Threat Roundup for May 21 to May 28

May 28, 2021, 9:32 am

≫ Next: Vulnerability Spotlight: Multiple vulnerabilities in Accusoft ImageGear

≪ Previous: Talos Takes Ep. #55: How Transparent Tribe could evolve in the future

$

0

0

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between May 21 and May 28. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

---

Vulnerability Spotlight: Multiple vulnerabilities in Accusoft ImageGear

June 1, 2021, 10:26 am

≫ Next: Vulnerability Spotlight: A deep dive into macOS SMB server

≪ Previous: Threat Roundup for May 21 to May 28

$

0

0

Emmanuel Tacheau of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.  Cisco Talos recently discovered multiple vulnerabilities in Accusoft ImageGear. The ImageGear library is a document-imaging developer toolkit that allows users to create, edit, annotate and convert various...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Vulnerability Spotlight: A deep dive into macOS SMB server

June 2, 2021, 7:04 am

≫ Next: Vulnerability Spotlight: Use-after-free vulnerability in WebKit

≪ Previous: Vulnerability Spotlight: Multiple vulnerabilities in Accusoft ImageGear

$

0

0

By Aleksandar Nikolich.Executive summary Cisco Talos recently discovered multiple vulnerabilities in macOS’s implementation of SMB server. An adversary could exploit these vulnerabilities to carry out a variety of malicious actions, including revealing sensitive information on the server, bypassing...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Vulnerability Spotlight: Use-after-free vulnerability in WebKit

June 2, 2021, 2:19 pm

≫ Next: Necro Python bot adds new exploits and Tezos mining to its bag of tricks

≪ Previous: Vulnerability Spotlight: A deep dive into macOS SMB server

$

0

0

Marcin Towalski of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. The WebKit browser engine contains a use-after-free vulnerability in its GraphicsContext function. A malicious web page code could trigger a use-after-free error, which could lead to can lead to a potential...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Necro Python bot adds new exploits and Tezos mining to its bag of tricks

June 3, 2021, 7:07 am

≫ Next: Threat Source newsletter (June 3, 2021)

≪ Previous: Vulnerability Spotlight: Use-after-free vulnerability in WebKit

$

0

0

By Vanja Svajcer, with contributions from Caitlin Huey and Kendall McKay. News summarySome malware families stay static in terms of their functionality. But a newly discovered malware campaign utilizing the Necro Python bot shows this actor is adding new functionality and improving its chances of...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Source newsletter (June 3, 2021)

June 3, 2021, 11:00 am

≫ Next: Threat Roundup for May 28 to June 4

≪ Previous: Necro Python bot adds new exploits and Tezos mining to its bag of tricks

$

0

0

Newsletter compiled by Jon Munshaw.Good afternoon, Talos readers.   If you didn't catch us live yesterday, we've uploaded the full version of our stream on Discord and Slack malware to our YouTube page. Chris Neal from Talos Outreach walked through his recent research into these campaigns...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Roundup for May 28 to June 4

June 4, 2021, 11:11 am

≫ Next: Intelligence-driven disruption of ransomware campaigns

≪ Previous: Threat Source newsletter (June 3, 2021)

$

0

0

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between May 28 and June 4. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Intelligence-driven disruption of ransomware campaigns

June 7, 2021, 5:02 am

≫ Next: Microsoft Patch Tuesday for June 2021 — Snort rules and prominent vulnerabilities

≪ Previous: Threat Roundup for May 28 to June 4

$

0

0

By Neil Jenkins and Matthew Olney. Note: Our guest co-author, Neil Jenkins, is the Chief Analytic Officer at the Cyber Threat Alliance. He leads the CTA's analytic efforts, focusing on the development of threat profiles, adversary playbooks and other analysis using the threat intelligence in the...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

---

Microsoft Patch Tuesday for June 2021 — Snort rules and prominent vulnerabilities

June 8, 2021, 10:43 am

≫ Next: Vulnerability Spotlight: Code execution vulnerability in Google Web Audio API

≪ Previous: Intelligence-driven disruption of ransomware campaigns

$

0

0

By Jon Munshaw, with contributions from Edmund Brumaghin.  Microsoft released its monthly security update Tuesday, disclosing 51 vulnerabilities across its suite of products, breaking last month’s 16-month record of the fewest vulnerabilities disclosed in a month by the company.  There...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Vulnerability Spotlight: Code execution vulnerability in Google Web Audio API

June 8, 2021, 1:19 pm

≫ Next: Quarterly Report: Incident Response trends from Spring 2021

≪ Previous: Microsoft Patch Tuesday for June 2021 — Snort rules and prominent vulnerabilities

$

0

0

Piotr Bania of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered two use-after-free vulnerabilities in Google’s Web Audio API that an adversary could exploit to execute remote code on the victim machine. Web Audio API is a high-level JavaScript API...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Quarterly Report: Incident Response trends from Spring 2021

June 10, 2021, 5:00 am

≫ Next: Threat Source newsletter (June 10, 2021)

≪ Previous: Vulnerability Spotlight: Code execution vulnerability in Google Web Audio API

$

0

0

By David Liebenberg and Caitlin Huey.  While the security community made a great effort to warn users of the exploitation of several Microsoft Exchange Server zero-day vulnerabilities, it was still the biggest threat Cisco Talos Incident Response (CTIR) saw this past quarter. These...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Source newsletter (June 10, 2021)

June 10, 2021, 11:00 am

≫ Next: Talos Takes Ep. #56: The first security steps you should take when you return to the office

≪ Previous: Quarterly Report: Incident Response trends from Spring 2021

$

0

0

Newsletter compiled by Jon Munshaw.Good afternoon, Talos readers.   We seriously can't escape from ransomware. It's in the headlines constantly and has now drawn the full attention of the federal government. But we at Talos recognize that is going to take far more than just words to...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Talos Takes Ep. #56: The first security steps you should take when you return to the office

June 11, 2021, 6:16 am

≫ Next: Threat Roundup for June 4 to June 11

≪ Previous: Threat Source newsletter (June 10, 2021)

$

0

0

By Jon Munshaw. The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. We started out the COVID-19 pandemic by thinking we'd be away from the office for a month — maybe two. More than 12...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Roundup for June 4 to June 11

June 11, 2021, 11:12 am

≫ Next: What’s past is prologue – A new world of critical infrastructure security

≪ Previous: Talos Takes Ep. #56: The first security steps you should take when you return to the office

$

0

0

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between June 4 and June 11. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

What’s past is prologue – A new world of critical infrastructure security

June 15, 2021, 10:06 am

≫ Next: Vulnerability Spotlight: EIP Stack Group OpENer information disclosure vulnerability

≪ Previous: Threat Roundup for June 4 to June 11

$

0

0

By Caitlin Huey, Joe Marshall and Thomas Pope. Attackers have targeted American critical infrastructure several times over the past few years, putting at risk U.S. electrical grids, oil pipelines and water supply systems. However, we collectively have not responded in a meaningful way to these...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

---

Vulnerability Spotlight: EIP Stack Group OpENer information disclosure vulnerability

June 16, 2021, 12:51 pm

≫ Next: Threat Source newsletter (June 17, 2021)

≪ Previous: What’s past is prologue – A new world of critical infrastructure security

$

0

0

Martin Zeiser of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.  Cisco Talos recently discovered an exploitable information disclosure vulnerability in EIP Stack Group OpENer’s Ethernet/IP UDP handler.   OpENer is an Ethernet/IP stack for I/O adapter devices that...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Source newsletter (June 17, 2021)

June 17, 2021, 11:00 am

≫ Next: Threat Roundup for June 11 to June 17

≪ Previous: Vulnerability Spotlight: EIP Stack Group OpENer information disclosure vulnerability

$

0

0

Newsletter compiled by Jon Munshaw.Good afternoon, Talos readers.   Although the Colonial Pipeline attack is largely behind us now, its potential repercussions are not. This was just the latest in a string of attacks against American critical infrastructure over the past few years, and we...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Roundup for June 11 to June 17

June 17, 2021, 2:45 pm

≫ Next: Talos Takes Ep. #57: A ransomware-as-a-service explainer

≪ Previous: Threat Source newsletter (June 17, 2021)

$

0

0

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between June 11 and June 17. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Talos Takes Ep. #57: A ransomware-as-a-service explainer

June 18, 2021, 6:00 am

≫ Next: Attackers in Executive Clothing - BEC continues to separate orgs from their money

≪ Previous: Threat Roundup for June 11 to June 17

$

0

0

By Jon Munshaw. The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. How much is ransomware-as-a-service like a McDonald’s franchise? More similar than you’d think! The RaaS model has...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Attackers in Executive Clothing - BEC continues to separate orgs from their money

June 22, 2021, 4:56 am

≫ Next: Threat Source newsletter (June 24, 2021)

≪ Previous: Talos Takes Ep. #57: A ransomware-as-a-service explainer

$

0

0

By Nick Biasini. In today's world of threat research, the focus tends to be on the overtly malicious practice of distributing and installing malware on end systems. But this is far from the complete picture of what threats organizations face. One of the most, if not the most, costly is something...

[[ This is only the beginning! Please visit the blog for the complete entry ]]