What's new arround internet
Last one

Src Date (GMT) Titre Description Tags Stories Notes
2020-08-13 09:56:21 Attribution: A Puzzle (lien direct) By Martin Lee, Paul Rascagneres and Vitor Ventura. Introduction The attribution of cyber attacks is hard. It requires collecting diverse intelligence, analyzing it and deciding who is responsible. Rarely does the evidence available to researchers reach a level of proof that would be acceptable in a court of law. Nevertheless, the private sector rises to the challenge to attempt to associate cyber attacks to threat actors using the intelligence available to them. This intelligence takes the... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat
2020-08-11 10:47:59 (Déjà vu) Microsoft Patch Tuesday for Aug. 2020 - Snort rules and prominent vulnerabilities (lien direct) By Jon Munshaw.  Microsoft released its monthly security update Tuesday, disclosing 120 vulnerabilities across its array of products.  Sixteen of the vulnerabilities are considered “critical,” including one that Microsoft says is currently being exploited in the wild. Users of all Microsoft and Windows products are urged to update their software as soon as possible to avoid possible exploitation of all these bugs. The security updates cover several different products including... [[ This is only the beginning! Please visit the blog for the complete entry ]]
2020-08-10 08:01:33 Barbervisor: Journey developing a snapshot fuzzer with Intel VT-x (lien direct) By Cory Duplantis. One of the ways vulnerability researchers find bugs is with fuzzing. At a high level, fuzzing is the process of generating and mutating random inputs for a given target to crash it. In 2017, I started developing a bare metal hypervisor for the purposes of snapshot fuzzing: fuzzing small subsets of programs from a known, static starting state. This involved working on a custom kernel that could be booted on bare metal. Having not done any operating system development before,... [[ This is only the beginning! Please visit the blog for the complete entry ]] Vulnerability
2020-08-07 15:24:37 (Déjà vu) Threat Roundup for July 31 to August 7 (lien direct) Today, Talos is publishing a glimpse into the most prevalent threats we've observed between July 31 and Aug. 7. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat
2020-08-06 11:00:01 Threat Source newsletter for Aug. 6, 2020 (lien direct) Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers.  We spend a lot of time talking about what you should do to keep your data safe, and how other organizations should be prepared for the worst. But what happens if the worst happens to you?  In the latest Beers with Talos episode, we walk you through what to do if you're the one who gets owned - even if it's not your fault at all.  We also have the details out on several vulnerabilities in Microsoft Azure Sphere.... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat
2020-08-04 07:00:39 Vulnerability Spotlight: Arbitrary file deletion in SoftPerfect RAM Disk (lien direct) Yuri Kramarz of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos researchers recently discovered that a specific driver in the SoftPerfect RAM disk could allow an adversary to delete files on an arbitrary basis. SoftPerfect RAM Disk is a high-performance RAM disk application that allows the user to store a disk from their computer on the device's space. An attacker could exploit this vulnerability to point to a specific filepath and then delete that file. In... [[ This is only the beginning! Please visit the blog for the complete entry ]] Vulnerability
2020-08-04 06:22:37 Beers with Talos Ep. #89: What to do when you\'re the pwnd one (lien direct) Beers with Talos (BWT) Podcast episode No. 88 is now available. Download this episode and subscribe to Beers with Talos:Apple Podcasts Google PodcastsSpotify   StitcherIf iTunes and Google Play aren't your thing, click here. By Mitch Neff. Recorded July 17, 2020 The gang's all back this week, and we take on what happens when you get pwnd, hacked, or your data is leaked. It happens to all of us eventually, one quick moment connecting to public WiFi, clicking on a bad... [[ This is only the beginning! Please visit the blog for the complete entry ]]
2020-07-31 11:52:09 Vulnerability Spotlight: Microsoft issues security update for Azure Sphere (lien direct) Claudio Bozzato, Lilith >_> and Dave McDaniel of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos researchers recently discovered seven vulnerabilities in Microsoft's Azure Sphere, a cloud-connected SoC platform designed specifically with IoT application security in mind. The infrastructure around the Azure Sphere platform is Microsoft's Azure Sphere cloud, which takes care of secure updates, app deployment, and periodically verifying the device integrity.... [[ This is only the beginning! Please visit the blog for the complete entry ]] Vulnerability
2020-07-31 11:08:08 (Déjà vu) Threat Roundup for July 24 to July 31 (lien direct) Today, Talos is publishing a glimpse into the most prevalent threats we've observed between July 24 and July 31. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat
2020-07-30 11:00:05 Threat Source newsletter for July 30, 2020 (lien direct) Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. Adversaries love to use headlines as part of their spam campaigns. From COVID-19, to Black Lives Matter and even Black Friday every year, the bad guys are wanting to capitalize on current events. Why is this the case, and when do they decide to jump on headlines?  In our latest blog post, we look at this technique and examine the advantages and disadvantages of trying to leverage the biggest news.   Cyber... [[ This is only the beginning! Please visit the blog for the complete entry ]] Spam Threat
2020-07-29 08:21:44 Adversarial use of current events as lures (lien direct) By Nick Biasini. The goal of malicious activity is to compromise the system to install some unauthorized software. Increasingly that goal is tied to one thing: the user. Over the past several years, we as an industry improved exploit mitigation and the value of working exploits has increased accordingly. Together, these changes have had an impact on the threat landscape. We still see large amounts of active exploitation, but enterprises are getting better at defending against them. This has... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat
2020-07-24 14:14:10 (Déjà vu) Threat Roundup for July 17 to July 24 (lien direct) Today, Talos is publishing a glimpse into the most prevalent threats we've observed between July 17 and July 24. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat
2020-07-23 11:00:04 Threat Source newsletter for July 23, 2020 (lien direct) Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. While ransomware attacks continue to hog all the headlines, cryptocurrency miners are still running the background, sapping computing power from unsuspecting victims. We have what we believe is the first documentation of a new botnet we're calling "Prometei" that mines for Monero. Here's why you need to be on the lookout for this botnet and why it could be a sign of worse things to come if you're infected. If you didn't get... [[ This is only the beginning! Please visit the blog for the complete entry ]] Ransomware Threat
2020-07-22 08:38:21 Prometei botnet and its quest for Monero (lien direct) By Vanja Svajcer NEWS SUMMARYWe are used to ransomware attacks and big-game hunting making the headlines, but there are still methods adversaries use to monetize their efforts in less intrusive ways.Cisco Talos recently discovered a cryptocurrency-mining botnet attack we're calling "Prometei" using several techniques that defenders are likely to spot, but are not immediately obvious to end-users.These threats demonstrate several techniques of the MITRE ATT&CK framework, most notably... [[ This is only the beginning! Please visit the blog for the complete entry ]] Ransomware
2020-07-22 07:06:15 Beers with Talos Ep. #88: It\'s not about the vote, it\'s about trust (lien direct) Beers with Talos (BWT) Podcast episode No. 88 is now available. Download this episode and subscribe to Beers with Talos:Apple Podcasts Google PodcastsSpotify   StitcherIf iTunes and Google Play aren't your thing, click here. By Mitch Neff. Recorded July 7, 2020 Nigel is out this week, but we have a couple light and breezy topics on the docket: zero-day research and the institutions of democracy. FUN STUFF!! First, we chat about zero-day research tools and the... [[ This is only the beginning! Please visit the blog for the complete entry ]]
2020-07-17 14:26:01 (Déjà vu) Threat Roundup for July 10 to July 17 (lien direct) Today, Talos is publishing a glimpse into the most prevalent threats we've observed between July 10 and July 17. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat
2020-07-16 11:00:05 Threat Source newsletter for July 16, 2020 (lien direct) Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. If you haven't already, we highly recommend you read our in-depth research paper on election security. This paper represents four years of hands-on research, interviews and insight into how things have changed since 2016, and what hurdles remain to secure American elections.  This is just the first release in a series of papers, blog posts and more that we'll be releasing in the leadup to the November general election.... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat Guideline
2020-07-16 07:07:51 What to expect when you\'re electing: Talos\' 2020 election security primer (lien direct) By Jon Munshaw and Matt Olney.  After the 2016 General Election, the talk was all around foreign meddling. Rumors swirled that some votes may have been changed or influenced by state-sponsored actors. Sanctions and accusations followed. Four years later, is the U.S. any more prepared to protect the results of its largest elections? More than you may realize. In Talos' latest research paper, we take a deep dive into election security after spending the past four years talking to local,... [[ This is only the beginning! Please visit the blog for the complete entry ]]
2020-07-14 13:05:24 Microsoft Patch Tuesday for July 2020 - Snort rules and prominent vulnerabilities (lien direct) By Jon Munshaw. Microsoft released its monthly security update Tuesday, disclosing more than 120 vulnerabilities across its array of products. While only a few vulnerabilities are considered critical, users of all Microsoft and Windows products are urged to update their software as soon as possible to avoid possible exploitation. The security updates cover several different products including the Hyper-V engine, Microsoft Word and the rest of the Microsoft Office suite of products. Talos... [[ This is only the beginning! Please visit the blog for the complete entry ]]
2020-07-14 13:04:52 Vulnerability Spotlight: Multiple vulnerabilities in RemoteFX affects, AMD, Intel chips (lien direct) Piotr Bania of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered multiple vulnerabilities in Intel's Graphics Accelerator Driver and in an AMD Radeon driver. The Intel driver was released in 2019 and is used in multiple Intel integrated and non-integrated GPUs. It is likely that an attacker could use these vulnerabilities to exploit users remotely. The vulnerability could also be used to escape out of a Hyper-V virtual machine to access the host... [[ This is only the beginning! Please visit the blog for the complete entry ]] Vulnerability
2020-07-10 10:43:49 Threat Roundup for July 3 to July 10 (lien direct) Today, Talos is publishing a glimpse into the most prevalent threats we've observed between July 3 and July 10. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat
2020-07-10 08:52:15 Vulnerability Spotlight: SQL injection vulnerability in Glacies IceHRM (lien direct) Yuri Kramarz of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos researchers recently discovered that the Glacies' IceHRM software contains a vulnerability that could allow an adversary to inject SQL. IceHRM is a human resource management tool, allowing users to create and track timesheets for employees, upload documents and manage payroll. An attacker could send the software a specially crafted HTTP request, which can open the door for SQL injection. This could... [[ This is only the beginning! Please visit the blog for the complete entry ]] Vulnerability
2020-07-08 08:21:48 Beers with Talos Ep. #87: Happy 3rd birthday BWT - It\'s story time! (lien direct) Beers with Talos (BWT) Podcast episode No. 85 is now available. Download this episode and subscribe to Beers with Talos:Apple Podcasts Google PodcastsSpotify   StitcherIf iTunes and Google Play aren't your thing, click here. By Mitch Neff. Recorded June 24, 2020 Has it been three years already? We have a great episode to celebrate! We start off chatting about the origins of BWT and what made it… I don't know… the way that it is. We also have some great guests. Hazel... [[ This is only the beginning! Please visit the blog for the complete entry ]]
2020-07-08 07:12:56 WastedLocker Goes "Big-Game Hunting" in 2020 (lien direct) By Ben Baker, Edmund Brumaghin, JJ Cummings and Arnaud Zobec. Threat summary After initially compromising corporate networks, the attacker behind WastedLocker performs privilege escalation and lateral movement prior to activating ransomware and demanding ransom payment.The use of "dual-use" tools and "LoLBins" enables adversaries to evade detection and stay under the radar as they further operate towards their objectives in corporate environments.WastedLocker is one of the latest examples of... [[ This is only the beginning! Please visit the blog for the complete entry ]] Ransomware
2020-07-06 14:19:53 New Snort rule addresses critical vulnerability in F5 BIG-IP (lien direct) By Jon Munshaw. Cisco Talos just released Snort coverage for a prominent vulnerability in F5's BIG-IP. BIG-IP is one of the most popular networking products on the modern market. This product is used to shape web traffic, access gateways, limit rates and much more. F5 disclosed a remote code execution over the weekend that was assigned a maximum 10 out of 10 severity score. CVE-2020-5902 is a remote code execution vulnerability in BIG-IP's configuration interface. Users are urged to make... [[ This is only the beginning! Please visit the blog for the complete entry ]] Vulnerability
2020-07-02 11:00:02 Threat Source newsletter for July 2, 2020 (lien direct) Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. Our latest research you should catch up on is the Valak malware. This information-stealer sneaks its way onto victim machines by hijacking legitimate email threads. The threat actors send their phishing emails and attachments in email threads, hoping to trick users into thinking they're legitimate. We also have two vulnerability spotlights that alert users to patches you should make now. One is an information leak in Mozilla... [[ This is only the beginning! Please visit the blog for the complete entry ]] Vulnerability Threat
2020-07-02 09:13:04 Vulnerability Spotlight: Google Chrome PDFium memory corruption vulnerability (lien direct) Aleksandar Nikolic of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. The PDF renderer inside Google Chrome, known as PDFium, contains a memory corruption vulnerability that could be exploited by an adversary. PDFium is open-source software that is utilized in the Chrome browser and other applications.  The software supports the use of JavaScript embedded inside PDFs and other specially crafted documents could corrupt the memory of the application, allowing an adversary to... [[ This is only the beginning! Please visit the blog for the complete entry ]] Vulnerability
2020-07-02 06:52:47 Beers with Talos Ep. #86: It\'s just an exploit popularity contest... (lien direct) Beers with Talos (BWT) Podcast episode No. 85 is now available. Download this episode and subscribe to Beers with Talos:Apple Podcasts Google PodcastsSpotify   StitcherIf iTunes and Google Play aren't your thing, click here. By Mitch Neff. Recorded June 5, 2020 Prod. Note: The team decided to hold back on releasing a few episodes for a period of time, acknowledging that there are voices people need to hear more than ours discussing issues vital to... [[ This is only the beginning! Please visit the blog for the complete entry ]]
2020-07-01 13:07:36 Vulnerability Spotlight: Remote code execution vulnerabilities in LEADTOOLS 20 (lien direct) Cory Duplantis of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered a remote code execution vulnerability in the LEADTOOLS line of imaging toolkits. LEADTOOLS is a collection of toolkits designed to perform a variety of functions aimed at integrating documents, multimedia and imaging technologies into applications. All of the software is produced by LEAD Technologies Inc. LEADTOOLS offers prebuilt and portable libraries with an SDK for most... [[ This is only the beginning! Please visit the blog for the complete entry ]] Vulnerability Guideline
2020-07-01 12:51:55 Vulnerability Spotlight: Information disclosure vulnerability in Mozilla Firefox (lien direct) Marcin "Icewall" Noga of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered an information disclosure vulnerability in Mozilla Firefox. An attacker can exploit this bug by tricking a user into visiting a specially crafted web page through the browser. If successful, the adversary could use leaked memory to bypass ASLR and, in combination with other vulnerabilities, obtain the ability to execute arbitrary code. In accordance with our coordinated... [[ This is only the beginning! Please visit the blog for the complete entry ]] Vulnerability
2020-07-01 08:21:25 Threat Spotlight: Valak Slithers Its Way Into Manufacturing and Transportation Networks (lien direct) By Nick Biasini, Edmund Brumaghin and Mariano Graziano. Threat summary Attackers are actively distributing the Valak malware family around the globe, with enterprises, in particular, being targeted.These campaigns make use of existing email threads from compromised accounts to greatly increase success.The additional use of password-protected ZIP files can create a blind spot in security protections.The overwhelming majority of campaigns occurred over the last couple of months and targeted... [[ This is only the beginning! Please visit the blog for the complete entry ]] Malware Threat
2020-06-29 11:54:58 PROMETHIUM extends global reach with StrongPity3 APT (lien direct) By Warren Mercer, Paul Rascagneres and Vitor Ventura. News summaryThe threat actor behind StrongPity is not deterred despite being exposed multiple times over the past four years.They continue to expand their victimology and attack seemingly non related countries.This kind of continuous improvement suggests there is a possibility that this is an exported solution for other actors to use.Executive summaryThe PROMETHIUM threat actor - active since 2012 - has been exposed multiple times over the... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat
Last update at: 2024-06-27 18:08:00
See our sources.
My email:

To see everything: Our RSS (filtrered) Twitter