Quantcast
Channel: Cisco Talos Blog
Viewing all 1927 articles
Browse latest View live

Beers with Talos Ep. #97: Getting to better security outcomes (feat. Wendy Nather)

December 10, 2020, 7:59 am
$
0
0
 Beers with Talos (BWT) Podcast episode No. 97 is now available. Download this episode and subscribe to Beers with Talos:Apple Podcasts Google PodcastsSpotify   StitcherIf iTunes and Google Play aren't your thing, click here. By Mitch Neff. Recorded Nov. 24, 2020 – On this episode, Mitch and Matt are joined by Wendy Nather to discuss the newly released Cisco Security Outcomes Study. The results and findings of the research are interesting and somewhat...

[[ This is only the beginning! Please visit the blog for the complete entry ]]
Search

Threat Source newsletter (Dec. 10, 2020)

December 10, 2020, 11:00 am
$
0
0
 Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. Cyber security firm FireEye recently disclosed an incident that was reported to have resulted in the inadvertent disclosure of various internally developed offensive security tools (OSTs) that were used across FireEye red-team engagements. We know this is going to be top-of-mind for many users, so for more, check out all our coverage that covers these vulnerabilities here. We also have new Snort rules out, which you can...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Roundup for December 4 to December 11

December 11, 2020, 12:41 pm
$
0
0
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Dec. 4 and Dec. 11. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Advisory: SolarWinds supply chain attack

December 18, 2020, 1:27 pm
$
0
0
Update 12/18: We have been able to verify the name server for the DGA domain was updated as far back as late February. Compromised binaries appear to have been available on the SolarWinds website until very recently. The blog below has been amended with this informaiton. The IOC list has been modified.  Update 12/17: Additional IOCs added related to teardrop secondary payload. Update 12/16: Based on the announcement from FireEye, Microsoft, and GoDaddy avsvmcloud[.]com has been unblocked...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Vulnerability Spotlight: Two vulnerabilities in Lantronix XPort EDGE

December 16, 2020, 6:12 am
$
0
0
Kelly Leuschner of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.Executive summary Cisco Talos recently discovered two vulnerabilities in the Web Manager functionality of Lantronix XPort EDGE. The XPort EDGE is a next-generation wired Ethernet gateway for providing secure Ethernet connectivity to serial devices. An adversary could send the victim various requests to trigger two vulnerabilities that could later allow them to shut down access to the device and disclose...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Vulnerability Spotlight: Multiple vulnerabilities in NZXT computer monitoring software

December 16, 2020, 6:21 am
$
0
0
Carl Hurd of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. NZXT’s CAM computer monitoring software contains multiple vulnerabilities an attacker could use to carry out a range of malicious actions. CAM provides users information on their machines, such as fan speeds, temperature, RAM usage and network activity. The software also holds an inventory of all peripheral devices installed in the PC at a given time. A specific driver on this software contains several vulnerabilities...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Talos tools of the trade

December 17, 2020, 6:57 am
$
0
0
By Andrea Marcelli and Holger Unterbrink. If you're looking for something to keep you busy while we're all stuck inside during the holidays, Cisco Talos has a few tools for you you can play with in the coming days and weeks. We recently updated GhIDA to work with the latest version of IDA and we are releasing new features for the award-winning Dynamic Data Resolver (DDR). GhIDA GhIDA is an IDA Pro plugin that integrates the Ghidra decompiler in IDA Pro. The plugin either communicates with...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Source newsletter (Dec. 17, 2020)

December 17, 2020, 11:00 am
$
0
0
  Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers.   This will be our last Threat Source newsletter of the year. We’ll be on a few-week break for the holidays until Jan. 7.  Of course, all anyone wants to talk about this week is the SolarWinds supply chain attack. There are still many outstanding questions yet to be answered. But everything Cisco Talos knows about this incident and our coverage can be found here. And our pre-existing coverage keeps...

[[ This is only the beginning! Please visit the blog for the complete entry ]]
Search

Threat Roundup for December 11 to December 18

December 18, 2020, 3:25 pm
$
0
0
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Dec. 11 and Dec. 18. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Talos Vulnerability Discovery Year in Review — 2020

December 21, 2020, 2:31 pm
$
0
0
While major attacks like ransomware and COVID-19-themed campaigns made headlines across the globe this year, many attacks were prevented through simple practices of finding, disclosing and patching vulnerabilities. Cisco Talos' Systems Vulnerability Research Team discovered 231 vulnerabilities this year across a wide range of products. And thanks to our vendor partners, these vulnerabilities were patched and published before any attackers could exploit them. Each vulnerability Talos addresses...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

2020: The year in malware

December 21, 2020, 2:38 pm
$
0
0
By Jon Munshaw. Nothing was normal in 2020. Our ideas of working from offices, in-person meetings, hands-on learning and basically everything else was thrown into disarray early in the year. Since then, we defenders have had to adapt. But so have workers around the globe, and those IT and security professionals in charge of keeping those workers’ information secure.   Adversaries saw all these changes as an opportunity to capitalize on strained health care systems, schools scrambling...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Beers with Talos Ep. #98: Why ransomware actors are (and aren’t) targeting health care

January 4, 2021, 10:14 am
$
0
0
Beers with Talos (BWT) Podcast episode No. 97 is now available. Download this episode and subscribe to Beers with Talos:Apple Podcasts Google PodcastsSpotify   StitcherIf iTunes and Google Play aren't your thing, click here. By Mitch Neff. Recorded early November 2020. This is an episode we recorded in early November but got pushed back in the end of year shuffle to make production schedules work. We’re happy to put this one out now with somewhat belated takes on...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Vulnerability Spotlight: Multiple vulnerabilities in Genivia gSOAP

January 5, 2021, 9:23 am
$
0
0
A Cisco Talos team member discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered multiple vulnerabilities in various Genivia gSOAP toolkit plugins. These vulnerabilities could allow an attacker to carry out a variety of malicious activities, including causing a denial of service on the victim machine or gaining the ability to execute arbitrary code.  The gSOAP toolkit is a C/C++ library for developing XML-based web services. It includes several plugins to...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Vulnerability Spotlight: Multiple vulnerabilities in SoftMaker Office TextMaker

January 5, 2021, 10:35 am
$
0
0
A Cisco Talos team member discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered multiple vulnerabilities in SoftMaker's TextMaker software. A user could trigger these vulnerabilities by opening an attacker-created, malicious document. An adversary could use these documents to create a variety of malicious conditions on the victim machine. SoftMaker Software GmbH is a German software company that develops and releases office software. Their flagship product,...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

A Deep Dive into Lokibot Infection Chain

January 6, 2021, 6:19 am
$
0
0
By Irshad Muhammad, with contributions from Holger Unterbrink. News summary Lokibot is one of the most well-known information stealers on the malware landscape. In this post, we'll provide a technical breakdown of one of the latest Lokibot campaigns.Talos also has a new script to unpack the dropper's third stage.The actors behind Lokibot usually have the ability to steal multiple types of credentials and other sensitive information. This new campaign utilizes a complex, multi-stage,...

[[ This is only the beginning! Please visit the blog for the complete entry ]]
Search

Vulnerability Spotlight: Denial-of-service vulnerability in Rockwell Automation RSLinx

January 7, 2021, 7:31 am
$
0
0
  Alexander Perez-Palma of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.Cisco Talos recently discovered a denial-of-service vulnerability in the Ethernet/IP server functionality of Rockwell Automation RSLinx Classic. An attacker could exploit this vulnerability by sending the target a series of malicious packets. RSLinx Classic software is a communication server for the MicroLogix 1100 Programmable Controller. It helps plant devices communicate with other Rockwell...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Source newsletter (Dec. 3, 2020)

December 3, 2020, 11:00 am
$
0
0
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers.  While ransomware has made all the headlines this year, that doesn’t mean cryptocurrency miners are going anywhere. We recently discovered a new actor we’re calling “Xanthe” that’s mining Monero on targets’ machines. The main payload, in this case, is a variant of the XMRig Monero-mining program that is protected with a shared object developed to hide the presence of the miner's process from various tools for process...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Roundup for November 27 to December 4

December 4, 2020, 1:11 pm
$
0
0
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Nov. 27 and Dec. 4. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Microsoft Patch Tuesday (Dec. 2020) — Snort rules and notable vulnerabilities

December 8, 2020, 11:12 am
$
0
0
By Jon Munshaw, with contributions from Bill Largent.  Microsoft released its monthly security update Tuesday, disclosing 58 vulnerabilities across its suite of products, the lowest number of vulnerabilities in any Patch Tuesday since January.  There are only 10 critical vulnerabilities as part of this release, while there are two moderate-severity exploits, and the remainder are considered “important.” Users of all Microsoft and Windows products are urged to update their software as...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Vulnerability Spotlight: Code execution vulnerability in Microsoft Excel

December 8, 2020, 11:09 am
$
0
0
Marcin “Icewall” Noga of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.Cisco Talos recently discovered a code execution vulnerability in some versions of Microsoft Excel. An attacker could exploit this vulnerability by tricking the victim into opening a specially crafted XLS file, triggering a use-after-free condition and allowing them to execute remote code on the victim machine. Microsoft disclosed and patched this bug as part of their monthly security update Tuesday. For...

[[ This is only the beginning! Please visit the blog for the complete entry ]]
Viewing all 1927 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>