Clik here to view.
New Snort, ClamAV coverage strikes back against Cobalt Strike
By Nick Mavis. Editing by Joe Marshall and Jon Munshaw. Cisco Talos is releasing a new research paper called “The Art and Science of Detecting Cobalt Strike.” We recently released a more granular set...
View ArticleClik here to view.
The Internet did my homework
By Jaeson Schultz and Matt Valites. As students return to school for in-person and virtual learning, Cisco Talos discovered an increase in DNS requests coming into Umbrella resolving domains we...
View ArticleClik here to view.
Threat Source newsletter for Sept. 24, 2020
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. After months (years?) in beta, an official release candidate is out now for Snort 3. Stay tuned for an officially official...
View ArticleClik here to view.
Threat Roundup for September 18 to September 25
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Sept. 18 and Sept. 25. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead,...
View ArticleClik here to view.
Microsoft Netlogon exploitation continues to rise
Cisco Talos is tracking a spike in exploitation attempts against the Microsoft vulnerability CVE-2020-1472, an elevation of privilege bug in Netlogon, outlined in the August Microsoft Patch Tuesday...
View ArticleClik here to view.
LodaRAT Update: Alive and Well
By Chris Neal. During our continuous monitoring of LodaRAT, Cisco Talos observed changes in the threat that add new functionality. Multiple new versions of LodaRAT have been spotted being used in the...
View ArticleClik here to view.
Vulnerability Spotlight: Remote code execution bugs in NVIDIA D3D10 driver
Piotr Bania of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered multiple remote code execution vulnerabilities in the NVIDIA D3D10 driver. This driver...
View ArticleClik here to view.
What to expect when you're electing: Information hygiene and the human levels...
Editor's note: Related reading on Talos election security research: https://blog.talosintelligence.com/2020/07/what-to-expect-when-youre-electing.html...
View ArticleClik here to view.
Threat Source newsletter for Oct. 1, 2020
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. In the past, we’ve covered what disinformation (otherwise known as “fake news”) is and who spreads it. Now, we’re diving into why it...
View ArticleClik here to view.
Beers with Talos Ep. #93: “More Secure” myths and misconceptions
Beers with Talos (BWT) Podcast episode No. 93 is now available. Download this episode and subscribe to Beers with Talos:Apple Podcasts Google PodcastsSpotify StitcherIf iTunes and Google Play aren't...
View ArticleClik here to view.
Threat Roundup for September 25 to October 2
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Sept. 25 and Oct. 2. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead,...
View ArticleClik here to view.
PoetRAT: Malware targeting public and private sector in Azerbaijan evolves
By Warren Mercer, Paul Rascagneres and Vitor Ventura. The Azerbaijan public sector and other important organizations are still targeted by new versions of PoetRAT.This actor leverages malicious...
View ArticleClik here to view.
90 days, 16 bugs, and an Azure Sphere Challenge
Cisco Talos reports 16 vulnerabilities in Microsoft Azure Sphere's sponsored research challenge. By Claudio Bozzato, Lilith [-_-]; and Dave McDaniel. On May 15, 2020, Microsoft kicked off the Azure...
View ArticleClik here to view.
What to expect when you’re electing: Voter recommendations
By Amy Henderson. Information operations have been around for millennia, yet with the advent of the internet and the democratization of content creation, the barriers to entry have lowered to a point...
View ArticleClik here to view.
Vulnerability Spotlight: DoS vulnerability in ATIKMDAG.SYS AMD graphics driver
Piotr Bania of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.Cisco Talos recently discovered a denial-of-service vulnerability in the ATIKMDAG.SYS driver for some AMD graphics cards....
View ArticleClik here to view.
Threat Source newsletter for Oct. 8, 2020
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. We’ve been writing and talking about election security a ton lately. And as the U.S. presidential election draws closer, we decided...
View ArticleClik here to view.
Threat Roundup for October 2 to October 9
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Oct. 2 and Oct. 9. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this...
View ArticleClik here to view.
Vulnerability Spotlight: Denial-of-service vulnerabilities in Allen-Bradley...
Jared Rittle of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. The Allen-Bradley Flex input/output system contains multiple denial-of-service vulnerabilities in its ENIP request...
View ArticleClik here to view.
Lemon Duck brings cryptocurrency miners back into the spotlight
By Vanja Svajcer, with contributions from Caitlin Huey. We are used to ransomware attacks and big-game hunting making headlines, but there are still methods adversaries use to monetize their efforts in...
View ArticleClik here to view.
Vulnerability Spotlight: Information leak vulnerability in Google Chrome WebGL
Marcin Towalski of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. The Google Chrome web browser contains a vulnerability that could be exploited by an adversary to carry out a range of...
View Article