when you’re electing: Talos’ 2020 election security primer

July 16, 2020, 7:07 am
$
0
0
By Jon Munshaw and Matt Olney.  After the 2016 General Election, the talk was all around foreign meddling. Rumors swirled that some votes may have been changed or influenced by state-sponsored actors. Sanctions and accusations followed. Four years later, is the U.S. any more prepared to protect the results of its largest elections? More than you may realize. In Talos’ latest research paper, we take a deep dive into election security after spending the past four years talking to local,...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Source newsletter for July 16, 2020

July 16, 2020, 11:00 am
$
0
0
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. If you haven’t already, we highly recommend you read our in-depth research paper on election security. This paper represents four years of hands-on research, interviews and insight into how things have changed since 2016, and what hurdles remain to secure American elections.  This is just the first release in a series of papers, blog posts and more that we’ll be releasing in the leadup to the November general election....

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Roundup for July 10 to July 17

July 17, 2020, 2:26 pm
$
0
0
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between July 10 and July 17. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is...

[[ This is only the beginning! Please visit the blog for the complete entry ]]
Search

Beers with Talos Ep. #88: It’s not about the vote, it’s about trust

July 22, 2020, 7:06 am
$
0
0
Beers with Talos (BWT) Podcast episode No. 88 is now available. Download this episode and subscribe to Beers with Talos:Apple Podcasts Google PodcastsSpotify   StitcherIf iTunes and Google Play aren't your thing, click here. By Mitch Neff. Recorded July 7, 2020 Nigel is out this week, but we have a couple light and breezy topics on the docket: zero-day research and the institutions of democracy. FUN STUFF!! First, we chat about zero-day research tools and the...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Prometei botnet and its quest for Monero

July 22, 2020, 8:38 am
$
0
0
By Vanja Svajcer NEWS SUMMARYWe are used to ransomware attacks and big-game hunting making the headlines, but there are still methods adversaries use to monetize their efforts in less intrusive ways.Cisco Talos recently discovered a cryptocurrency-mining botnet attack we're calling "Prometei" using several techniques that defenders are likely to spot, but are not immediately obvious to end-users.These threats demonstrate several techniques of the MITRE ATT&CK framework, most notably...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Source newsletter for July 23, 2020

July 23, 2020, 11:00 am
$
0
0
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. While ransomware attacks continue to hog all the headlines, cryptocurrency miners are still running the background, sapping computing power from unsuspecting victims. We have what we believe is the first documentation of a new botnet we're calling "Prometei" that mines for Monero. Here's why you need to be on the lookout for this botnet and why it could be a sign of worse things to come if you're infected. If you didn't get...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Roundup for July 17 to July 24

July 24, 2020, 2:14 pm
$
0
0
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between July 17 and July 24. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Adversarial use of current events as lures

July 29, 2020, 8:21 am
$
0
0
By Nick Biasini. The goal of malicious activity is to compromise the system to install some unauthorized software. Increasingly that goal is tied to one thing: the user. Over the past several years, we as an industry improved exploit mitigation and the value of working exploits has increased accordingly. Together, these changes have had an impact on the threat landscape. We still see large amounts of active exploitation, but enterprises are getting better at defending against them. This has...

[[ This is only the beginning! Please visit the blog for the complete entry ]]
Viewing all 1927 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>