Clik here to view.
Watchbog and the Importance of Patching
By Luke DuCharme and Paul Lee.What Happened?Cisco Incident Response (CSIRS) recently responded to an incident involving the Watchbog cryptomining botnet. The attackers were able to exploit...
View ArticleClik here to view.
Threat Source newsletter (Sept. 12, 2019)
Newsletter compiled by Jon Munshaw.Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week.You’ve heard it a million times: Always...
View ArticleClik here to view.
Threat Roundup for September 6 to September 13
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Sept. 6 and Sept. 13. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead,...
View ArticleClik here to view.
Vulnerability Spotlight: Multiple vulnerabilities in Atlassian Jira
Ben Taylor of Cisco ASIG discovered these vulnerabilities.Atlassian’s Jira software contains multiple vulnerabilities that could allow an attacker to carry out a variety of actions, including the...
View ArticleClik here to view.
Vulnerability Spotlight: AMD ATI Radeon ATIDXX64.DLL shader functionality...
Piotr Bania of Cisco Talos discovered this vulnerability.Some AMD Radeon cards contain a remote code execution vulnerability in their ATIDXX64.DLL driver. AMD produces the Radeon line of hardware,...
View ArticleClik here to view.
New Cisco Talos web reputation verdicts
Cisco Talos has updated and expanded the Talos Threat Levels used to describe our web reputation verdicts. As you will see in the chart below, we are increasing the amount of reputation verdicts from...
View ArticleClik here to view.
Vulnerability Spotlight: Multiple vulnerabilities in Aspose PDF API
Marcin Noga of Cisco Talos discovered these vulnerabilities.Cisco Talos recently discovered multiple remote code execution vulnerabilities in the Aspose.PDF API. Aspose provides a series of APIs for...
View ArticleClik here to view.
Cryptocurrency miners aren’t dead yet: Documenting the voracious but simple...
By Christopher Evans and David Liebenberg.Executive summaryA new threat actor named "Panda" has generated thousands of dollars worth of the Monero cryptocurrency through the use of remote access tools...
View ArticleClik here to view.
Emotet is back after a summer break
This blog post was written by Colin Grady, William Largent, and Jaeson Schultz.Emotet is still evolving, five years after its debut as a banking trojan. It is one of the world's most dangerous botnets...
View ArticleClik here to view.
Threat Source newsletter (Sept. 19, 2019)
Newsletter compiled by Jon Munshaw.Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week.We’re all still trying to shake off the...
View ArticleClik here to view.
Threat Roundup for September 13 to September 20
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Sept. 13 and Sept. 20. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead,...
View ArticleClik here to view.
How Tortoiseshell created a fake veteran hiring website to host malware
By Warren Mercer and Paul Rascagneres with contributions from Jungsoo An.IntroductionCisco Talos recently discovered a threat actor attempting to take advantage of Americans who may be seeking a job,...
View ArticleClik here to view.
An in-depth look at cyber insurance: We sat down with risk expert, Cisco's...
Y2K is known for being one of the most widespread times of panic in IT. It was generally thought that on Dec. 31, 1999, computers across the globe would shut down when they would fail to properly...
View ArticleClik here to view.
Beers with Talos Ep. #62: Fifty shades of shady
Beers with Talos (BWT) Podcast episode No. 62 is now available. Download this episode and subscribe to Beers with Talos:If iTunes and Google Play aren't your thing, click here.Recorded Sept. 13, 2019...
View ArticleClik here to view.
Threat Source newsletter (Sept. 26)
Newsletter compiled by Jon Munshaw.Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week.An attacker known as “Tortoiseshell” is...
View ArticleClik here to view.
Divergent: "Fileless" NodeJS Malware Burrows Deep Within the Host
Update (09/27/2019): Additional information regarding the malware interaction with various online advertisements has been included to highlight the click-fraud related network communications associated...
View ArticleClik here to view.
Threat Roundup for September 20 to September 27
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Sept. 20 and Sept. 27. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead,...
View ArticleClik here to view.
Vulnerability Spotlight: Foxit PDF Reader JavaScript Array.includes remote...
Aleksandar Nikolic of Cisco Talos discovered this vulnerability.Foxit PDF Reader contains a remote code execution vulnerability in its JavaScript engine. Foxit aims to be one of the most feature-rich...
View ArticleClik here to view.
Open Document format creates twist in maldoc landscape
By Warren Mercer and Paul Rascagneres.IntroductionCisco Talos recently observed attackers changing the file formats they use in an attempt to thwart common antivirus engines. This can happen across...
View ArticleClik here to view.
Threat Roundup for September 27 to October 4
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Sept. 27 and Oct. 4. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead,...
View Article