Quantcast
Channel: Cisco Talos Blog
Viewing all 1927 articles
Browse latest View live

Vulnerability Spotlight: Denial-of-service vulnerabilities in Micrium uc-HTTP’s HTTP server

January 26, 2021, 11:57 am
$
0
0
Kelly Leuschner of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered two vulnerabilities in Micrium uc-HTTP’s HTTP server that could cause denial-of-service conditions. An attacker could trigger these vulnerabilities by targeting the user machine with specially crafted HTTP requests. The uC-HTTP server implementation is designed to be used on embedded systems running the µC/OS II or µC/OS III RTOS kernels. This HTTP server supports many features,...

[[ This is only the beginning! Please visit the blog for the complete entry ]]
Search

Nation State Campaign Targets Talos Researchers

January 26, 2021, 8:45 am
$
0
0
Google's Threat Analysis Group published a blog Monday evening warning of an ongoing campaign attempting to compromise security researchers. Google TAG's blog outlines the attacker's motivations and various TTPs used in these attacks.  We can confirm that multiple Cisco Talos researchers received messages that appear to be linked to this campaign. As you can see below our researchers did not engage to the point where the malicious files were provided. As security researchers it is...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Vulnerability Spotlight: Multiple vulnerabilities in phpGACL class

January 27, 2021, 10:27 am
$
0
0
Claudio Bozzato of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered multiple vulnerabilities in the phpGACL class. One of these vulnerabilities also affects OpenEMR, a medical practice management software written in PHP. phpGACL is a PHP library that allows developers to implement permission systems via a Generic Access Control List. An adversary could exploit these vulnerabilities by sending the target machine a specially crafted, malicious...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Source newsletter (Jan. 28, 2021)

January 28, 2021, 11:00 am
$
0
0
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers.   Unfortunately, I don’t have any stock tips to give you to help you get rich overnight. But I do have two Vulnerability Spotlights you should read so your network can stay safer. We disclosed multiple vulnerabilities in phpGACL and Micrium uc-HTTP. There are patches available for both products and Snort rules for extra coverage.  The biggest news in the security community this week is a recently disclosed that a...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Talos Takes Ep. #39: SolarWinds' implications for IoT and OT

January 29, 2021, 9:33 am
$
0
0
The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. This week, we're continuing our deep dive into the SolarWinds campaign. After Nick Biasini gave us a broad overview of supply chain attacks last week, Joe Marshall joins the show today to talk about how this attack has wide-reaching consequences in the internet-of-things and operational technology spaces. For a good primer for this...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Roundup for January 22 to January 29

January 29, 2021, 12:05 pm
$
0
0
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Jan. 22 and Jan. 29. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Interview with a LockBit ransomware operator

February 2, 2021, 7:08 am
$
0
0
By Azim Khodjibaev, Dymtro Korzhevin and Kendall McKay. Ransomware is still highly prevalent in our current threat landscape — it's one of the top threats Cisco Talos Incident Response responds to. One such ransomware family we encounter is called LockBit, a ransomware-as-a-service (RaaS) platform that's known for its automation and the speed at which it attacks its victims. At Cisco Talos, we strive to understand the malware utilized in ransomware, the infrastructure leveraged...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Vulnerability Spotlight: Allen-Bradley Flex I/O vulnerable to denial of service

February 3, 2021, 6:13 am
$
0
0
Jared Rittle of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. The Rockwell Automation Allen-Bradley Flex I/O input/output device is vulnerable to a denial-of-service vulnerability. FLEX I/O provides a wide range of input/output operations while keeping a smaller form factor. Users can communicate with the device via Ethernet/IP (ENIP) and HTTP. An attacker could send a specially crafted, malicious packet to the affected device, causing a denial of service. In accordance with...

[[ This is only the beginning! Please visit the blog for the complete entry ]]
Search

Vulnerability Spotlight: Multiple vulnerabilities in SoftMaker Office PlanMaker

February 3, 2021, 10:00 am
$
0
0
  Discovered by a Cisco Talos researcher. Blog by Jon Munshaw. SoftMaker's Office PlanMaker contains multiple vulnerabilities that could allow an adversary to cause a variety of malicious conditions in the software. SoftMaker's flagship product, SoftMaker Office, is supported on a variety of platforms and contains a handful of components that allows the user to write text documents, create spreadsheets, design presentations and more. The SoftMaker Office suite supports a variety of...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Source newsletter (Feb. 4, 2021)

February 5, 2021, 3:09 am
$
0
0
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers.   We are excited to finally share this LockBit research paper with you all after months of work. Some of our researchers spoke to a ransomware operator, which provided us insight into a threat actor’s day-to-day goals and tactics.  The paper includes information on how the attacker chooses its targets and why it’s easier for the attacker to operate in some countries than others.  Upcoming public engagements...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

A ransomware primer

February 5, 2021, 8:27 am
$
0
0
Ransomware defenseCyber security is continually a relevant topic for Cisco customers and other stakeholders. Ransomware is quickly becoming one of the hottest topics in the technology space as these malware families target high-leverage companies and organizations. We at Cisco are often contacted for guidance and recommendations for ways organizations can prepare for, detect and prevent ransomware attacks. Some of Cisco’s vendors have also been affected by ransomware and have looked to Cisco...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Talos Takes Ep. #40: Takeaways from interviewing a ransomware operator

February 5, 2021, 8:34 am
$
0
0
The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. This week, we have two guests on (a Talos Takes first!) to discuss our recent research paper on the LockBit ransomware. Two of the authors, who spoke to the actor directly, join the show to talk about their major takeaways. They talk about how the operator chooses their targets and what defenders should take away from the paper.Apple...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Roundup for January 29 to February 5

February 8, 2021, 8:39 am
$
0
0
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Jan. 29 and Feb. 5. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threatsx we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Vulnerability Spotlight: Accusoft ImageGear vulnerabilities could lead to code execution

February 9, 2021, 11:31 am
$
0
0
Marcin Towalski, Emmanuel Tacheau and another Cisco Talos team member discovered these vulnerabilities. Blog by Jon Munshaw. Accusoft ImageGear contains two remote code execution vulnerabilities. ImageGear is a document and imaging library from Accusoft that developers can use to build their applications. The library contains the entire document imaging lifecycle. These vulnerabilities are present in the Accusoft ImageGear library, which is a document-imaging developer toolkit. An adversary...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Microsoft Patch Tuesday for Feb. 2021 — Snort rules and prominent vulnerabilities

February 9, 2021, 11:17 am
$
0
0
By Jon Munshaw, with contributions from Bill Largent.  Microsoft released its monthly security update Tuesday, disclosing 56 vulnerabilities across its suite of products. This is the smallest amount of vulnerabilities Microsoft has disclosed in a month since January 2020.  There are only 11 critical vulnerabilities as part of this release, while there are three moderate-severity exploits, and the remainder are considered “important.” Users of all Microsoft and Windows products are...

[[ This is only the beginning! Please visit the blog for the complete entry ]]
Search

Kasablanka Group's LodaRAT improves espionage capabilities on Android and Windows

February 10, 2021, 8:17 am
$
0
0
By Warren Mercer, Chris Neal and Vitor Ventura. The developers of LodaRAT have added Android as a targeted platform.A new iteration of LodaRAT for Windows has been identified with improved sound recording capabilities.The operators behind LodaRAT tied to a specific campaign targeting Bangladesh, although others have been seen.Kasablanca, the group behind LodaRAT, seems to be motivated by information gathering and espionage rather than direct financial gain.Threat actors attempt to evolve over...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Beers with Talos Ep. #100: The supersized centennial episode

February 11, 2021, 7:58 am
$
0
0
Beers with Talos (BWT) Podcast episode No. 100 is now available. Download this episode and subscribe to Beers with Talos:Apple Podcasts Google PodcastsSpotify   StitcherIf iTunes and Google Play aren't your thing, click here. By Mitch Neff. Recorded Jan. 8, 2020. It’s hard to believe that we have made 100 episodes of BWT. It really feels like a lot more. This is a long-winded show, as we welcome back our buddy Nigel for this special milestone, complete with a Mighty...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Source newsletter (Feb. 11, 2021)

February 11, 2021, 11:00 am
$
0
0
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers.   We have an update on LodaRAT, a trojan we’ve been following for years. This threat has a new version targeting Android devices, looking to infect devices and steal user’s credentials and monitor things like their phone calls and messages.   Patch Tuesday was also this week, which was relatively quiet in terms of the volume of vulnerabilities. We have our full Microsoft blog post as usual, and also a Snort...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Talos Takes Ep. #41: The tl;dr of Snort 3

February 12, 2021, 7:00 am
$
0
0
The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. This week's episode is for all our SNORTⓇ lovers out there. To celebrate last month's release of the Snort 3 GA, we have Nicholas Mavis on the show again to talk about working with Snort 3 and the benefits of upgrading to it. Nick, who writes Snort rules for Cisco Talos, talks about how rules are more powerful and versatile with...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Roundup for February 5 to February 12

February 12, 2021, 11:58 am
$
0
0
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Feb. 5 and Feb. 12. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is...

[[ This is only the beginning! Please visit the blog for the complete entry ]]
Viewing all 1927 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>