Hafnium Update: Continued Microsoft Exchange Server Exploitation

March 9, 2021, 5:41 pm

≫ Next: Vulnerability Spotlight: Use-after-free vulnerability in 3MF Consortium lib3mf

≪ Previous: Microsoft Patch Tuesday for March 2021 — Snort rules and prominent vulnerabilities

$

0

0

It's been a week since Microsoft first disclosed several zero-day vulnerabilities in Exchange Server — and the scope has only grown since then. In its disclosure, Microsoft stated that a new threat actor known as Hafnium was exploiting these vulnerabilities to steal emails. Since Microsoft's initial disclosure, Cisco Talos has seen shifts in the tactics, techniques, and procedures (TTPs) associated with this activity. The majority of the activity continues to follow the guidance that was...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

---

Vulnerability Spotlight: Use-after-free vulnerability in 3MF Consortium lib3mf

March 10, 2021, 7:14 am

≫ Next: Threat Source newsletter (March 11, 2021) — Featuring new SolarWinds roundtable

≪ Previous: Hafnium Update: Continued Microsoft Exchange Server Exploitation

$

0

0

Lilith >_> of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. 3MF Consortium’s lib3mf library is vulnerable to a use-after-free vulnerability that could allow an adversary to execute remote code on the victim machine. The lib3mf library is an open-source implementation of the 3MF file format and standard, mainly used for 3D-printing. An attacker could send a target a specially crafted file to create a use-after-free condition. The 3MF standard has been adopted in a...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Source newsletter (March 11, 2021) — Featuring new SolarWinds roundtable

March 11, 2021, 11:00 am

≫ Next: Talos Takes Ep. #44: A roundtable discussion on SolarWinds

≪ Previous: Vulnerability Spotlight: Use-after-free vulnerability in 3MF Consortium lib3mf

$

0

0

Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers.   We have a special edition of the Threat Source newsletter to bring you this week, because we’re premiering a new video for you right now!  Below, you’ll find a full roundtable we put together discussing the SolarWinds supply chain attack. We brought together Talos researchers from several parts of our organization, including incident responders, global threat intelligence researchers and our Outreach team. We...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Talos Takes Ep. #44: A roundtable discussion on SolarWinds

March 12, 2021, 7:19 am

≫ Next: Threat Roundup for March 5 to March 12

≪ Previous: Threat Source newsletter (March 11, 2021) — Featuring new SolarWinds roundtable

$

0

0

The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. Welcome to the first-ever XL edition of Talos Takes. This one is a little longer than usual, but we promise you it’s worth it. We recently brought together researchers from all corners of Talos to talk about what we know about SolarWinds so far, and what’s still to be discovered.  Our various teams have spent the past several...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Roundup for March 5 to March 12

March 12, 2021, 1:13 pm

≫ Next: Threat Source newsletter (March 18, 2021)

≪ Previous: Talos Takes Ep. #44: A roundtable discussion on SolarWinds

$

0

0

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between March 5 and March 12. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. bergh0st As a reminder, the information provided for the following threats in this post is...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Source newsletter (March 18, 2021)

March 18, 2021, 11:00 am

≫ Next: Cheating the cheater: How adversaries are using backdoored video game cheat engines and modding tools

≪ Previous: Threat Roundup for March 5 to March 12

$

0

0

 Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. Start spreading the word now, the Snort scholarship is back for 2021! This year, we’re giving away two $10,000 awards to two college students who are studying cybersecurity or another IT-related field. Applications open on April 1, but we want everyone to start getting their applications together now.   Upcoming public engagements with Talos Title: Cisco Live 2021Date: March 30 – April...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Cheating the cheater: How adversaries are using backdoored video game cheat engines and modding tools

March 31, 2021, 6:29 am

≫ Next: Vulnerability Spotlight: Out-of-bounds write vulnerabilities in Accusoft ImageGear

≪ Previous: Threat Source newsletter (March 18, 2021)

$

0

0

By Nick Lister and Holger Unterbrink, with contributions from Vanja Svajcer. News summary Cisco Talos recently discovered a new campaign targeting video game players and other PC modders.Talos detected a new cryptor used in several different malware campaigns hidden in seemingly legitimate files...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Vulnerability Spotlight: Out-of-bounds write vulnerabilities in Accusoft ImageGear

April 1, 2021, 5:36 am

≫ Next: Threat Source Newsletter (April 1, 2021)

≪ Previous: Cheating the cheater: How adversaries are using backdoored video game cheat engines and modding tools

$

0

0

Emmanuel Tacheau of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered multiple out-of-bounds write vulnerabilities in Accusoft ImageGear that an adversary could exploit to corrupt memory on the targeted machine. The ImageGear library is a...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

---

Threat Source Newsletter (April 1, 2021)

April 1, 2021, 11:00 am

≫ Next: Talos Takes Ep. #47: Looking back at the Masslogger trojan

≪ Previous: Vulnerability Spotlight: Out-of-bounds write vulnerabilities in Accusoft ImageGear

$

0

0

Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers.   We hope you’re enjoying Cisco Live this week and only reading this after you’ve caught up on your sessions for the day.  No April Fool’s jokes here (thankfully) — we are just excited to tell you that applications...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Talos Takes Ep. #47: Looking back at the Masslogger trojan

April 2, 2021, 7:00 am

≫ Next: Threat Roundup for March 26 to April 2

≪ Previous: Threat Source Newsletter (April 1, 2021)

$

0

0

By Jon Munshaw. The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. We return to our usual formatting this week to discuss the Masslogger trojan. We covered this threat earlier this year...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Roundup for March 26 to April 2

April 2, 2021, 2:05 pm

≫ Next: Sowing Discord: Reaping the benefits of collaboration app abuse

≪ Previous: Talos Takes Ep. #47: Looking back at the Masslogger trojan

$

0

0

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between March 26 and April 2. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Sowing Discord: Reaping the benefits of collaboration app abuse

April 7, 2021, 5:06 am

≫ Next: Beers with Talos Ep. #102: Twitter has questions for us

≪ Previous: Threat Roundup for March 26 to April 2

$

0

0

By Nick Biasini, Edmund Brumaghin, and Chris Neal with contributions from Paul Eubanks. As telework has become the norm throughout the COVID-19 pandemic, attackers are modifying their tactics to take advantage of the changes to employee workflows.Attackers are leveraging collaboration platforms,...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Beers with Talos Ep. #102: Twitter has questions for us

April 7, 2021, 2:53 pm

≫ Next: Threat Source Newsletter (April 8, 2021)

≪ Previous: Sowing Discord: Reaping the benefits of collaboration app abuse

$

0

0

Beers with Talos (BWT) Podcast episode No. 102 is now available. Download this episode and subscribe to Beers with Talos:Apple Podcasts Google PodcastsSpotify  StitcherIf iTunes and Google Play aren't your thing, click here. By Mitch Neff. Recorded Feb. 23, 2021 We’ve been...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Source Newsletter (April 8, 2021)

April 8, 2021, 11:00 am

≫ Next: Talos Takes Ep. #48: The complete history of ObliqueRAT

≪ Previous: Beers with Talos Ep. #102: Twitter has questions for us

$

0

0

Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers.   We've all heard about spam coming through your email or those robocalls we all hate. But during the COVID-19 pandemic, attackers are now turning to chat rooms and gaming servers to spread spam. Talos researchers this...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Talos Takes Ep. #48: The complete history of ObliqueRAT

April 9, 2021, 8:03 am

≫ Next: Threat Roundup for April 2 to April 9

≪ Previous: Threat Source Newsletter (April 8, 2021)

$

0

0

By Jon Munshaw. The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. After researching and writing about ObliqueRAT for several months now, Asheer Malhotra joins Talos Takes for...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

---

Threat Roundup for April 2 to April 9

April 9, 2021, 11:40 am

≫ Next: Recording: Analyzing Android Malware — From triage to reverse-engineering

≪ Previous: Talos Takes Ep. #48: The complete history of ObliqueRAT

$

0

0

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between April 2 and April 9. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Recording: Analyzing Android Malware — From triage to reverse-engineering

April 12, 2021, 6:32 am

≫ Next: Vulnerability Spotlight: Multiple vulnerabilities in OpenClinic’s GA web portal

≪ Previous: Threat Roundup for April 2 to April 9

$

0

0

It's easy to get wrapped up worry about large-scale ransomware attacks on the threat landscape. These are the types of attacks that make headlines and strike fear into the hearts of CISOs everywhere. But if you want to defend the truly prolific and widespread threats that target some of the devices...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Vulnerability Spotlight: Multiple vulnerabilities in OpenClinic’s GA web portal

April 13, 2021, 7:40 am

≫ Next: Microsoft Patch Tuesday for April 2021 — Snort rules and prominent vulnerabilities

≪ Previous: Recording: Analyzing Android Malware — From triage to reverse-engineering

$

0

0

Yuri Kramarz of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered multiple vulnerabilities in OpenClinic’s GA web portal. OpenClinic GA is an open-source, fully integrated hospital management solution. The web portal allows users to manage...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Microsoft Patch Tuesday for April 2021 — Snort rules and prominent vulnerabilities

April 13, 2021, 10:37 am

≫ Next: Vulnerability Spotlight: Multiple remote code execution vulnerabilities in Microsoft Azure Sphere

≪ Previous: Vulnerability Spotlight: Multiple vulnerabilities in OpenClinic’s GA web portal

$

0

0

By Jon Munshaw, with contributions from Vanja Svajcer.  Microsoft released its monthly security update Tuesday, disclosing 108 vulnerabilities across its suite of products, the most in any month so far this year. Four new remote code execution vulnerabilities in Microsoft Exchange Server are...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Vulnerability Spotlight: Multiple remote code execution vulnerabilities in Microsoft Azure Sphere

April 14, 2021, 6:59 am

≫ Next: Threat Advisory: NSA SVR Advisory Coverage

≪ Previous: Microsoft Patch Tuesday for April 2021 — Snort rules and prominent vulnerabilities

$

0

0

Claudio Bozzato and Lilith >_> of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos researchers recently discovered multiple vulnerabilities in Microsoft’s Azure Sphere, a cloud-connected and custom SoC platform designed specifically with IoT application security...

[[ This is only the beginning! Please visit the blog for the complete entry ]]