Quantcast
Channel: Cisco Talos Blog
Viewing all 1927 articles
Browse latest View live

Vulnerability Spotlight: Remote code execution vulnerabilities in Schneider Electric EcoStruxure

December 9, 2020, 6:16 am
$
0
0
Alexander Perez-Palma and Jared Rittle of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.Cisco Talos recently discovered two code execution vulnerabilities in Schneider Electric EcoStruxure. An attacker could exploit these vulnerabilities by sending the victim a specially crafted network request or project archive. coStruxure Control Expert (formerly UnityPro) is Schneider Electric's flagship software for program development, maintenance, and monitoring of industrial...

[[ This is only the beginning! Please visit the blog for the complete entry ]]
Search

Quarterly Report: Incident Response trends from Fall 2020

December 9, 2020, 6:32 am
$
0
0
By David Liebenberg and Caitlin Huey.  For the sixth quarter in a row, Cisco Talos Incident Response (CTIR) observed ransomware dominating the threat landscape. However, for the first quarter since we began compiling these reports, no engagements that were closed out involved the ransomware Ryuk (though there were engagements that were kicked off this quarter involving Ryuk, but have yet to close). The top ransomware families observed were Maze and Sodinokibi, though barely more than any...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Vulnerability Spotlight: Multiple vulnerabilities in Foxit PDF Reader JavaScript engine

December 9, 2020, 8:31 am
$
0
0
Aleksandar Nikolic of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.Executive summary Cisco Talos recently discovered multiple vulnerabilities in Foxit PDF Reader’s JavaScript engine. Foxit PDF Reader is a commonly used PDF reader that contains many features, including the support of JavaScript, which allows it to support interactive documents and dynamic forms. An adversary could take advantage of this JavaScript functionality, sending the victim a specially crafted file to...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Beers with Talos Ep. #97: Getting to better security outcomes (feat. Wendy Nather)

December 10, 2020, 7:59 am
$
0
0
 Beers with Talos (BWT) Podcast episode No. 97 is now available. Download this episode and subscribe to Beers with Talos:Apple Podcasts Google PodcastsSpotify   StitcherIf iTunes and Google Play aren't your thing, click here. By Mitch Neff. Recorded Nov. 24, 2020 – On this episode, Mitch and Matt are joined by Wendy Nather to discuss the newly released Cisco Security Outcomes Study. The results and findings of the research are interesting and somewhat...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Source newsletter (Dec. 10, 2020)

December 10, 2020, 11:00 am
$
0
0
 Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. Cyber security firm FireEye recently disclosed an incident that was reported to have resulted in the inadvertent disclosure of various internally developed offensive security tools (OSTs) that were used across FireEye red-team engagements. We know this is going to be top-of-mind for many users, so for more, check out all our coverage that covers these vulnerabilities here. We also have new Snort rules out, which you can...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Roundup for December 4 to December 11

December 11, 2020, 12:41 pm
$
0
0
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Dec. 4 and Dec. 11. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

FireEye Breach Detection Guidance

December 14, 2020, 6:18 am
$
0
0
Update 12/14: Cisco Talos has implemented additional blocks in relation to the supply chain attack on SolarWinds® Orion® Platform. The U.S. Cybersecurity and Infrastructure Security Agency has issued Emergency Directive 21-01 due to this campaign. Talos is continuing to investigate this matter. If necessary, we will release additional coverage. Please follow the Talos blog or Talos on Twitter for the latest updates. Additional details are available here, here and here. Cyber security firm...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Advisory: SolarWinds supply chain attack

December 22, 2020, 2:35 pm
$
0
0
Update 12/21: IOC section updated to include new information and associated stage. Update 12/18: We have been able to verify the name server for the DGA domain was updated as far back as late February. Compromised binaries appear to have been available on the SolarWinds website until very recently. The blog below has been amended with this informaiton. The IOC list has been modified.  Update 12/17: Additional IOCs added related to teardrop secondary payload. Update 12/16: Based on the...

[[ This is only the beginning! Please visit the blog for the complete entry ]]
Search

Vulnerability Spotlight: Two vulnerabilities in Lantronix XPort EDGE

December 16, 2020, 6:12 am
$
0
0
Kelly Leuschner of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.Executive summary Cisco Talos recently discovered two vulnerabilities in the Web Manager functionality of Lantronix XPort EDGE. The XPort EDGE is a next-generation wired Ethernet gateway for providing secure Ethernet connectivity to serial devices. An adversary could send the victim various requests to trigger two vulnerabilities that could later allow them to shut down access to the device and disclose...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Vulnerability Spotlight: Multiple vulnerabilities in NZXT computer monitoring software

December 16, 2020, 6:21 am
$
0
0
Carl Hurd of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. NZXT’s CAM computer monitoring software contains multiple vulnerabilities an attacker could use to carry out a range of malicious actions. CAM provides users information on their machines, such as fan speeds, temperature, RAM usage and network activity. The software also holds an inventory of all peripheral devices installed in the PC at a given time. A specific driver on this software contains several vulnerabilities...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Source newsletter (Jan. 7, 2021)

January 7, 2021, 12:07 pm
$
0
0
   Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers and welcome to the first Threat Source newsletter of 2021.  We hit the ground running already this year with a new Beers with Talos episode. It was recorded back in 2020, but the lessons regarding ransomware attacks and how actors choose their targets are still very much relevant.   On the written word front, we have a full, technical breakdown of a recent Lokibot strain we’ve seen in the wild. Check...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Changes to Cisco Talos’ Content and Threat Category lists

January 11, 2021, 8:08 am
$
0
0
Cisco Talos is happy to announce the upcoming changes to our Content and Threat Category lists. Our goal is to provide you with sufficient intelligence details to allow you to make informed decisions to protect your network without disrupting your organization’s productivity. These changes will give you additional details needed to make more informed decisions for your network. Beginning Jan. 21, customers using Cisco platforms that receive Talos Intelligence will see updates to our Content...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Microsoft Patch Tuesday for Jan. 2021 — Snort rules and prominent vulnerabilities

January 12, 2021, 10:49 am
$
0
0
By Jon Munshaw, with contributions from Asheer Malhotra.  Microsoft released its monthly security update Tuesday, disclosing 83 vulnerabilities across its suite of products to kick-off 2021.  There are only 10 critical vulnerabilities as part of this release, while there are two moderate-severity exploits, and the remainder is considered “important.” Users of all Microsoft and Windows products are urged to update their software as soon as possible to avoid possible exploitation of all...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Source newsletter (Jan. 14, 2021)

January 14, 2021, 11:00 am
$
0
0
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers.   Microsoft released its monthly security update this week, disclosing 83 vulnerabilities across its suite of products to kickoff 2021. Our blog post has the most important vulnerabilities you need to know about, along with our released Snort rules to keep your network protected.  TalosIntelligence.com users will also want to check out the list of our new Content and Threat Categories that will provide you with...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Roundup for January 8 to January 15

January 15, 2021, 11:46 am
$
0
0
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Jan. 8 and Jan. 15. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is...

[[ This is only the beginning! Please visit the blog for the complete entry ]]
Search

Beers with Talos Ep. #99: P@ssw0rds and closing out 2020

January 18, 2021, 11:20 am
$
0
0
  Beers with Talos (BWT) Podcast episode No. 99 is now available. Download this episode and subscribe to Beers with Talos:Apple Podcasts Google PodcastsSpotify   StitcherIf iTunes and Google Play aren't your thing, click here. By Mitch Neff. Recorded late November 2020. We recorded this episode toward the end of 2020 and since then, it's lived a quiet, but meaningful life in the production queue patiently waiting its turn to get released. In this episode, we dig...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Vulnerability Spotlight: Multiple vulnerabilities in PrusaSlicer

January 19, 2021, 12:26 pm
$
0
0
Lilith >_> of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered two out-of-bounds write vulnerabilities in Prusa Research’s PrusaSlicer. Prusa Slicer is an open-source 3-D printer slicing program forked off Slic3r that can convert various 3-D model file formats and can output corresponding 3-D printer-readable Gcode. Two functions in the software could be exploited with specially crafted OBJ and AMF files to cause an out-of-bounds write...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Source newsletter (Jan. 21, 2021)

January 21, 2021, 11:00 am
$
0
0
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers.   We know it’s hard to focus on anything happening outside of Washington, D.C. this week. But we would be remiss if we didn’t mention the exciting news that the Snort 3 GA is officially out now! This update has been literally years in the making and is a major upgrade to Snort’s performance and its level of customization. Here’s our announcement post from Tuesday, and for the official downloads and even more resources,...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Talos Takes Ep. #37: What's with all this talk about supply chain attacks?

January 22, 2021, 9:29 am
$
0
0
The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. The major SolarWinds campaign has been generating headlines for weeks now. And while its specific targets make this attack unique, this is far from the first-ever supply chain attack. So what is a supply chain attack? And should your organization be prepared for them? In this episode of Talos Takes, Nick Biasini talks about the history of...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Roundup for January 15 to January 22

January 22, 2021, 12:35 pm
$
0
0
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Jan. 15 and Jan. 22. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is...

[[ This is only the beginning! Please visit the blog for the complete entry ]]
Viewing all 1927 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>