What's new arround internet
Last one

Src Date (GMT) Titre Description Tags Stories Notes
2020-10-13 15:51:28 (Déjà vu) Vulnerability Spotlight: Denial of service in AMD ATIKMDAG.SYS driver (lien direct)    Piotr Bania of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.Cisco Talos recently discovered a denial-of-service vulnerability in the ATIKMDAG.SYS driver for some AMD graphics cards. An attacker could send the victim a specially crafted D3DKMTCreateAllocation API request to cause an out-of-bounds read, leading to a denial-of-service condition. This vulnerability could be triggered from a guest account. In accordance with our coordinated disclosure policy,... [[ This is only the beginning! Please visit the blog for the complete entry ]] Vulnerability Guideline
2020-10-13 11:52:13 (Déjà vu) Microsoft Patch Tuesday for Oct. 2020 - Snort rules and prominent vulnerabilities (lien direct) By Jon Munshaw, with contributions from Alex McDonnell and Nick Biasini. Microsoft released its monthly security update Tuesday, disclosing more than 100 vulnerabilities across its array of products.   Fourteen of the vulnerabilities are considered “critical" while the vast remainder are ranked as “important.” Users of all Microsoft and Windows products are urged to update their software as soon as possible to avoid possible exploitation of all these bugs. The security updates cover... [[ This is only the beginning! Please visit the blog for the complete entry ]]
2020-10-13 11:22:55 Vulnerability Spotlight: Information leak vulnerability in Google Chrome WebGL (lien direct) Marcin Towalski of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. The Google Chrome web browser contains a vulnerability that could be exploited by an adversary to carry out a range of malicious actions. Chrome is one of the most popular web browsers currently available to users. Cisco Talos researchers recently discovered a bug in WebGL, which is a Chrome API responsible for displaying 3-D graphics. In accordance with our coordinated disclosure policy, Cisco Talos worked with... [[ This is only the beginning! Please visit the blog for the complete entry ]] Vulnerability
2020-10-13 07:59:21 (Déjà vu) Lemon Duck brings cryptocurrency miners back into the spotlight (lien direct) By Vanja Svajcer, with contributions from Caitlin Huey. We are used to ransomware attacks and big-game hunting making headlines, but there are still methods adversaries use to monetize their efforts in less intrusive ways.Cisco Talos recently recorded increased activity of the Lemon Duck cryptocurrency-mining botnet using several techniques likely to be spotted by defenders, but are not immediately obvious to end-users.These threats demonstrate several techniques of the MITRE ATT&CK... [[ This is only the beginning! Please visit the blog for the complete entry ]] Ransomware
2020-10-13 06:12:26 Vulnerability Spotlight: Denial-of-service vulnerabilities in Allen-Bradley Flex I/O (lien direct) Jared Rittle of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. The Allen-Bradley Flex input/output system contains multiple denial-of-service vulnerabilities in its ENIP request path data segment. These bugs exist specifically in the 1794-AENT FLEX I/O modular platform. It provides many I/O operations and servers as a smaller physical device compared to other similar hardware. An attacker could exploit these vulnerabilities by sending a specially crafted, malicious packet to... [[ This is only the beginning! Please visit the blog for the complete entry ]] Vulnerability
2020-10-09 12:36:21 (Déjà vu) Threat Roundup for October 2 to October 9 (lien direct) Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Oct. 2 and Oct. 9. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat
2020-10-08 11:00:07 Threat Source newsletter for Oct. 8, 2020 (lien direct)  Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers.  We've been writing and talking about election security a ton lately. And as the U.S. presidential election draws closer, we decided it was time to summarize some things. So, we released this blog post with our formal recommendations for voters and how they can avoid disinformation and other bad actors trying to influence the election.  Our researchers are also following the development of the PoetRAT malware.... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat
2020-10-07 09:07:41 Vulnerability Spotlight: DoS vulnerability in ATIKMDAG.SYS AMD graphics driver (lien direct)   Piotr Bania of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.Cisco Talos recently discovered a denial-of-service vulnerability in the ATIKMDAG.SYS driver for some AMD graphics cards. An attacker could send the victim a specially crafted D3DKMTCreateAllocation API request to cause an out-of-bounds read, leading to a denial-of-service condition. This vulnerability could be triggered from a guest account. In accordance with our coordinated disclosure policy, Cisco Talos... [[ This is only the beginning! Please visit the blog for the complete entry ]] Vulnerability Guideline
2020-10-07 06:20:24 What to expect when you\'re electing: Voter recommendations (lien direct) By Amy Henderson.  Information operations have been around for millennia, yet with the advent of the internet and the democratization of content creation, the barriers to entry have lowered to a point that anyone can play now.    In the course of our latest research on disinformation, with an eye toward election security, we have covered the what, how and why of disinformation campaigns, state and non-state actors that engage in this behavior, as well as the psychological effect on... [[ This is only the beginning! Please visit the blog for the complete entry ]]
2020-10-06 09:20:34 90 days, 16 bugs, and an Azure Sphere Challenge (lien direct) Cisco Talos reports 16 vulnerabilities in Microsoft Azure Sphere's sponsored research challenge. By Claudio Bozzato, Lilith [-_-]; and Dave McDaniel.  On May 15, 2020, Microsoft kicked off the Azure Sphere Security Research Challenge, a three-month initiative aimed at finding bugs in Azure Sphere. Among the teams and individuals selected, Cisco Talos conducted a three-month sprint of research into the platform and reported 16 vulnerabilities of various severity, including a privilege... [[ This is only the beginning! Please visit the blog for the complete entry ]]
2020-10-06 07:52:14 PoetRAT: Malware targeting public and private sector in Azerbaijan evolves (lien direct) By Warren Mercer, Paul Rascagneres and Vitor Ventura. The Azerbaijan public sector and other important organizations are still targeted by new versions of PoetRAT.This actor leverages malicious Microsoft Word documents alleged to be from the Azerbaijan government.The attacker has moved from Python to Lua script.The attacker improves their operational security (OpSec) by replacing protocol and performing reconnaissance on compromised systems. Executive summary Cisco Talos discovered PoetRAT... [[ This is only the beginning! Please visit the blog for the complete entry ]] Malware
2020-10-02 17:40:29 (Déjà vu) Threat Roundup for September 25 to October 2 (lien direct) Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Sept. 25 and Oct. 2. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat
2020-10-01 11:00:07 Threat Source newsletter for Oct. 1, 2020 (lien direct) Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers.  In the past, we've covered what disinformation (otherwise known as “fake news”) is and who spreads it. Now, we're diving into why it works, and why it's so easy for people to spread. Check out our full paper here to gain a lot of insight into the psychology of social media.  On the malware front, we also have an update on LodaRAT. We've seen several new variants of this threat in the wild. Here's what to look out for... [[ This is only the beginning! Please visit the blog for the complete entry ]] Malware Threat
2020-10-01 06:00:01 What to expect when you\'re electing: Information hygiene and the human levels of disinformation (lien direct) Editor's note: Related reading on Talos election security research:   https://blog.talosintelligence.com/2020/07/what-to-expect-when-youre-electing.html  https://blog.talosintelligence.com/2020/09/election-roundtable-video.html  https://blog.talosintelligence.com/2020/08/what-to-expect-electing-disinformation-building-blocks.html  By Azim Khodjibaev and Ryan Pentney.  As Cisco Talos researchers outlined in a paper earlier this summer, disinformation is one of the... [[ This is only the beginning! Please visit the blog for the complete entry ]]
2020-09-30 12:37:10 Vulnerability Spotlight: Remote code execution bugs in NVIDIA D3D10 driver (lien direct) Piotr Bania of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered multiple remote code execution vulnerabilities in the NVIDIA D3D10 driver. This driver supports multiple GPUs that NVIDIA produces. An adversary could exploit these vulnerabilities by supplying the user with a malformed shader, eventually allowing them to execute code on the victim machine. These bugs could also allow the attacker to perform a guest-to-host escape through Hyper-V... [[ This is only the beginning! Please visit the blog for the complete entry ]] Vulnerability
2020-09-29 10:24:54 LodaRAT Update: Alive and Well (lien direct) By Chris Neal. During our continuous monitoring of LodaRAT, Cisco Talos observed changes in the threat that add new functionality. Multiple new versions of LodaRAT have been spotted being used in the wild.These new versions of LodaRAT abandoned their previous obfuscation techniques.Direct interaction with the threat actor was observed during analysis, indicating the actor is actively monitoring infected hosts.What's New? Talos recently identified new versions of LodaRAT, a remote access trojan... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat
2020-09-28 16:19:28 Microsoft Netlogon exploitation continues to rise (lien direct) Cisco Talos is tracking a spike in exploitation attempts against the Microsoft vulnerability CVE-2020-1472, an elevation of privilege bug in Netlogon, outlined in the August Microsoft Patch Tuesday report. The vulnerability stems from a flaw in a cryptographic authentication scheme used by the Netlogon Remote Protocol which - among other things - can be used to update computer passwords by forging an authentication token for specific Netlogon functionality. This flaw allows attackers to... [[ This is only the beginning! Please visit the blog for the complete entry ]] Vulnerability
2020-09-25 13:23:33 (Déjà vu) Threat Roundup for September 18 to September 25 (lien direct) Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Sept. 18 and Sept. 25. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat
2020-09-24 11:00:07 Threat Source newsletter for Sept. 24, 2020 (lien direct)     Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers.  After months (years?) in beta, an official release candidate is out now for Snort 3. Stay tuned for an officially official release in about a month.  In other Snort rules, we also have a deep dive into our detection and prevention of Cobalt Strike. One of our researchers, Nicholas Mavis, did an amazing job breaking down what goes into writing Snort rules and ClamAV signatures, for those of you who... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat
2020-09-24 09:45:04 The Internet did my homework (lien direct) By Jaeson Schultz and Matt Valites. As students return to school for in-person and virtual learning, Cisco Talos discovered an increase in DNS requests coming into Umbrella resolving domains we classify as "academic fraud." Data from Pew Research on back-to-school dates aligns with the growth we observed in queries to these malicious domains. The figure below shows that queries to academic fraud domains nearly quadrupled starting the week of Aug. 12, the most popular week to start schools in... [[ This is only the beginning! Please visit the blog for the complete entry ]]
2020-09-20 21:01:02 New Snort, ClamAV coverage strikes back against Cobalt Strike (lien direct) By Nick Mavis. Editing by Joe Marshall and Jon Munshaw. Cisco Talos is releasing a new research paper called “The Art and Science of Detecting Cobalt Strike.” We recently released a more granular set of updated SNORTⓇ and ClamAVⓇ detection signatures to detect attempted obfuscation and exfiltration of data via Cobalt Strike, a common toolkit often used by adversaries. Cobalt Strike is a “paid software platform for adversary simulations and red team operations.” It is used by professional... [[ This is only the beginning! Please visit the blog for the complete entry ]]
2020-09-18 14:47:15 Beers with Talos ep. #92: Trending in Your Network - Disinformation (lien direct) Beers with Talos (BWT) Podcast episode No. 92 is now available. Download this episode and subscribe to Beers with Talos:Apple Podcasts Google PodcastsSpotify   StitcherIf iTunes and Google Play aren't your thing, click here. By Mitch Neff. Recorded Aug. 26, 2020 Disinformation is front and center right now. As disinformation efforts constantly increase, platforms struggle to contain the problem without giving the appearance of censuring or controlling all information... [[ This is only the beginning! Please visit the blog for the complete entry ]]
2020-09-18 13:10:40 (Déjà vu) Threat Roundup for September 11 to September 18 (lien direct) Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Sept. 11 and Sept. 18. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat
2020-09-17 11:00:02 Threat Source newsletter for Sept. 17, 2020 (lien direct)    Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers.  We've got a couple of vulnerabilities you should know about. Monday, we disclosed a bug in Google Chrome's PDFium feature that opens the door for an adversary to execute remote code.  Our researchers also discovered several vulnerabilities in the Nitro Pro PDF Reader. The software contains vulnerabilities that could allow adversaries to exploit a victim machine in multiple ways that would eventually... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat
2020-09-17 07:21:35 Vulnerability Spotlight: Remote code execution vulnerability Apple Safari (lien direct) Marcin "Icewall" Noga of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. The Apple Safari web browser contains a remote code execution vulnerability in its Webkit feature. Specifically, an attacker could trigger a use-after-free condition in WebCore, the DOM-rendering system for Webkit used in Safari. This could give the attacker the ability to execute remote code on the victim machine. A user needs to open a specially crafted, malicious web page in Safari to trigger this... [[ This is only the beginning! Please visit the blog for the complete entry ]] Vulnerability
2020-09-15 10:30:16 Vulnerability Spotlight: Multiple vulnerabilities in Nitro Pro PDF reader (lien direct) Cisco Talos researchers discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered multiple code execution vulnerabilities in the Nitro Pro PDF reader. Nitro PDF allows users to save, read, sign and edit PDFs on their computers. The software contains vulnerabilities that could allow adversaries to exploit a victim machine in multiple ways that would eventually allow them to execute code. In accordance with our coordinated disclosure policy, Cisco Talos worked with... [[ This is only the beginning! Please visit the blog for the complete entry ]] Vulnerability
2020-09-14 12:16:13 Vulnerability Spotlight: Memory corruption in Google PDFium (lien direct) Aleksandar Nikolic of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Google Chrome's PDFium feature could be exploited by an adversary to corrupt memory and potentially execute remote code. Chrome is a popular, free web browser available on all operating systems. PDFium allows users to open PDFs inside Chrome. We recently discovered a bug that would allow an adversary to send a malicious web page to a user, and then cause out-of-bounds memory access. In accordance with our... [[ This is only the beginning! Please visit the blog for the complete entry ]] Vulnerability
2020-09-11 12:13:39 (Déjà vu) Threat Roundup for September 4 to September 11 (lien direct) Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Sept. 4 and Sept. 11. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat
2020-09-10 11:00:01 Threat Source newsletter for Sept. 10, 2020 (lien direct)   Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers.  In our continued research on election security, we have a new video roundtable discussion up on our YouTube page. In this Q&A-style format, I ask our researchers questions about the work they've done researching disinformation (aka “fake news”) and how to combat the spread of it.  Microsoft Patch Tuesday was also this week. For our recap of all 120-something vulnerabilities Microsoft discovered, click... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat
2020-09-09 07:30:00 Roundtable video: Disinformation and election security (lien direct) By Jon Munshaw. In our continued coverage of election security, we decided to sit down with four Talos and Cisco researchers to discuss disinformation. As we outlined in our recent research paper, disinformation is one of the cornerstones of threat actors' efforts to disrupt the American election process. In this video, we dive even deeper to discuss things like how legitimate websites can fall victim to disinformation campaigns and what can be done to stop the spread of fake news. You can... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat
2020-09-09 05:53:35 Vulnerability Spotlight: Privilege escalation in Windows 10 CLFS driver (lien direct) Marcin “Icewall” Noga of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered a privilege escalation vulnerability in the Windows 10 Common Log File System. CLFS is a general-purpose logging service that can be used by software clients running in user-mode or kernel-mode. A malformed CLFS log file could cause a pool overflow, and an adversary could gain the ability to execute code on the victim machine. A regular user needs to open the log file to... [[ This is only the beginning! Please visit the blog for the complete entry ]] Vulnerability
2020-09-08 13:27:21 (Déjà vu) Microsoft Patch Tuesday for Sept. 2020 - Snort rules and prominent vulnerabilities (lien direct) By Jon Munshaw.  Microsoft released its monthly security update Tuesday, disclosing more than 120 vulnerabilities across its array of products.  Twenty-three of the vulnerabilities are considered “critical" while the vast remainder are ranked as “important.” Users of all Microsoft and Windows products are urged to update their software as soon as possible to avoid possible exploitation of all these bugs. The security updates cover several different products including the Microsoft... [[ This is only the beginning! Please visit the blog for the complete entry ]]
2020-09-04 15:17:17 (Déjà vu) Threat Roundup for August 28 to September 4 (lien direct) Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Aug. 28 and Sept. 4. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat
2020-09-03 11:00:09 Threat Source newsletter for Sept. 3, 2020 (lien direct)  Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers.  We recently uncovered a series of email campaigns utilizing links to malicious documents hosted on legitimate file-sharing platforms to spread malware. The campaigns distributed various malware payloads including Gozi ISFB, ZLoader, SmokeLoader and AveMaria, among others. Check out our complete details of the threat and our protections here.  We are also excited to show off our fancy new Talos Email Status... [[ This is only the beginning! Please visit the blog for the complete entry ]] Malware Threat
2020-09-03 08:06:35 Salfram: Robbing the place without removing your name tag (lien direct) By Holger Unterbrink and Edmund Brumaghin.  Threat summary Cisco Talos recently uncovered a series of email campaigns utilizing links to malicious documents hosted on legitimate file-sharing platforms to spread malware.The campaigns distributed various malware payloads including Gozi ISFB, ZLoader, SmokeLoader and AveMaria, among others.Ongoing campaigns are distributing various malware families using the same crypter. While effective, this crypting mechanism contains an easy-to-detect... [[ This is only the beginning! Please visit the blog for the complete entry ]] Malware
2020-09-02 04:00:03 Better email classification, courtesy of you (lien direct) Cisco customers with Email Security Appliances (ESA) or Cloud Email Security (CES) accounts already know the benefits of Cisco's email filtering. Every day, millions of malicious emails are automatically sent to the trash bin. Cisco encourages customers to participate in honing those filters by submitting incorrectly classified email through the Cisco Security email plug-in or by direct email. Introducing the Email Status Portal for TalosIntelligence.com  The new Cisco Talos Email... [[ This is only the beginning! Please visit the blog for the complete entry ]]
2020-09-01 11:58:42 Beers with Talos ep. #91: Get the FUD out (lien direct) Beers with Talos (BWT) Podcast episode No. 91 is now available. Download this episode and subscribe to Beers with Talos:Apple Podcasts Google PodcastsSpotify   StitcherIf iTunes and Google Play aren't your thing, click here. By Mitch Neff. Recorded Aug. 14, 2020 Let's talk about FUD. It's not enough to just say FUD sucks. Let's talk about exactly how and why producers of FUD are garbage nightmare monster people. We also cover how they are actually damaging... [[ This is only the beginning! Please visit the blog for the complete entry ]]
2020-09-01 11:49:37 Vulnerability Spotlight: Code execution, memory corruption vulnerabilities in Accusoft ImageGear (lien direct)  Emmanuel Tacheau of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered two vulnerabilities in Accusoft ImageGear. The ImageGear library is a document-imaging developer toolkit to assist users with image conversion, creation, editing and more. There are vulnerabilities in certain functions of ImageGear that could allow an attacker to execute code on the victim machine or corrupt the memory of the application. In accordance with our... [[ This is only the beginning! Please visit the blog for the complete entry ]] Vulnerability
2020-09-01 08:00:07 Quarterly Report: Incident Response trends in Summer 2020 (lien direct) By David Liebenberg and Caitlin Huey. For the fifth quarter in a row, Cisco Talos Incident Response (CTIR) observed ransomware dominating the threat landscape. Infections involved a wide variety of malware families including Ryuk, Maze, LockBit, and Netwalker, among others.  In a continuation of trends observed in last quarter's report, these ransomware attacks have relied much less on commodity trojans such as Emotet and Trickbot. Interestingly, 66 percent of all ransomware attacks this... [[ This is only the beginning! Please visit the blog for the complete entry ]] Ransomware Malware Threat
2020-08-31 07:08:04 Vulnerability Spotlight: Multiple SQL, code injection vulnerabilities in OpenSIS (lien direct) Yuri Kramarz and Yves Younan discovered these vulnerabilities. Blog by Jon Munshaw Cisco Talos researchers recently discovered multiple vulnerabilities in the OpenSIS software family. OpenSIS is a student information management system for K-12 students. It is available in commercial and open-source versions and allows schools to create schedules and track attendance, grades and transcripts. An adversary could take advantage of these bugs to carry out a range of malicious activities, including... [[ This is only the beginning! Please visit the blog for the complete entry ]] Vulnerability
2020-08-27 12:44:52 (Déjà vu) Threat Roundup for August 21 to August 27 (lien direct) Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Aug. 21 and Aug. 27. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat
2020-08-27 11:00:08 Threat Source newsletter for Aug. 27, 2020 (lien direct) Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers.  As part of our continued look at election security ahead of the November election, we have another research paper out this week. This time, we're taking a closer look at disinformation campaigns, popularly known as “fake news.” This paper builds on the first “What to expect when you're electing” report by focusing on the infrastructure supporting these complex campaigns.  On the vulnerability side of things, we also... [[ This is only the beginning! Please visit the blog for the complete entry ]] Vulnerability Threat
2020-08-26 06:11:59 What to expect when you\'re electing: The building blocks of disinformation campaigns (lien direct) By Nick Biasini, Kendall McKay and Matt Valites. As Cisco Talos discovered during our four-year investigation into election security, securing elections is an extremely difficult, complex task. In the first paper in our election series, “What to expect when you're electing,” Talos outlined how the key geopolitical objective of our adversaries is to weaken the faith the world has in Western-style democracy. One component of these objectives is disinformation.  While disinformation... [[ This is only the beginning! Please visit the blog for the complete entry ]]
2020-08-24 12:28:24 Vulnerability Spotlight: Remote code execution, privilege escalation bugs in Microsoft Azure Sphere (lien direct) Claudio Bozzato, Lilith >_> and Dave McDaniel of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos researchers recently discovered multiple vulnerabilities in Microsoft's Azure Sphere, a cloud-connected and custom SoC platform designed specifically with IoT application security in mind. Internally, the SoC is made up of a set of several ARM cores that have different roles (e.g. running different types of applications, enforcing security, and managing... [[ This is only the beginning! Please visit the blog for the complete entry ]] Vulnerability
2020-08-24 07:44:17 Vulnerability Spotlight: Use-after-free vulnerability in Google Chrome WebGL could lead to code execution (lien direct) Marcin Towalski of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. The Google Chrome web browser contains a use-after-free vulnerability in its WebGL component that could allow a user to execute arbitrary code in the context of the browser process. This vulnerability specifically exists in ANGLE, a compatibility layer between OpenGL and Direct3D that Chrome uses on Windows systems. An adversary could manipulate the memory layout of the browser in a way that they could gain... [[ This is only the beginning! Please visit the blog for the complete entry ]] Vulnerability
2020-08-20 12:18:29 Vulnerability Spotlight: Internet Systems Consortium BIND server DoS (lien direct) Emanuel Almeida of Cisco Systems discovered this vulnerability. Blog by Jon Munshaw. The Internet Systems Consortium's BIND server contains a denial-of-service vulnerability that exists when processing TCP traffic through the libuv library. An attacker can exploit this vulnerability by flooding the TCP port and forcing the service to terminate. The BIND nameserver is considered the reference implementation of the Domain Name System of the internet. It is capable of being an authoritative name... [[ This is only the beginning! Please visit the blog for the complete entry ]] Vulnerability
2020-08-20 11:00:03 Threat Source newsletter for Aug. 20, 2020 (lien direct)  Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers.  Hactivism always seems to cool and noble in the movies. Video games and TV shows have no shortage of their “hacker heroes,” too. But what are the real-world consequences of users who release sensitive information or carry out data breaches in the name of their idea of good?  That's what the newest Beers with Talos episode is all about. The crew also digs deeper into the ethical considerations of hacktivism,... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat
2020-08-17 12:13:57 Beers with Talos Ep. #90: Hacktivism – Understanding the real-world consequences (lien direct) Beers with Talos (BWT) Podcast episode No. 90 is now available. Download this episode and subscribe to Beers with Talos:Apple Podcasts Google PodcastsSpotify   StitcherIf iTunes and Google Play aren't your thing, click here. By Mitch Neff. Recorded July 31, 2020 This week in BWT land, we're discussing hacktivism - from the unintended consequences to the tropes perpetuated by Hollywood. Regardless of the reason or cause, hacktivism often wields DDoS and web defacement... [[ This is only the beginning! Please visit the blog for the complete entry ]]
2020-08-14 13:14:03 (Déjà vu) Threat Roundup for August 7 to August 14 (lien direct) Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Aug. 7 and Aug. 14. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat
2020-08-13 11:46:42 Threat Source newsletter for Aug. 13, 2020 (lien direct) Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers.  It's really tough to attribute cyber attacks. We know it. You know it. But why is that, exactly? And why do we want to attribute attacks so badly anyway? In our latest blog post, we look at why attribution is challenging, and what pitfalls private researchers and government agencies alike face.   If you haven't already, you need to update your Microsoft products. Patch Tuesday was this week, and with it came... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat
Last update at: 2024-05-20 02:08:10
See our sources.
My email:

To see everything: Our RSS (filtrered) Twitter