Quantcast
Channel: Cisco Talos Blog
Viewing all 1927 articles
Browse latest View live

Microsoft Patch Tuesday for August 2021 — Snort rules and prominent vulnerabilities

August 10, 2021, 10:36 am
$
0
0
By Jon Munshaw, with contributions from Martin Lee.  Microsoft released its monthly security update Tuesday, disclosing 44 vulnerabilities in the company’s firmware and software. This is the fewest amount of vulnerabilities Microsoft has patched in a month in more than two years.  There...

[[ This is only the beginning! Please visit the blog for the complete entry ]]
Search

Talos Incident Response quarterly threat report — The top malware families and TTPs used in Q2 2021

August 11, 2021, 7:10 am
$
0
0
By David Liebenberg and Caitlin Huey.  Last quarter, ransomware was not the most dominant threat for the first time since we began compiling these reports. We theorized that this was due to a huge uptick in Microsoft Exchange exploitation, which temporarily became a primary focus for Cisco...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Signed MSI files, Raccoon and Amadey are used for installing ServHelper RAT

August 12, 2021, 5:01 am
$
0
0
By Vanja Svajcer. News summaryGroup TA505 has been active for at least seven years, making wide-ranging connections with other threat actors involved in ransomware, stealing credit card numbers and exfiltrating data. One of the common tools in TA505's arsenal is ServHelper. In mid-June, Cisco Talos...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Source newsletter (Aug. 12, 2021)

August 12, 2021, 11:00 am
$
0
0
  Newsletter compiled by Jon Munshaw.Good afternoon, Talos readers.   No, that's not Ratatouille. It's ServHelper, who is much more dangerous (albeit just as cute) as the cartoon chef. We have a new blog post out today detailing this RAT, run by the threat actor Group TA505, that is...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Vice Society Leverages PrintNightmare In Ransomware Attacks

August 12, 2021, 4:16 pm
$
0
0
By Edmund Brumaghin, Joe Marshall, and Arnaud Zobec. Executive Summary Another threat actor is actively exploiting the so-called PrintNightmare vulnerability (CVE-2021-1675 / CVE-2021-34527) in Windows' print spooler service to spread laterally across a victim's network as part of a recent...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Talos Takes Ep. #64: Back 2 Skool edition

August 13, 2021, 7:00 am
$
0
0
By Jon Munshaw. The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. There's no shortage of complications leading into this new school year. Students, parents, teachers and admins alike...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Roundup for August 6 to August 13

August 13, 2021, 10:12 am
$
0
0
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Aug. 6 and Aug. 13. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Vulnerability Spotlight: Multiple integer overflow vulnerabilities in GPAC Project on Advanced Content

August 16, 2021, 6:37 am
$
0
0
A Cisco Talos team member discovered these vulnerabilities. Blog by Jon Munshaw.  Cisco Talos recently discovered multiple integer overflow vulnerabilities in the GPAC Project on Advanced Content that could lead to memory corruption. The GPAC Project on Advanced Content is an open-source...

[[ This is only the beginning! Please visit the blog for the complete entry ]]
Search

Neurevt trojan takes aim at Mexican users

August 17, 2021, 5:01 am
$
0
0
By Chetan Raghuprasad, with contributions from Vanja Svajcer. News summaryCisco Talos discovered a new version of the Neurevt trojan with spyware and backdoor capabilities in June 2021 using Cisco Secure Endpoint product telemetry.This version of Neurevt appears to target users of Mexican financial...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Vulnerability Spotlight: Memory corruption vulnerability in Daemon Tools Pro

August 17, 2021, 10:02 am
$
0
0
Piotr Bania of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.  Cisco Talos recently discovered a memory corruption vulnerability in Disc Soft Ltd.'s Daemon Tools Pro.  Daemon Tools Pro is a professional emulation software that works with disc images and virtual...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Malicious Campaign Targets Latin America: The seller, The operator and a curious link

August 19, 2021, 4:58 am
$
0
0
By Asheer Malhotra and Vitor Ventura, with contributions from Vanja Svajcer. Cisco Talos has observed a new malware campaign delivering commodity RATs, including njRAT and AsyncRAT.The campaign targets travel and hospitality organizations in Latin America.Techniques utilized in this campaign bear...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Source newsletter (Aug. 19, 2021)

August 19, 2021, 11:00 am
$
0
0
Newsletter compiled by Jon Munshaw.Good afternoon, Talos readers.   I'm writing this on Tuesday morning on account of vacation (again), so apologies if we miss any major stories.  You certainly don't want to miss our latest blog post on the Neurevt remote access trojan that's...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Roundup for August 13 to August 20

August 20, 2021, 11:23 am
$
0
0
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Aug. 13 and Aug. 20. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Source newsletter (Aug. 26, 2021)

August 26, 2021, 11:00 am
$
0
0
Newsletter compiled by Jon Munshaw.Good afternoon, Talos readers.   We have RATs on RATs on RATs over the past few weeks. And last week, we found a few more heading to Latin America to target users and try to steal their login credentials. The threat actor in this case has some compelling...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Talos Takes Ep: #65: How several RAT campaigns in Latin America are connected

August 27, 2021, 4:33 am
$
0
0
By Jon Munshaw. The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. As more people around the world start to get vaccinated against COVID-19, travel is becoming easier, especially during...

[[ This is only the beginning! Please visit the blog for the complete entry ]]
Search

Threat Roundup for August 20 to August 27

August 27, 2021, 11:44 am
$
0
0
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Aug. 20 and Aug. 27. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Attracting flies with Honey(gain): Adversarial abuse of proxyware

August 31, 2021, 5:00 am
$
0
0
By Edmund Brumaghin and Vitor Ventura. With internet-sharing applications, or "proxyware," users download software that allows them to share a percentage of their bandwidth with other internet users for a fee, with the companies that created this software acting as a go-between.As proxyware has...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Translated: Talos' insights from the recently leaked Conti ransomware playbook

September 2, 2021, 5:29 am
$
0
0
By Caitlin Huey, David Liebenberg, Azim Khodjibaev, and Dmytro Korzhevin. Executive summary Cisco Talos recently became aware of a leaked playbook that has been attributed to the ransomware-as-a-service (RaaS) group Conti. Talos has a team of dedicated, native-level speakers that translated these...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Source newsletter (Sept. 2, 2021)

September 2, 2021, 11:00 am
$
0
0
Newsletter compiled by Jon Munshaw.Good afternoon, Talos readers.   If you haven't seen already, our blog has a lot of cool and new stuff this week. We first dove into the world of proxyware on Tuesday (aka internet-sharing applications). Attackers are hiding in this newly popular...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Beers with Talos, Ep. #109: We have not secured our society — Or, working out a conference talk in realtime

September 2, 2021, 1:33 pm
$
0
0
Beers with Talos (BWT) Podcast episode No. 109 is now available. Download this episode and subscribe to Beers with Talos:Apple Podcasts Google PodcastsSpotify  StitcherIf iTunes and Google Play aren't your thing, click here. Most of the Beers with Talos guys got a chance to take...

[[ This is only the beginning! Please visit the blog for the complete entry ]]
Viewing all 1927 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>