What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-01-07 10:52:13 | Threat Source newsletter (Jan. 7, 2021) (lien direct) | Newsletter compiled by Jon Munshaw.
Good afternoon, Talos readers and welcome to the first Threat Source newsletter of 2021.
We hit the ground running already this year with a new Beers with Talos episode. It was recorded back in 2020, but the lessons regarding ransomware attacks and how actors choose their targets are still very much relevant.
On the written word front, we have a full, technical breakdown of a recent Lokibot strain we've seen in the wild. Check...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
Ransomware Threat | ||
|
2021-01-07 07:31:39 | Vulnerability Spotlight: Denial-of-service vulnerability in Rockwell Automation RSLinx (lien direct) |
Alexander Perez-Palma of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.Cisco Talos recently discovered a denial-of-service vulnerability in the Ethernet/IP server functionality of Rockwell Automation RSLinx Classic. An attacker could exploit this vulnerability by sending the target a series of malicious packets. RSLinx Classic software is a communication server for the MicroLogix 1100 Programmable Controller. It helps plant devices communicate with other Rockwell...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
Vulnerability | ||
|
2021-01-05 10:35:06 | Vulnerability Spotlight: Multiple vulnerabilities in SoftMaker Office TextMaker (lien direct) | A Cisco Talos team member discovered these vulnerabilities. Blog by Jon Munshaw.
Cisco Talos recently discovered multiple vulnerabilities in SoftMaker's TextMaker software. A user could trigger these vulnerabilities by opening an attacker-created, malicious document. An adversary could use these documents to create a variety of malicious conditions on the victim machine.
SoftMaker Software GmbH is a German software company that develops and releases office software. Their flagship product,...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
|||
|
2021-01-05 09:23:22 | Vulnerability Spotlight: Multiple vulnerabilities in Genivia gSOAP (lien direct) | A Cisco Talos team member discovered these vulnerabilities. Blog by Jon Munshaw.
Cisco Talos recently discovered multiple vulnerabilities in various Genivia gSOAP toolkit plugins. These vulnerabilities could allow an attacker to carry out a variety of malicious activities, including causing a denial of service on the victim machine or gaining the ability to execute arbitrary code.
The gSOAP toolkit is a C/C++ library for developing XML-based web services. It includes several plugins to...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
|||
|
2021-01-04 10:14:40 | Beers with Talos Ep. #98: Why ransomware actors are (and aren\'t) targeting health care (lien direct) | Beers with Talos (BWT) Podcast episode No. 97 is now available. Download this episode and subscribe to Beers with Talos:Apple Podcasts Google PodcastsSpotify StitcherIf iTunes and Google Play aren't your thing, click here.
By Mitch Neff.
Recorded early November 2020.
This is an episode we recorded in early November but got pushed back in the end of year shuffle to make production schedules work. We're happy to put this one out now with somewhat belated takes on...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
Ransomware | ||
|
2020-12-21 14:38:16 | 2020: The year in malware (lien direct) | By Jon Munshaw.
Nothing was normal in 2020. Our ideas of working from offices, in-person meetings, hands-on learning and basically everything else was thrown into disarray early in the year. Since then, we defenders have had to adapt. But so have workers around the globe, and those IT and security professionals in charge of keeping those workers' information secure.
Adversaries saw all these changes as an opportunity to capitalize on strained health care systems, schools scrambling...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
Malware | ||
|
2020-12-17 11:00:02 | Threat Source newsletter (Dec. 17, 2020) (lien direct) | Newsletter compiled by Jon Munshaw.
Good afternoon, Talos readers.
This will be our last Threat Source newsletter of the year. We'll be on a few-week break for the holidays until Jan. 7.
Of course, all anyone wants to talk about this week is the SolarWinds supply chain attack. There are still many outstanding questions yet to be answered. But everything Cisco Talos knows about this incident and our coverage can be found here. And our pre-existing coverage keeps...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
Threat | ||
|
2020-12-17 06:57:46 | Talos tools of the trade (lien direct) | By Andrea Marcelli and Holger Unterbrink.
If you're looking for something to keep you busy while we're all stuck inside during the holidays, Cisco Talos has a few tools for you you can play with in the coming days and weeks.
We recently updated GhIDA to work with the latest version of IDA and we are releasing new features for the award-winning Dynamic Data Resolver (DDR).
GhIDA
GhIDA is an IDA Pro plugin that integrates the Ghidra decompiler in IDA Pro. The plugin either communicates with...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
|||
|
2020-12-16 06:21:01 | Vulnerability Spotlight: Multiple vulnerabilities in NZXT computer monitoring software (lien direct) | Carl Hurd of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.
NZXT's CAM computer monitoring software contains multiple vulnerabilities an attacker could use to carry out a range of malicious actions. CAM provides users information on their machines, such as fan speeds, temperature, RAM usage and network activity. The software also holds an inventory of all peripheral devices installed in the PC at a given time.
A specific driver on this software contains several vulnerabilities...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
|||
|
2020-12-16 06:12:01 | Vulnerability Spotlight: Two vulnerabilities in Lantronix XPort EDGE (lien direct) | Kelly Leuschner of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.Executive summary
Cisco Talos recently discovered two vulnerabilities in the Web Manager functionality of Lantronix XPort EDGE. The XPort EDGE is a next-generation wired Ethernet gateway for providing secure Ethernet connectivity to serial devices. An adversary could send the victim various requests to trigger two vulnerabilities that could later allow them to shut down access to the device and disclose...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
|||
|
2020-12-11 12:41:37 | (Déjà vu) Threat Roundup for December 4 to December 11 (lien direct) | Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Dec. 4 and Dec. 11. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats.
As a reminder, the information provided for the following threats in this post is...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
Threat | ||
|
2020-12-10 11:00:00 | Threat Source newsletter (Dec. 10, 2020) (lien direct) | Newsletter compiled by Jon Munshaw.
Good afternoon, Talos readers.
Cyber security firm FireEye recently disclosed an incident that was reported to have resulted in the inadvertent disclosure of various internally developed offensive security tools (OSTs) that were used across FireEye red-team engagements. We know this is going to be top-of-mind for many users, so for more, check out all our coverage that covers these vulnerabilities here. We also have new Snort rules out, which you can...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
Threat | ||
|
2020-12-10 07:59:22 | Beers with Talos Ep. #97: Getting to better security outcomes (feat. Wendy Nather) (lien direct) | Beers with Talos (BWT) Podcast episode No. 97 is now available. Download this episode and
subscribe to Beers with Talos:Apple Podcasts Google PodcastsSpotify StitcherIf iTunes and Google Play aren't your thing, click here.
By Mitch Neff.
Recorded Nov. 24, 2020 – On this episode, Mitch and Matt are joined by Wendy Nather to discuss the newly released Cisco Security Outcomes Study. The results and findings of the research are interesting and somewhat...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
|||
|
2020-12-09 16:57:23 | FireEye Breach Detection Guidance (lien direct) | Cyber security firm FireEye recently disclosed an incident that was reported to have resulted in the inadvertent disclosure of various internally developed offensive security tools (OSTs) that were used across FireEye red-team engagements.
Some of these tools appear to be based on well-known offensive frameworks like Cobalt Strike. This is even evident in the naming convention used in the coverage designated by FireEye. The use of Cobalt Strike beacons is popular among red teams and...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
|||
|
2020-12-09 08:31:39 | Vulnerability Spotlight: Multiple vulnerabilities in Foxit PDF Reader JavaScript engine (lien direct) | Aleksandar Nikolic of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.Executive summary
Cisco Talos recently discovered multiple vulnerabilities in Foxit PDF Reader's JavaScript engine. Foxit PDF Reader is a commonly used PDF reader that contains many features, including the support of JavaScript, which allows it to support interactive documents and dynamic forms. An adversary could take advantage of this JavaScript functionality, sending the victim a specially crafted file to...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
Vulnerability | ||
|
2020-12-09 06:32:50 | Quarterly Report: Incident Response trends from Fall 2020 (lien direct) | By David Liebenberg and Caitlin Huey.
For the sixth quarter in a row, Cisco Talos Incident Response (CTIR) observed ransomware dominating the threat landscape. However, for the first quarter since we began compiling these reports, no engagements that were closed out involved the ransomware Ryuk (though there were engagements that were kicked off this quarter involving Ryuk, but have yet to close). The top ransomware families observed were Maze and Sodinokibi, though barely more than any...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
Ransomware Threat | ||
|
2020-12-09 06:16:47 | Vulnerability Spotlight: Remote code execution vulnerabilities in Schneider Electric EcoStruxure (lien direct) | Alexander Perez-Palma and Jared Rittle of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.Cisco Talos recently discovered two code execution vulnerabilities in Schneider Electric EcoStruxure. An attacker could exploit these vulnerabilities by sending the victim a specially crafted network request or project archive. coStruxure Control Expert (formerly UnityPro) is Schneider Electric's flagship software for program development, maintenance, and monitoring of industrial...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
Vulnerability | ||
|
2020-12-08 11:12:02 | Microsoft Patch Tuesday (Dec. 2020) - Snort rules and notable vulnerabilities (lien direct) | By Jon Munshaw, with contributions from Bill Largent.
Microsoft released its monthly security update Tuesday, disclosing 58 vulnerabilities across its suite of products, the lowest number of vulnerabilities in any Patch Tuesday since January.
There are only 10 critical vulnerabilities as part of this release, while there are two moderate-severity exploits, and the remainder are considered “important.” Users of all Microsoft and Windows products are urged to update their software as...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
|||
|
2020-12-08 11:09:26 | Vulnerability Spotlight: Code execution vulnerability in Microsoft Excel (lien direct) | Marcin “Icewall” Noga of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.Cisco Talos recently discovered a code execution vulnerability in some versions of Microsoft Excel. An
attacker could exploit this vulnerability by tricking the victim into opening a specially crafted XLS file, triggering a use-after-free condition and allowing them to execute remote code on the victim machine. Microsoft disclosed and patched this bug as part of their monthly security update Tuesday. For...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
Vulnerability | ||
|
2020-12-03 11:00:03 | Threat Source newsletter (Dec. 3, 2020) (lien direct) | Newsletter compiled by Jon Munshaw.
Good afternoon, Talos readers.
While ransomware has made all the headlines this year, that doesn't mean cryptocurrency miners are going anywhere. We recently discovered a new actor we're calling “Xanthe” that's mining Monero on targets' machines. The main payload, in this case, is a variant of the XMRig Monero-mining program that is protected with a shared object developed to hide the presence of the miner's process from various tools for process...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
Ransomware Threat | ||
|
2020-12-02 13:21:40 | Vulnerability Spotlight: DoS, code execution vulnerabilities in EIP Stack Group OpENer (lien direct) | Martin Zeiser and Jared Rittle of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.Executive summary
Cisco Talos recently discovered two vulnerabilities in the Ethernet/IP function of EIP Stack Group
OpENer. OpENer is an Ethernet/IP stack for I/O adapter devices. It supports multiple I/O and explicit connections and includes objects and services for making Ethernet/IP-compliant products as defined in the ODVA specifications. The software contains two vulnerabilities that could...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
Vulnerability | ||
|
2020-12-01 12:57:39 | Beers with Talos Ep. #96: The boogeyman and QR codes (lien direct) | Beers with Talos (BWT) Podcast episode No. 96 is now available. Download this episode and
subscribe to Beers with Talos:Apple Podcasts Google PodcastsSpotify StitcherIf iTunes and Google Play aren't your thing, click here.
By Mitch Neff.
We got delayed with Thanksgiving and PTO, but here is a long-awaited episode. We're ready to get an episode a week ahead of the holidays, so fret not. In this episode, we talk about QR codes becoming pervasive as easily deployed...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
|||
|
2020-12-01 09:12:54 | Xanthe - Docker aware miner (lien direct) | By Vanja Svajcer and Adam Pridgen, Cisco Incident Command
NEWS SUMMARY
Ransomware attacks and big-game hunting making the headlines, but adversaries use plenty of other methods to monetize their efforts in less intrusive ways.Cisco Talos recently discovered a cryptocurrency-mining botnet attack we're calling "Xanthe," which attempted to compromise one of Cisco's security honeypots for tracking Docker-related threats. These threats demonstrate several techniques of the MITRE ATT&CK...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
|||
|
2020-11-30 09:26:06 | Vulnerability Spotlight: Multiple vulnerabilities in WebKit (lien direct) | Marcin “Icewall” Noga of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.Executive summary
The WebKit browser engine contains multiple vulnerabilities in various functions of the software. A malicious web page code could trigger multiple use-after-free errors, which could lead to remote and arbitrary code execution. An attacker could exploit these vulnerabilities by tricking the user into visiting a specially crafted, malicious web page on a browser utilizing WebKit.
In...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
Vulnerability Guideline | ||
|
2020-11-20 14:19:18 | (Déjà vu) Threat Roundup for November 13 to November 20 (lien direct) | Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Nov. 13 and Nov. 20. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats.
As a reminder, the information provided for the following threats in this post is...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
Threat | ||
|
2020-11-19 10:51:45 | Threat Source newsletter (Nov. 19, 2020) (lien direct) | Newsletter compiled by Jon Munshaw.Good afternoon, Talos readers.
In case you hadn't already realized, Snort somehow became a meme this week, so that was fun.
As 2020 (finally...or already...I can't decide which) comes to an end, we're going to start doing a look back at the year that was in malware. And although Emotet has been around long before this year, 2020 was particularly peculiar for the botnet because it went virtually dormant over the summer before coming back over the...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
Threat | ★★★★★ | |
|
2020-11-18 10:21:43 | Back from vacation: Analyzing Emotet\'s activity in 2020 (lien direct) | By Nick Biasini, Edmund Brumaghin, and Jaeson Schultz.
Emotet is one of the most heavily distributed malware families today. Cisco Talos observes large quantities of Emotet emails being sent to individuals and organizations around the world on an almost daily basis. These emails are typically sent automatically by previously infected systems attempting to infect new systems with Emotet to continue growing the size of the botnets associated with this threat. Emotet is often the initial...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
Malware | ||
|
2020-11-17 10:56:55 | Nibiru ransomware variant decryptor (lien direct) | Nikhil Hegde developed this tool.
Weak encryption
The Nibiru ransomware is a .NET-based malware family. It traverses directories in the local disks, encrypts files with Rijndael-256 and gives them a .Nibiru extension. Rijndael-256 is a secure encryption algorithm. However, Nibiru uses a hard-coded string "Nibiru" to compute the 32-byte key and 16-byte IV values. The decryptor program leverages this weakness to decrypt files encrypted by this variant.
Ransomware
Nibiru ransomware is a poorly...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
Ransomware Malware | ||
|
2020-11-13 11:24:47 | (Déjà vu) Threat Roundup for November 6 to November 13 (lien direct) | Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Nov. 6 and Nov. 13. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats.
As a reminder, the information provided for the following threats in this post is...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
Threat | ||
|
2020-11-12 12:15:40 | Vulnerability Spotlight: Multiple vulnerabilities in Pixar OpenUSD affects some versions of macOS (lien direct) | Aleksandar Nikolic of Cisco Talos discovered these vulnerabilities. Blog by Aleksandar Nikolic and Jon Munshaw.
Pixar OpenUSD contains multiple vulnerabilities that attackers could exploit to carry out a variety of malicious actions.
OpenUSD stands for “Open Universal Scene Descriptor.” Pixar uses this software for several types of animation tasks, including swapping arbitrary 3-D scenes that are composed of many different elements. Aimed at professional animation studios, the software is...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
Vulnerability | ||
|
2020-11-12 11:39:02 | Threat Source newsletter (Nov. 12, 2020) (lien direct) | Newsletter compiled by Jon Munshaw.
Good afternoon, Talos readers.
We're back after a few-week hiatus! And to celebrate, we just dropped some new research on the CRAT trojan that's bringing some ransomware friends along with it. This blog post has all the details of this threat along with what you can do to stay protected.
We also had Microsoft Patch Tuesday this week. The company disclosed about 120 vulnerabilities this month that all users should patch now. Our blog post has a...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
Ransomware Threat | ||
|
2020-11-12 05:52:48 | CRAT wants to plunder your endpoints (lien direct) | By Asheer Malhotra.
Cisco Talos has observed a new version of a remote access trojan (RAT) family known as CRAT.Apart from the prebuilt RAT capabilities, the malware can download and deploy additional malicious plugins on the infected endpoint.One of the plugins is a ransomware known as "Hansom."CRAT has been attributed to the Lazarus APT Group in the past.The RAT consists of multiple obfuscation techniques to hide strings, API names, command and control (C2) URLs and instrumental functions,...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
Ransomware Malware | APT 38 | |
|
2020-11-10 13:33:47 | Microsoft Patch Tuesday for Nov. 2020 - Snort rules and prominent vulnerabilities (lien direct) |
By Jon Munshaw, with contributions from Joe Marshall.
Microsoft released its monthly security update Tuesday, disclosing just over 110 vulnerabilities across its products. This is a slight jump from last month when Microsoft disclosed one of their lowest vulnerability totals in months.
Eighteen of the vulnerabilities are considered “critical" while the vast remainder are ranked as “important,” with two also considered of “low” importance. Users of all Microsoft and Windows...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
Vulnerability | ||
|
2020-11-06 11:10:55 | (Déjà vu) Threat Roundup for October 30 to November 6 (lien direct) | Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Oct. 30 and Nov. 6. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats.
As a reminder, the information provided for the following threats in this post is...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
Threat | ||
|
2020-11-05 14:01:09 | Vulnerability Spotlight: Multiple JavaScript vulnerabilities in Adobe Acrobat Reader (lien direct) | Aleksandar Nikolic of Cisco Talos discovered these vulnerabilities. Blog by Joe Marshall
Cisco Talos recently discovered an heap buffer overflow and a use after free vulnerability in Adobe Acrobat Reader. Adobe Acrobat Reader is one of the most popular and feature-rich PDF readers on the market. It has a large user base and is usually a default PDF reader on systems. It also integrates into
web browsers as a plugin for rendering PDFs. As such, tricking a user into visiting a malicious...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
Vulnerability | ||
|
2020-10-30 14:51:47 | Cisco Talos Advisory on Adversaries Targeting the Healthcare and Public Health Sector (lien direct) | BackgroundCisco Talos has become aware that an adversary is leveraging Trickbot banking trojan and Ryuk ransomware to target U.S. hospitals and healthcare providers at an increasing rate. Security journalists reported on October 28, 2020 that the adversary was preparing to encrypt systems at “potentially hundreds” of medical centers and hospitals, based on a tip from a researcher who had been monitoring communications for the threat actor. On October 28 and 29, these claims were supported by...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
Ransomware Threat | ||
|
2020-10-30 14:48:53 | (Déjà vu) Threat Roundup for October 23 to October 30 (lien direct) | Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Oct. 23 and Oct. 30. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats.
As a reminder, the information provided for the following threats in this post is...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
Threat | ||
|
2020-10-29 14:45:29 | Vulnerability Spotlight: Multiple vulnerabilities in Synology SRM (Synology Router Manager) (lien direct) |
Claudio Bozzato of Cisco Talos discovered these vulnerabilities. Blog by Claudio Bozzato and Jon Munshaw.
Cisco Talos recently discovered multiple remote vulnerabilities in software that helps power Synology routers. The bugs exist in Synology Router Manager (SRM) - a Linux-based operating system for Synology routers - and QuickConnect, a feature inside SRM that allows users to remotely connect to their routers. An adversary could use these vulnerabilities to carry out a range of...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
Vulnerability | ||
|
2020-10-29 11:03:30 | Beers with Talos ep. #95: Election 2020 – Advice for voters and election officials (lien direct) | Beers with Talos (BWT) Podcast episode No. 95 is now available. Download this episode and
subscribe to Beers with Talos:Apple Podcasts Google PodcastsSpotify StitcherIf iTunes and Google Play aren't your thing, click here.
By Mitch Neff.
Recorded Oct. 9, 2020
We are running a short bench today after Nigel's retirement last ep and Joel being on vacation. We start off talking about how specific use cases don't equate to the death of entire defensive technologies,...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
|||
|
2020-10-29 05:22:28 | DoNot\'s Firestarter abuses Google Firebase Cloud Messaging to spread (lien direct) | By Warren Mercer, Paul Rascagneres and Vitor Ventura.
The newly discovered Firestarter malware uses Google Firebase Cloud Messaging to notify its authors of the final payload location.Even if the command and control (C2) is taken down, the DoNot team can still redirect the malware to another C2 using Google infrastructure.The approach in the final payload upload denotes a highly personalized targeting policy.
What's new? The DoNot APT group is making strides to experiment with new methods of...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
Malware | ||
|
2020-10-23 15:09:36 | (Déjà vu) Threat Roundup for October 16 to October 23 (lien direct) | Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Oct. 16 and Oct. 23. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats.
As a reminder, the information provided for the following threats in this post is...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
Threat | ||
|
2020-10-21 13:17:10 | Vulnerability Spotlight: A deep dive into WAGO\'s cloud connectivity and the vulnerabilities that arise (lien direct) | Vulnerability Spotlight: A deep dive into WAGO's cloud connectivity and the vulnerabilities that ariseReport and research by Kelly Leuschner.
WAGO makes several programmable automation controllers that are used in many industries including automotive, rail, power engineering, manufacturing and building management. Cisco Talos discovered 41 vulnerabilities in their PFC200 and PFC100 controllers. In accordance with our coordinated disclosure policy, Cisco Talos worked with WAGO to ensure...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
Vulnerability | ||
|
2020-10-21 08:27:59 | (Déjà vu) Vulnerability Spotlight: Code execution vulnerability in Google Chrome WebGL (lien direct) |
Marcin Towalski of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.
The Google Chrome web browser contains a vulnerability that could be exploited by an adversary to gain the ability to execute code on the victim machine. Chrome is one of the most popular web browsers currently available to users. Cisco Talos researchers recently discovered a bug in WebGL, which is a Chrome API responsible for displaying 3-D graphics.
In accordance with our coordinated disclosure policy,...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
Vulnerability | ||
|
2020-10-21 08:18:51 | What to expect when you\'re electing: A recap (lien direct) | We're roughly two weeks out from Election Day in America, although millions of early and mail-in votes have already been cast. In the coming days, there's sure to be a flurry of news stories about disinformation, allegations of voter fraud, the back-and-forth between parties and talks of when the results can be trusted, and someone can call the presidential race.
While Cisco Talos can't provide you all the answers, we can at least give you an idea of what American election officials at...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
|||
|
2020-10-20 08:12:14 | Dynamic Data Resolver - Version 1.0.1 beta (lien direct) | By Holger Unterbrink.
Cisco Talos is releasing a new beta version of Dynamic Data Resolver (DDR) today. This release comes with a new architecture for samples using multi-threading. The process and thread tracing has been completely reimplemented.
We also fixed a few bugs and memory leaks. Another new feature is that the DDR backend now comes in two flavors: a release version and a debugging version. The latter will improve code quality and bug hunting. It helps to detect memory leaks and...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
|||
|
2020-10-16 13:26:15 | (Déjà vu) Threat Roundup for October 9 to October 16 (lien direct) | Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Oct. 9 and Oct. 16. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats.
As a reminder, the information provided for the following threats in this post is...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
Threat | ||
|
2020-10-16 07:44:23 | Beers with Talos ep. #94: Nigel is marching on, victorious and glorious (lien direct) | Beers with Talos (BWT) Podcast episode No. 94 is now available. Download this episode and
subscribe to Beers with Talos:Apple Podcasts Google PodcastsSpotify StitcherIf iTunes and Google Play aren't your thing, click here.
By Mitch Neff.
Recorded Sept. 25, 2020
Today is Nigel's last episode as a regular host of BWT. Join us in wishing him a happy transition to his next chapter. As we all know, Nigel won't ever actually retire. Today's show is us chatting with Nigel...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
|||
|
2020-10-15 11:00:06 | Threat Source newsletter (Oct. 15, 2020) (lien direct) | Newsletter compiled by Jon Munshaw.Good afternoon, Talos readers.
In our latest entry into our election security series, we're turning our attention to the professionals who are responsible for securing our elections. After months of research, we've compiled a series of recommendations for local, state and national officials to combat disinformation and secure Americans' faith in the election system.
Patch Tuesday was also this week, which as usual, brought with it a big Snort rule...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
Threat | ||
|
2020-10-15 08:08:07 | Vulnerability Spotlight: Code execution, information disclosure vulnerabilities in F2FS toolset (lien direct) | Vulnerabilities discovered by a Cisco Talos researcher. Blog by Jon Munshaw.
Cisco Talos recently discovered multiple code execution and information disclosure vulnerabilities in various functions of the F2FS toolset. F2FS is a filesystem toolset commonly found in embedded
devices that creates, verifies and/or fixes Flash-Friendly File System files. An attacker could provide a malicious file to the target to trigger these vulnerabilities, causing a variety of negative conditions for the...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
Vulnerability | ||
|
2020-10-15 06:31:51 | What to expect when you\'re electing: How election officials can counter disinformation (lien direct) |
By Matthew Olney and the communications and public relations professionals at Cisco.
Editor's Note: For more on this topic, sign up for a Cisco Duo webinar on election security on Oct. 15 at 1 p.m. ET here.
In our work with our partners in the election security space, the most difficult question we've been asked is “What do we do about disinformation campaigns?” This isn't something Talos usually specializes in, as it's not a true technical security problem. However, one...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
To see everything:
Our RSS (filtrered)
