Quantcast
Channel: Cisco Talos Blog
Viewing all 1927 articles
Browse latest View live

Microsoft Patch Tuesday for Oct. 2020 — Snort rules and prominent vulnerabilities

October 13, 2020, 11:52 am
$
0
0
By Jon Munshaw, with contributions from Alex McDonnell and Nick Biasini. Microsoft released its monthly security update Tuesday, disclosing more than 100 vulnerabilities across its array of products.   Fourteen of the vulnerabilities are considered “critical" while the vast remainder are ranked as “important.” Users of all Microsoft and Windows products are urged to update their software as soon as possible to avoid possible exploitation of all these bugs. The security updates cover...

[[ This is only the beginning! Please visit the blog for the complete entry ]]
Search

Vulnerability Spotlight: Denial of service in AMD ATIKMDAG.SYS driver

October 13, 2020, 3:51 pm
$
0
0
   Piotr Bania of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.Cisco Talos recently discovered a denial-of-service vulnerability in the ATIKMDAG.SYS driver for some AMD graphics cards. An attacker could send the victim a specially crafted D3DKMTCreateAllocation API request to cause an out-of-bounds read, leading to a denial-of-service condition. This vulnerability could be triggered from a guest account. In accordance with our coordinated disclosure policy,...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Vulnerability Spotlight: Code execution, information disclosure vulnerabilities in F2FS toolset

October 15, 2020, 8:08 am
$
0
0
Vulnerabilities discovered by a Cisco Talos researcher. Blog by Jon Munshaw. Cisco Talos recently discovered multiple code execution and information disclosure vulnerabilities in various functions of the F2FS toolset. F2FS is a filesystem toolset commonly found in embedded devices that creates, verifies and/or fixes Flash-Friendly File System files. An attacker could provide a malicious file to the target to trigger these vulnerabilities, causing a variety of negative conditions for the...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

What to expect when you're electing: How election officials can counter disinformation

October 15, 2020, 6:31 am
$
0
0
  By Matthew Olney and the communications and public relations professionals at Cisco. Editor's Note: For more on this topic, sign up for a Cisco Duo webinar on election security on Oct. 15 at 1 p.m. ET here. In our work with our partners in the election security space, the most difficult question we’ve been asked is “What do we do about disinformation campaigns?” This isn’t something Talos usually specializes in, as it’s not a true technical security problem. However, one...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Source newsletter (Oct. 15, 2020)

October 15, 2020, 11:00 am
$
0
0
Newsletter compiled by Jon Munshaw.Good afternoon, Talos readers.  In our latest entry into our election security series, we’re turning our attention to the professionals who are responsible for securing our elections. After months of research, we’ve compiled a series of recommendations for local, state and national officials to combat disinformation and secure Americans’ faith in the election system.  Patch Tuesday was also this week, which as usual, brought with it a big Snort rule...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Beers with Talos ep. #94: Nigel is marching on, victorious and glorious

October 16, 2020, 7:44 am
$
0
0
Beers with Talos (BWT) Podcast episode No. 94 is now available. Download this episode and subscribe to Beers with Talos:Apple Podcasts Google PodcastsSpotify   StitcherIf iTunes and Google Play aren't your thing, click here. By Mitch Neff. Recorded Sept. 25, 2020 Today is Nigel’s last episode as a regular host of BWT. Join us in wishing him a happy transition to his next chapter. As we all know, Nigel won’t ever actually retire. Today’s show is us chatting with Nigel...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Roundup for October 9 to October 16

October 16, 2020, 1:26 pm
$
0
0
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Oct. 9 and Oct. 16. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Dynamic Data Resolver - Version 1.0.1 beta

October 20, 2020, 8:12 am
$
0
0
By Holger Unterbrink. Cisco Talos is releasing a new beta version of Dynamic Data Resolver (DDR) today. This release comes with a new architecture for samples using multi-threading. The process and thread tracing has been completely reimplemented. We also fixed a few bugs and memory leaks. Another new feature is that the DDR backend now comes in two flavors: a release version and a debugging version. The latter will improve code quality and bug hunting. It helps to detect memory leaks and...

[[ This is only the beginning! Please visit the blog for the complete entry ]]
Search

Vulnerability Spotlight: Code execution vulnerability in Google Chrome WebGL

October 21, 2020, 8:27 am
$
0
0
  Marcin Towalski of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. The Google Chrome web browser contains a vulnerability that could be exploited by an adversary to gain the ability to execute code on the victim machine. Chrome is one of the most popular web browsers currently available to users. Cisco Talos researchers recently discovered a bug in WebGL, which is a Chrome API responsible for displaying 3-D graphics. In accordance with our coordinated disclosure policy,...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

What to expect when you’re electing: A recap

October 21, 2020, 8:18 am
$
0
0
We’re roughly two weeks out from Election Day in America, although millions of early and mail-in votes have already been cast. In the coming days, there’s sure to be a flurry of news stories about disinformation, allegations of voter fraud, the back-and-forth between parties and talks of when the results can be trusted, and someone can call the presidential race.  While Cisco Talos can’t provide you all the answers, we can at least give you an idea of what American election officials at...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Vulnerability Spotlight: A deep dive into WAGO’s cloud connectivity and the vulnerabilities that arise

October 21, 2020, 1:17 pm
$
0
0
 Vulnerability Spotlight: A deep dive into WAGO’s cloud connectivity and the vulnerabilities that ariseReport and research by Kelly Leuschner. WAGO makes several programmable automation controllers that are used in many industries including automotive, rail, power engineering, manufacturing and building management. Cisco Talos discovered 41 vulnerabilities in their PFC200 and PFC100 controllers. In accordance with our coordinated disclosure policy, Cisco Talos worked with WAGO to ensure...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Roundup for October 16 to October 23

October 23, 2020, 3:09 pm
$
0
0
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Oct. 16 and Oct. 23. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

DoNot’s Firestarter abuses Google Firebase Cloud Messaging to spread

October 29, 2020, 5:22 am
$
0
0
By Warren Mercer, Paul Rascagneres and Vitor Ventura. The newly discovered Firestarter malware uses Google Firebase Cloud Messaging to notify its authors of the final payload location.Even if the command and control (C2) is taken down, the DoNot team can still redirect the malware to another C2 using Google infrastructure.The approach in the final payload upload denotes a highly personalized targeting policy. What's new? The DoNot APT group is making strides to experiment with new methods of...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Beers with Talos ep. #95: Election 2020 – Advice for voters and election officials

October 29, 2020, 11:03 am
$
0
0
Beers with Talos (BWT) Podcast episode No. 95 is now available. Download this episode and subscribe to Beers with Talos:Apple Podcasts Google PodcastsSpotify   StitcherIf iTunes and Google Play aren't your thing, click here. By Mitch Neff. Recorded Oct. 9, 2020 We are running a short bench today after Nigel’s retirement last ep and Joel being on vacation. We start off talking about how specific use cases don’t equate to the death of entire defensive technologies,...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Vulnerability Spotlight: Multiple vulnerabilities in Synology SRM (Synology Router Manager)

October 29, 2020, 2:45 pm
$
0
0
  Claudio Bozzato of Cisco Talos discovered these vulnerabilities. Blog by Claudio Bozzato and Jon Munshaw. Cisco Talos recently discovered multiple remote vulnerabilities in software that helps power Synology routers. The bugs exist in Synology Router Manager (SRM) — a Linux-based operating system for Synology routers — and QuickConnect, a feature inside SRM that allows users to remotely connect to their routers. An adversary could use these vulnerabilities to carry out a range of...

[[ This is only the beginning! Please visit the blog for the complete entry ]]
Search

Threat Roundup for October 23 to October 30

October 30, 2020, 2:48 pm
$
0
0
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Oct. 23 and Oct. 30. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Cisco Talos Advisory on Adversaries Targeting the Healthcare and Public Health Sector

October 30, 2020, 2:51 pm
$
0
0
BackgroundCisco Talos has become aware that an adversary is leveraging Trickbot banking trojan and Ryuk ransomware to target U.S. hospitals and healthcare providers at an increasing rate. Security journalists reported on October 28, 2020 that the adversary was preparing to encrypt systems at “potentially hundreds” of medical centers and hospitals, based on a tip from a researcher who had been monitoring communications for the threat actor. On October 28 and 29, these claims were supported by...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Vulnerability Spotlight: Multiple JavaScript vulnerabilities in Adobe Acrobat Reader

November 5, 2020, 2:01 pm
$
0
0
 Aleksandar Nikolic of Cisco Talos discovered these vulnerabilities. Blog by Joe Marshall Cisco Talos recently discovered an heap buffer overflow and a use after free vulnerability in Adobe Acrobat Reader. Adobe Acrobat Reader is one of the most popular and feature-rich PDF readers on the market. It has a large user base and is usually a default PDF reader on systems. It also integrates into web browsers as a plugin for rendering PDFs. As such, tricking a user into visiting a malicious...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Roundup for October 30 to November 6

November 6, 2020, 11:10 am
$
0
0
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Oct. 30 and Nov. 6. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Microsoft Patch Tuesday for Nov. 2020 — Snort rules and prominent vulnerabilities

November 10, 2020, 1:33 pm
$
0
0
  By Jon Munshaw, with contributions from Joe Marshall. Microsoft released its monthly security update Tuesday, disclosing just over 110 vulnerabilities across its products. This is a slight jump from last month when Microsoft disclosed one of their lowest vulnerability totals in months.   Eighteen of the vulnerabilities are considered “critical" while the vast remainder are ranked as “important,” with two also considered of “low” importance. Users of all Microsoft and Windows...

[[ This is only the beginning! Please visit the blog for the complete entry ]]
Viewing all 1927 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>