Quantcast
Channel: Cisco Talos Blog
Viewing all 1927 articles
Browse latest View live

Threat Roundup for August 21 to August 27

August 27, 2020, 12:44 pm
$
0
0
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Aug. 21 and Aug. 27. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is...

[[ This is only the beginning! Please visit the blog for the complete entry ]]
Search

Vulnerability Spotlight: Multiple SQL, code injection vulnerabilities in OpenSIS

August 31, 2020, 7:08 am
$
0
0
Yuri Kramarz and Yves Younan discovered these vulnerabilities. Blog by Jon Munshaw Cisco Talos researchers recently discovered multiple vulnerabilities in the OpenSIS software family. OpenSIS is a student information management system for K-12 students. It is available in commercial and open-source versions and allows schools to create schedules and track attendance, grades and transcripts. An adversary could take advantage of these bugs to carry out a range of malicious activities, including...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Quarterly Report: Incident Response trends in Summer 2020

September 1, 2020, 8:00 am
$
0
0
By David Liebenberg and Caitlin Huey. For the fifth quarter in a row, Cisco Talos Incident Response (CTIR) observed ransomware dominating the threat landscape. Infections involved a wide variety of malware families including Ryuk, Maze, LockBit, and Netwalker, among others.  In a continuation of trends observed in last quarter’s report, these ransomware attacks have relied much less on commodity trojans such as Emotet and Trickbot. Interestingly, 66 percent of all ransomware attacks this...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Vulnerability Spotlight: Code execution, memory corruption vulnerabilities in Accusoft ImageGear

September 1, 2020, 11:49 am
$
0
0
 Emmanuel Tacheau of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered two vulnerabilities in Accusoft ImageGear. The ImageGear library is a document-imaging developer toolkit to assist users with image conversion, creation, editing and more. There are vulnerabilities in certain functions of ImageGear that could allow an attacker to execute code on the victim machine or corrupt the memory of the application. In accordance with our...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Beers with Talos ep. #91: Get the FUD out

September 1, 2020, 11:58 am
$
0
0
Beers with Talos (BWT) Podcast episode No. 91 is now available. Download this episode and subscribe to Beers with Talos:Apple Podcasts Google PodcastsSpotify   StitcherIf iTunes and Google Play aren't your thing, click here. By Mitch Neff. Recorded Aug. 14, 2020 Let’s talk about FUD. It’s not enough to just say FUD sucks. Let’s talk about exactly how and why producers of FUD are garbage nightmare monster people. We also cover how they are actually damaging...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Better email classification, courtesy of you

September 2, 2020, 7:11 am
$
0
0
Cisco customers with Email Security Appliances (ESA) or Cloud Email Security (CES) accounts already know the benefits of Cisco’s email filtering. Every day, millions of malicious emails are automatically sent to the trash bin. Cisco encourages customers to participate in honing those filters by submitting incorrectly classified email through the Cisco Security email plug-in or by direct email. Introducing the Email Status Portal for TalosIntelligence.com  The new Cisco Talos Email...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Salfram: Robbing the place without removing your name tag

September 3, 2020, 8:06 am
$
0
0
By Holger Unterbrink and Edmund Brumaghin.  Threat summary Cisco Talos recently uncovered a series of email campaigns utilizing links to malicious documents hosted on legitimate file-sharing platforms to spread malware.The campaigns distributed various malware payloads including Gozi ISFB, ZLoader, SmokeLoader and AveMaria, among others.Ongoing campaigns are distributing various malware families using the same crypter. While effective, this crypting mechanism contains an easy-to-detect...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Source newsletter for Sept. 3, 2020

September 3, 2020, 11:00 am
$
0
0
 Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers.  We recently uncovered a series of email campaigns utilizing links to malicious documents hosted on legitimate file-sharing platforms to spread malware. The campaigns distributed various malware payloads including Gozi ISFB, ZLoader, SmokeLoader and AveMaria, among others. Check out our complete details of the threat and our protections here.  We are also excited to show off our fancy new Talos Email Status...

[[ This is only the beginning! Please visit the blog for the complete entry ]]
Search

Threat Roundup for August 28 to September 4

September 4, 2020, 3:17 pm
$
0
0
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Aug. 28 and Sept. 4. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Vulnerability Spotlight: Privilege escalation in Windows 10 CLFS driver

September 8, 2020, 1:32 pm
$
0
0
Marcin “Icewall” Noga of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered a privilege escalation vulnerability in the Windows 10 Common Log File System. CLFS is a general-purpose logging service that can be used by software clients running in user-mode or kernel-mode. A malformed CLFS log file could cause a pool overflow, and an adversary could gain the ability to execute code on the victim machine. A regular user needs to open the log file to...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Microsoft Patch Tuesday for Sept. 2020 — Snort rules and prominent vulnerabilities

September 8, 2020, 1:27 pm
$
0
0
By Jon Munshaw.  Microsoft released its monthly security update Tuesday, disclosing more than 120 vulnerabilities across its array of products.  Twenty-three of the vulnerabilities are considered “critical" while the vast remainder are ranked as “important.” Users of all Microsoft and Windows products are urged to update their software as soon as possible to avoid possible exploitation of all these bugs. The security updates cover several different products including the Microsoft...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Roundtable video: Disinformation and election security

September 9, 2020, 7:30 am
$
0
0
By Jon Munshaw. In our continued coverage of election security, we decided to sit down with four Talos and Cisco researchers to discuss disinformation. As we outlined in our recent research paper, disinformation is one of the cornerstones of threat actors' efforts to disrupt the American election process. In this video, we dive even deeper to discuss things like how legitimate websites can fall victim to disinformation campaigns and what can be done to stop the spread of fake news. You can...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Source newsletter for Sept. 10, 2020

September 10, 2020, 11:00 am
$
0
0
  Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers.  In our continued research on election security, we have a new video roundtable discussion up on our YouTube page. In this Q&A-style format, I ask our researchers questions about the work they’ve done researching disinformation (aka “fake news”) and how to combat the spread of it.  Microsoft Patch Tuesday was also this week. For our recap of all 120-something vulnerabilities Microsoft discovered, click...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Roundup for September 4 to September 11

September 11, 2020, 12:13 pm
$
0
0
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Sept. 4 and Sept. 11. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Vulnerability Spotlight: Memory corruption in Google PDFium

September 14, 2020, 12:16 pm
$
0
0
Aleksandar Nikolic of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Google Chrome's PDFium feature could be exploited by an adversary to corrupt memory and potentially execute remote code. Chrome is a popular, free web browser available on all operating systems. PDFium allows users to open PDFs inside Chrome. We recently discovered a bug that would allow an adversary to send a malicious web page to a user, and then cause out-of-bounds memory access. In accordance with our...

[[ This is only the beginning! Please visit the blog for the complete entry ]]
Search

Vulnerability Spotlight: Multiple vulnerabilities in Nitro Pro PDF reader

September 15, 2020, 10:30 am
$
0
0
Cisco Talos researchers discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered multiple code execution vulnerabilities in the Nitro Pro PDF reader. Nitro PDF allows users to save, read, sign and edit PDFs on their computers. The software contains vulnerabilities that could allow adversaries to exploit a victim machine in multiple ways that would eventually allow them to execute code. In accordance with our coordinated disclosure policy, Cisco Talos worked with...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Vulnerability Spotlight: Remote code execution vulnerability Apple Safari

September 17, 2020, 7:21 am
$
0
0
Marcin "Icewall" Noga of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. The Apple Safari web browser contains a remote code execution vulnerability in its Webkit feature. Specifically, an attacker could trigger a use-after-free condition in WebCore, the DOM-rendering system for Webkit used in Safari. This could give the attacker the ability to execute remote code on the victim machine. A user needs to open a specially crafted, malicious web page in Safari to trigger this...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Source newsletter for Sept. 17, 2020

September 17, 2020, 11:00 am
$
0
0
   Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers.  We’ve got a couple of vulnerabilities you should know about. Monday, we disclosed a bug in Google Chrome’s PDFium feature that opens the door for an adversary to execute remote code.  Our researchers also discovered several vulnerabilities in the Nitro Pro PDF Reader. The software contains vulnerabilities that could allow adversaries to exploit a victim machine in multiple ways that would eventually...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Beers with Talos ep. #92: Trending in Your Network — Disinformation

September 18, 2020, 2:47 pm
$
0
0
Beers with Talos (BWT) Podcast episode No. 92 is now available. Download this episode and subscribe to Beers with Talos:Apple Podcasts Google PodcastsSpotify   StitcherIf iTunes and Google Play aren't your thing, click here. By Mitch Neff. Recorded Aug. 26, 2020 Disinformation is front and center right now. As disinformation efforts constantly increase, platforms struggle to contain the problem without giving the appearance of censuring or controlling all information...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Roundup for September 11 to September 18

September 18, 2020, 1:10 pm
$
0
0
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Sept. 11 and Sept. 18. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is...

[[ This is only the beginning! Please visit the blog for the complete entry ]]
Viewing all 1927 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>