Quantcast
Channel: Cisco Talos Blog
Viewing all 1927 articles
Browse latest View live

New Snort, ClamAV coverage strikes back against Cobalt Strike

September 20, 2020, 9:01 pm
$
0
0
By Nick Mavis. Editing by Joe Marshall and Jon Munshaw. Cisco Talos is releasing a new research paper called “The Art and Science of Detecting Cobalt Strike.” We recently released a more granular set of updated SNORTⓇ and ClamAVⓇ detection signatures to detect attempted obfuscation and exfiltration of data via Cobalt Strike, a common toolkit often used by adversaries. Cobalt Strike is a “paid software platform for adversary simulations and red team operations.” It is used by professional...

[[ This is only the beginning! Please visit the blog for the complete entry ]]
Search

The Internet did my homework

September 24, 2020, 9:45 am
$
0
0
By Jaeson Schultz and Matt Valites. As students return to school for in-person and virtual learning, Cisco Talos discovered an increase in DNS requests coming into Umbrella resolving domains we classify as "academic fraud." Data from Pew Research on back-to-school dates aligns with the growth we observed in queries to these malicious domains. The figure below shows that queries to academic fraud domains nearly quadrupled starting the week of Aug. 12, the most popular week to start schools in...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Source newsletter for Sept. 24, 2020

September 24, 2020, 11:00 am
$
0
0
    Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers.  After months (years?) in beta, an official release candidate is out now for Snort 3. Stay tuned for an officially official release in about a month.  In other Snort rules, we also have a deep dive into our detection and prevention of Cobalt Strike. One of our researchers, Nicholas Mavis, did an amazing job breaking down what goes into writing Snort rules and ClamAV signatures, for those of you who...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Roundup for September 18 to September 25

September 25, 2020, 1:23 pm
$
0
0
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Sept. 18 and Sept. 25. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Microsoft Netlogon exploitation continues to rise

September 28, 2020, 4:19 pm
$
0
0
Cisco Talos is tracking a spike in exploitation attempts against the Microsoft vulnerability CVE-2020-1472, an elevation of privilege bug in Netlogon, outlined in the August Microsoft Patch Tuesday report. The vulnerability stems from a flaw in a cryptographic authentication scheme used by the Netlogon Remote Protocol which — among other things — can be used to update computer passwords by forging an authentication token for specific Netlogon functionality. This flaw allows attackers to...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

LodaRAT Update: Alive and Well

September 29, 2020, 11:32 am
$
0
0
By Chris Neal. During our continuous monitoring of LodaRAT, Cisco Talos observed changes in the threat that add new functionality. Multiple new versions of LodaRAT have been spotted being used in the wild.These new versions of LodaRAT abandoned their previous obfuscation techniques.Direct interaction with the threat actor was observed during analysis, indicating the actor is actively monitoring infected hosts.What's New? Talos recently identified new versions of LodaRAT, a remote access trojan...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Vulnerability Spotlight: Remote code execution bugs in NVIDIA D3D10 driver

September 30, 2020, 12:37 pm
$
0
0
Piotr Bania of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered multiple remote code execution vulnerabilities in the NVIDIA D3D10 driver. This driver supports multiple GPUs that NVIDIA produces. An adversary could exploit these vulnerabilities by supplying the user with a malformed shader, eventually allowing them to execute code on the victim machine. These bugs could also allow the attacker to perform a guest-to-host escape through Hyper-V...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

What to expect when you're electing: Information hygiene and the human levels of disinformation

October 1, 2020, 10:02 am
$
0
0
Editor's note: Related reading on Talos election security research:   https://blog.talosintelligence.com/2020/07/what-to-expect-when-youre-electing.html  https://blog.talosintelligence.com/2020/09/election-roundtable-video.html  https://blog.talosintelligence.com/2020/08/what-to-expect-electing-disinformation-building-blocks.html  By Azim Khodjibaev and Ryan Pentney.  As Cisco Talos researchers outlined in a paper earlier this summer, disinformation is one of the...

[[ This is only the beginning! Please visit the blog for the complete entry ]]
Search

Threat Source newsletter for Oct. 1, 2020

October 1, 2020, 11:00 am
$
0
0
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers.  In the past, we’ve covered what disinformation (otherwise known as “fake news”) is and who spreads it. Now, we’re diving into why it works, and why it’s so easy for people to spread. Check out our full paper here to gain a lot of insight into the psychology of social media.  On the malware front, we also have an update on LodaRAT. We've seen several new variants of this threat in the wild. Here’s what to look out for...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Beers with Talos Ep. #93: “More Secure” myths and misconceptions

October 1, 2020, 2:04 pm
$
0
0
Beers with Talos (BWT) Podcast episode No. 93 is now available. Download this episode and subscribe to Beers with Talos:Apple Podcasts Google PodcastsSpotify   StitcherIf iTunes and Google Play aren't your thing, click here. By Mitch Neff. Recorded Sept. 11, 2020 On today’s show, we take several of the larger security myths that are often heard around things like patching vulnerabilities — specifically the notion that more patches indicate less secure software. We...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Roundup for September 25 to October 2

October 2, 2020, 5:40 pm
$
0
0
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Sept. 25 and Oct. 2. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

PoetRAT: Malware targeting public and private sector in Azerbaijan evolves

October 6, 2020, 2:06 pm
$
0
0
By Warren Mercer, Paul Rascagneres and Vitor Ventura. The Azerbaijan public sector and other important organizations are still targeted by new versions of PoetRAT.This actor leverages malicious Microsoft Word documents alleged to be from the Azerbaijan government.The attacker has moved from Python to Lua script.The attacker improves their operational security (OpSec) by replacing protocol and performing reconnaissance on compromised systems. Executive summary Cisco Talos discovered PoetRAT...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

90 days, 16 bugs, and an Azure Sphere Challenge

October 6, 2020, 12:37 pm
$
0
0
Cisco Talos reports 16 vulnerabilities in Microsoft Azure Sphere's sponsored research challenge. By Claudio Bozzato, Lilith [-_-]; and Dave McDaniel.  On May 15, 2020, Microsoft kicked off the Azure Sphere Security Research Challenge, a three-month initiative aimed at finding bugs in Azure Sphere. Among the teams and individuals selected, Cisco Talos conducted a three-month sprint of research into the platform and reported 16 vulnerabilities of various severity, including a privilege...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

What to expect when you’re electing: Voter recommendations

October 7, 2020, 6:20 am
$
0
0
By Amy Henderson.  Information operations have been around for millennia, yet with the advent of the internet and the democratization of content creation, the barriers to entry have lowered to a point that anyone can play now.    In the course of our latest research on disinformation, with an eye toward election security, we have covered the what, how and why of disinformation campaigns, state and non-state actors that engage in this behavior, as well as the psychological effect on...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Vulnerability Spotlight: DoS vulnerability in ATIKMDAG.SYS AMD graphics driver

October 7, 2020, 9:07 am
$
0
0
  Piotr Bania of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.Cisco Talos recently discovered a denial-of-service vulnerability in the ATIKMDAG.SYS driver for some AMD graphics cards. An attacker could send the victim a specially crafted D3DKMTCreateAllocation API request to cause an out-of-bounds read, leading to a denial-of-service condition. This vulnerability could be triggered from a guest account. In accordance with our coordinated disclosure policy, Cisco Talos...

[[ This is only the beginning! Please visit the blog for the complete entry ]]
Search

Threat Source newsletter for Oct. 8, 2020

October 8, 2020, 11:00 am
$
0
0
 Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers.  We’ve been writing and talking about election security a ton lately. And as the U.S. presidential election draws closer, we decided it was time to summarize some things. So, we released this blog post with our formal recommendations for voters and how they can avoid disinformation and other bad actors trying to influence the election.  Our researchers are also following the development of the PoetRAT malware....

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Roundup for October 2 to October 9

October 9, 2020, 12:36 pm
$
0
0
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Oct. 2 and Oct. 9. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Vulnerability Spotlight: Denial-of-service vulnerabilities in Allen-Bradley Flex I/O

October 13, 2020, 6:12 am
$
0
0
Jared Rittle of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. The Allen-Bradley Flex input/output system contains multiple denial-of-service vulnerabilities in its ENIP request path data segment. These bugs exist specifically in the 1794-AENT FLEX I/O modular platform. It provides many I/O operations and servers as a smaller physical device compared to other similar hardware. An attacker could exploit these vulnerabilities by sending a specially crafted, malicious packet to...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Lemon Duck brings cryptocurrency miners back into the spotlight

October 13, 2020, 7:59 am
$
0
0
By Vanja Svajcer, with contributions from Caitlin Huey. We are used to ransomware attacks and big-game hunting making headlines, but there are still methods adversaries use to monetize their efforts in less intrusive ways.Cisco Talos recently recorded increased activity of the Lemon Duck cryptocurrency-mining botnet using several techniques likely to be spotted by defenders, but are not immediately obvious to end-users.These threats demonstrate several techniques of the MITRE ATT&CK...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Vulnerability Spotlight: Information leak vulnerability in Google Chrome WebGL

October 13, 2020, 11:22 am
$
0
0
Marcin Towalski of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. The Google Chrome web browser contains a vulnerability that could be exploited by an adversary to carry out a range of malicious actions. Chrome is one of the most popular web browsers currently available to users. Cisco Talos researchers recently discovered a bug in WebGL, which is a Chrome API responsible for displaying 3-D graphics. In accordance with our coordinated disclosure policy, Cisco Talos worked with...

[[ This is only the beginning! Please visit the blog for the complete entry ]]
Viewing all 1927 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>