Quantcast
Channel: Cisco Talos Blog
Viewing all 1927 articles
Browse latest View live

Vulnerability Spotlight: Two vulnerabilities in Advantech WebAccess/SCADA

February 18, 2021, 7:50 am
$
0
0
Yuri Kramarz of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered two vulnerabilities in the Advantech WebAccess/SCADA software package. An adversary could exploit each of these vulnerabilities to disclose sensitive information and elevate their privileges on the targeted system, respectively. This software package, based in HTML-5, allows users to perform data visualization and supervisory controls over internet-of-things and operational technology...

[[ This is only the beginning! Please visit the blog for the complete entry ]]
Search

Masslogger campaigns exfiltrates user credentials

February 18, 2021, 7:17 am
$
0
0
By Vanja Svajcer. News summary As protection techniques develop, attackers are finding it harder to successfully attack their targets and must find creative ways to succeed. Cisco Talos recently discovered a campaign utilizing a variant of the Masslogger trojan designed to retrieve and exfiltrate user credentials from multiple sources such as Microsoft Outlook, Google Chrome and instant messengers. Apart from the initial email attachment, all the stages of the attacks are fileless and they only...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Source newsletter (Feb. 18, 2021)

February 18, 2021, 11:00 am
$
0
0
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers.  Whether you want to read Talos’ research or listen to it, we’ve got plenty of options for you this week.   Beers with Talos hit its 100th episode last week. To celebrate, we brought Nigel back out of retirement to update us on the Mighty Reds and talk about SolarWinds. What’s your favorite Beers with Talos moment of the past 100 episodes? Tag us on Twitter @TalosSecurity.   The latest Talos Takes...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Roundup for February 12 to February 19

February 19, 2021, 3:07 pm
$
0
0
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Feb. 12 and Feb. 19. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Gamaredon - When nation states don’t pay all the bills

February 23, 2021, 4:59 am
$
0
0
By Warren Mercer and Vitor Ventura. Gamaredon is a threat actor, active since at least 2013, that has long been associated with pro-Russian activities in several reports throughout the years. It is extremely aggressive and is usually not associated with high-visibility campaigns, Cisco Talos sees it is incredibly active and we believe the group is on par with some of the most prolific crimeware gangs.It has been considered an APT for a long time, however, its characteristics don't match the...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Vulnerability Spotlight: Out-of-bounds read vulnerability in Slic3r could lead to information disclosure

February 24, 2021, 10:13 am
$
0
0
Lilith >_> of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered an out-of-bounds read vulnerability in Slic3r's library. Slic3r is an open-source 3-D printing toolbox, mainly utilized for translating assorted 3-D printing model file types into machine code for a specific printer. The software uses libslic3er to perform most of the non-GUI-based processes such as reading various file formats, converting formats and outputting appropriate gcode...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Beers with Talos Ep. #101: Is security the career you really want?

February 25, 2021, 8:34 am
$
0
0
  Beers with Talos (BWT) Podcast episode No. 101 is now available. Download this episode and subscribe to Beers with Talos:Apple Podcasts Google PodcastsSpotify   StitcherIf iTunes and Google Play aren't your thing, click here. By Mitch Neff. Recorded Jan. 22, 2020 – We get a lot of questions in Talos about HOW to get a job in security. In this episode, we take a look at figuring out IF Security is the right career choice for you — and if so, where? The industry...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Source newsletter (Feb. 25, 2021)

February 25, 2021, 11:00 am
$
0
0
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers.   We all think of APTs as these wide-reaching, silent threat groups who are backed by a nation-state. But our recent research into Gamaredon shows that not all APTs are created equal.  We’ve spotted this actor carrying out several different attacks across the globe, many of which are mainly just interested in stealing information. And what they do with that information is still up for debate.  Upcoming public...

[[ This is only the beginning! Please visit the blog for the complete entry ]]
Search

Talos Takes Ep. #42: Seriously folks, save your logs

February 26, 2021, 7:57 am
$
0
0
The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. When Pierre Cadieux steps into a Cisco Talos Incident Response engagement, the first thing he wants to do is check out the customer's logs. But if there are no logs to be found, he'll be pretty limited in the kinds of insights he can provide. This has come up several times during the SolarWinds era, when customers are wanting to know...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Roundup for February 19 to February 26

February 26, 2021, 12:09 pm
$
0
0
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Feb. 19 and Feb. 26. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

ObliqueRAT returns with new campaign using hijacked websites

March 2, 2021, 5:04 am
$
0
0
By Asheer Malhotra. Cisco Talos has observed another malware campaign that utilizes malicious Microsoft Office documents (maldocs) to spread the remote access trojan (RAT) ObliqueRAT. This campaign targets organizations in South Asia.ObliqueRAT has been linked to the Transparent Tribe APT group in the past.This campaign hides the ObliqueRAT payload in seemingly benign image files hosted on compromised websites. What's new?Cisco Talos recently discovered another new campaign distributing the...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Vulnerability Spotlight: Memory corruption vulnerability in Accusoft ImageGear

March 3, 2021, 6:38 am
$
0
0
Emmanuel Tacheau discovered this vulnerability. Blog by Jon Munshaw. Accusoft ImageGear contains a vulnerability that could allow an attacker to corrupt the software's memory, potentially allowing them to execute arbitrary code on the victim machine. The ImageGear library is a document-imaging developer toolkit that offers image conversion, creation, editing, annotation and more. It supports more than 100 formats such as DICOM, PDF, Microsoft Office and others. An adversary could send a...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Vulnerability Spotlight: Password reset vulnerability in Epignosis eFront

March 3, 2021, 11:03 am
$
0
0
Richard Dean, CX security advisory, EMEAR, discovered this vulnerability. Blog by Jon Munshaw. Epignosis eFront contains a vulnerability that could allow an adversary to reset the password of any account of their choosing. eFront is a learning management system platform that allows users to create training courses, post courses and more. An attacker could exploit this vulnerability by predicting a password reset seed to generate the correct password reset for a one-time token.  In...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Vulnerability Spotlight: Remote code execution vulnerability in WebKit WebAudio API

March 3, 2021, 11:05 am
$
0
0
Marcin “Icewall” Noga of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. The WebKit browser engine contains a remote code execution vulnerability in its WebAudio API interface. A malicious web page code could trigger a use-after-free error, which could lead to arbitrary code execution. An attacker could exploit this vulnerability by tricking the user into visiting a specially crafted, malicious web page to trigger this vulnerability. In accordance with our coordinated...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Advisory: HAFNIUM and Microsoft Exchange zero-day

March 4, 2021, 8:06 am
$
0
0
Microsoft released patches for four vulnerabilities in Exchange Server on March 2, disclosing that these vulnerabilities were being exploited by a previously unknown threat actor, referred to as HAFNIUM. The vulnerabilities in question — CVE-2021-26855, CVE-2021-26857, CVE-2021-26858 and CVE-2021-27065 — affect Microsoft Exchange Server 2019, 2016, 2013 and the out-of-support Microsoft Exchange Server 2010. The patches for these vulnerabilities should be applied as soon as possible. Microsoft...

[[ This is only the beginning! Please visit the blog for the complete entry ]]
Search

Threat Source newsletter (March 4, 2021)

March 4, 2021, 11:00 am
$
0
0
Newsletter compiled by Jon Munshaw. Of course, we will start things off talking about the Microsoft Exchange Server zero-day vulnerabilities disclosed earlier this week. Microsoft said in a statement that a threat actor is exploiting these vulnerabilities in the wild to steal users’ emails, understandably causing a lot of panic in the security community.  Thankfully, patches are already available for the product, so updated asap. We also have a ton of coverage across Cisco Secure products...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Talos Takes Ep. #43: What you should know about the Microsoft Exchange Server zero-days

March 5, 2021, 6:33 am
$
0
0
The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. We put this episode together quickly this week to address the zero-day vulnerabilities Microsoft disclosed earlier this week in Exchange Server. The company says a state-sponsored APT was exploiting these vulnerabilities in the wild to steal emails.  We cover this incident in quick detail, covering what you should know, what...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Roundup for February 26 to March 5

March 5, 2021, 11:06 am
$
0
0
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Feb. 26 and March 5. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Domain dumpster diving

March 8, 2021, 9:15 am
$
0
0
By Jaeson Schultz. Dumpster diving — searching through the trash looking for items of value — has long been a staple of hacking culture. In the 1995 movie "Hackers," Acid Burn and Crash Override are seen dumpster diving for information they can use to help them "hack the Gibson." Of course, not all trash is physical garbage located in a dumpster behind an office building. Some trash is virtual. Just like real physical clues that can be found inside a dumpster, some pieces of digital garbage...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Microsoft Patch Tuesday for March 2021 — Snort rules and prominent vulnerabilities

March 9, 2021, 10:20 am
$
0
0
By Jon Munshaw, with contributions from Nick Biasini.  Microsoft released its monthly security update Tuesday, disclosing 89 vulnerabilities across its suite of products, the most in any month so far this year.  There are 14 critical vulnerabilities as part of this release and one considered of “low” severity. The remainder are all “important.” Three of the critical vulnerabilities are the ones Microsoft disclosed last week in Exchange Server that the company said state-sponsored...

[[ This is only the beginning! Please visit the blog for the complete entry ]]
Viewing all 1927 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>