What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-07-29 12:00:00 | Threat Source newsletter (July 29, 2021) (lien direct) | Newsletter compiled by Jon Munshaw.Good afternoon, Talos readers.
Thanks to everyone who joined us live yesterday for our talk on business email compromise. If you missed us live, the recording is up on our YouTube page now. Nick Biasini from Talos Outreach provided some great advice on...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
|||
|
2021-07-29 10:05:54 | Threat Spotlight: Solarmarker (lien direct) | By Andrew Windsor, with contributions from Chris Neal.
Executive summaryCisco Talos has observed new activity from Solarmarker, a highly modular .NET-based information stealer and keylogger.A previous staging module, "d.m," used with this malware has been replaced by a new module dubbed...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
Malware | ||
|
2021-07-27 09:04:31 | (Déjà vu) Vulnerability Spotlight: Use-after-free vulnerabilities in Foxit PDF Reader (lien direct) | Aleksandar Nikolic of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.
Cisco Talos recently discovered multiple use-after-free vulnerabilities in the Foxit PDF Reader.
Foxit PDF Reader is one of the most popular PDF document readers currently available. As a...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
|||
|
2021-07-26 07:42:46 | Vulnerability Spotlight: Unsafe deserialization vulnerabilities in CODESYS Development System (lien direct) | Patrick DeSantis discovered these vulnerabilities. Blog by Jon Munshaw.
Cisco Talos recently discovered multiple vulnerabilities in the CODESYS Development System.
The CODESYS Development System is the IEC 61131-3 programming tool for industrial control and automation technology,...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
Tool | ||
|
2021-07-23 15:03:14 | (Déjà vu) Threat Roundup for July 16 to July 23 (lien direct) | Today, Talos is publishing a glimpse into the most prevalent threats we've observed between July 16 and July 23. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
|||
|
2021-07-22 11:00:00 | Threat Source newsletter (July 22, 2021) (lien direct) | Newsletter compiled by Jon Munshaw.Good afternoon, Talos readers.
I'm compiling this Tuesday for vacation reasons, so apologies for any major stories I'm missing here.
This week's Beers with Talos podcast hits the seas again. And although we've covered sea shanties in the past, this...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
|||
|
2021-07-22 05:28:31 | Security implications of misconfigurations (lien direct) | By Jaeson Schultz.
When defenders regularly monitor their organization's Domain Name System (DNS) queries, they can often snuff out potential attacks before they happen. At the very least, it's important to identify and fix configuration mistakes that could lead to...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
Guideline | ||
|
2021-07-20 12:10:20 | Beers with Talos, Ep. #107: Sailing the high seas in search of privateer groups (lien direct) | Beers with Talos (BWT) Podcast episode No. 107 is now available. Download this episode and subscribe to Beers with Talos:
Apple Podcasts Google PodcastsSpotify StitcherIf iTunes and Google Play aren't your thing, click here.
You're not going to believe this, but everyone...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
★★ | ||
|
2021-07-16 10:07:46 | (Déjà vu) Threat Roundup for July 9 to July 16 (lien direct) | Today, Talos is publishing a glimpse into the most prevalent threats we've observed between July 9 and July 16. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
|||
|
2021-07-16 07:14:51 | Talos Takes Ep: #61: SideCopy sounds so familiar, but I just can\'t put my finger on it... (lien direct) | By Jon Munshaw.
The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page.
Asheer Malhotra of Talos Outreach has spent the past few months tracking APTs all along the same line. APT 36, aka...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
APT 36 | ★★ | |
|
2021-07-15 12:58:23 | Vulnerability Spotlight: Multiple vulnerabilities in D-LINK DIR-3040 (lien direct) | Dave McDaniel discovered these vulnerabilities. Blog by Jon Munshaw.
Cisco Talos recently discovered multiple vulnerabilities in the D-LINK DIR-3040 wireless router.
The DIR-3040 is an AC3000-based wireless internet router. These vulnerabilities could allow an attacker to carry out a...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
|||
|
2021-07-15 11:00:00 | Threat Source newsletter (July 15, 2021) (lien direct) | Newsletter compiled by Jon Munshaw.Good afternoon, Talos readers.
The value of cryptocurrency is all over the place. Elon Musk's tweets can send Dogecoin rising and falling. And Monero, the most popular currency for cryptominers, has gone all over the place this year. So does that have...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
|||
|
2021-07-15 07:28:34 | Vulnerability Spotlight: Multiple vulnerabilities in Advantech R-SeeNet (lien direct) | The Talos vulnerability research team discovered these vulnerabilities. Blog by Jon Munshaw.
Cisco Talos recently discovered multiple vulnerabilities in the Advantech R-SeeNet monitoring software.
R-SeeNet is the software system used for monitoring Advantech routers. It continuously...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
Vulnerability | ||
|
2021-07-14 05:20:53 | Following the Money: Comparing cryptocurrency value to illicit mining activity (lien direct) | By Nick Biasini
In the age of meme stocks, Robinhood and Elon Musk's tweets influencing the global economy, cryptocurrency mining has not seemed as fringe as it once did. Mining has been around as long as these crytocurrencies have, but only really started to gather the attention of criminals in...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
|||
|
2021-07-13 11:09:43 | (Déjà vu) Microsoft Patch Tuesday for July 2021 - Snort rules and prominent vulnerabilities (lien direct) | By Jon Munshaw, with contributions from Jaeson Schultz.
Microsoft released its monthly security update Tuesday, disclosing 117 vulnerabilities across its suite of products, by far the most in a month this year. Today's Patch Tuesday includes three vulnerabilities that Microsoft states are...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
|||
|
2021-07-09 11:51:35 | (Déjà vu) Threat Roundup for July 2 to July 9 (lien direct) | Today, Talos is publishing a glimpse into the most prevalent threats we've observed between July 2 and July 9. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
|||
|
2021-07-09 06:55:55 | Talos Takes Ep. #60: Everything you need to know about the Kaseya situation (lien direct) | By Jon Munshaw.
The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page.
In this special "XL edition" of Talos Takes, we're bringing you the audio version of our live stream this week...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
|||
|
2021-07-08 13:25:03 | PrintNightmare: Here\'s what you need to know and Talos\' coverage (lien direct) | Over the past several weeks, there's been a lot of discussion about a particular privilege escalation vulnerability in Windows affecting the print spooler, dubbed PrintNightmare. The vulnerability (CVE-2021-1675/CVE-2021-34527) has now been patched multiple times but is believed to still be...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
Vulnerability | ||
|
2021-07-08 11:00:00 | Threat Source newsletter (July 8, 2021) (lien direct) | Newsletter compiled by Jon Munshaw.Good afternoon, Talos readers.
Just like everyone else in the security world, our week's been dominated by the Kaseya supply chain attack. We went live on pretty much every social media platform we could think of yesterday to update everyone on the...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
|||
|
2021-07-07 13:42:13 | Vulnerability Spotlight: Information disclosure, privilege escalation vulnerabilities in IOBit Advanced SystemCare Ultimate (lien direct) | Cory Duplantis of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.
Cisco Talos recently discovered multiple vulnerabilities in IOBit Advanced SystemCare Ultimate.
IOBit Advanced SystemCare Ultimate is a system optimizer that promises to remove unwanted files and...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
|||
|
2021-07-07 05:01:04 | InSideCopy: How this APT continues to evolve its arsenal (lien direct) | By Asheer Malhotra and Justin Thattil.
Cisco Talos is tracking an increase in SideCopy's activities targeting government personnel in India using themes and tactics similar to APT36 (aka Mythic Leopard and Transparent Tribe).SideCopy is an APT group that mimics the Sidewinder APT's infection...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
APT 36 APT-C-17 | ||
|
2021-07-02 19:11:10 | REvil ransomware actors attack Kaseya in supply chain attack (lien direct) | Attackers are actively exploiting the Kaseya VSA endpoint monitoring software to conduct a widespread supply chain attack targeting a number of Managed Service Providers (MSPs), according to multiple reports. Organizations usually use Kaseya VSA to perform centralized orchestration of systems in...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
Ransomware | ||
|
2021-07-02 11:59:04 | (Déjà vu) Threat Roundup for June 25 to July 2 (lien direct) | Today, Talos is publishing a glimpse into the most prevalent threats we've observed between June 25 and July 2. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
|||
|
2021-07-02 07:04:52 | Talos Takes Ep. #59: How to secure the devices that secure your home network (lien direct) | By Jon Munshaw.
As consumers start having more “smart” devices connected to their home network, they may want an easy solution to keeping those devices safe. But what if that device gets owned?
Carl Hurd of our vulnerability research team recently discovered several vulnerabilities in Trend Micro's...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
Vulnerability | ||
|
2021-07-01 10:56:01 | (Déjà vu) Threat Source newsletter (July 1, 2021) (lien direct) |
Newsletter compiled by Jon Munshaw.Good afternoon, Talos readers.
Even though spam emails asking for gift cards may seem like the oldest trick in the book, they're still effective in 2021. The FBI estimates that business email compromise cost victims around $1.8 billion in 2020,...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
Spam | ||
|
2021-06-28 08:05:00 | Vulnerability Spotlight: Memory corruption vulnerability in PowerISO\'s DMG handler (lien direct) | Piotr Bania of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.
Cisco Talos recently discovered a memory corruption vulnerability in PowerISO's handler that deals with DMG files.
PowerISO is a CD/DVD/BD image file processing tool, which allows users to open, extract,...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
Vulnerability | ||
|
2021-06-25 15:40:57 | (Déjà vu) Threat Roundup for June 18 to June 25 (lien direct) | Today, Talos is publishing a glimpse into the most prevalent threats we've observed between June 18 and June 25. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
|||
|
2021-06-25 07:37:52 | Talos Takes Ep. #58: How to approach the partnerships it will take to defend critical infrastructure (lien direct) | By Jon Munshaw.
With major cyber attacks in recent years against major U.S. critical infrastructure suppliers like Norsk Hydro and Colonial Pipeline, we're in a new world of CI cybersecurity. New threats require new approaches to defense. And in the U.S., this is likely going to include...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
|||
|
2021-06-24 12:38:34 | (Déjà vu) Beers with Talos, Ep. #106: Is more than executive action in order? (lien direct) | Beers with Talos (BWT) Podcast episode No. 106 is now available. Download this episode and subscribe to Beers with Talos:
Apple Podcasts Google PodcastsSpotify StitcherIf iTunes and Google Play aren't your thing, click here.
By Mitch Neff.
Recorded May 20, 2021.
Craig wins...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
|||
|
2021-06-24 11:00:00 | Threat Source newsletter (June 24, 2021) (lien direct) |
Newsletter compiled by Jon Munshaw.Good afternoon, Talos readers.
Even though spam emails asking for gift cards may seem like the oldest trick in the book, they're still effective in 2021. The FBI estimates that business email compromise cost victims around $1.8 billion in 2020,...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
Spam | ||
|
2021-06-22 04:56:28 | Attackers in Executive Clothing - BEC continues to separate orgs from their money (lien direct) | By Nick Biasini.
In today's world of threat research, the focus tends to be on the overtly malicious practice of distributing and installing malware on end systems. But this is far from the complete picture of what threats organizations face. One of the most, if not the most, costly is something...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
Malware Threat | ||
|
2021-06-17 14:45:51 | (Déjà vu) Threat Roundup for June 11 to June 17 (lien direct) | Today, Talos is publishing a glimpse into the most prevalent threats we've observed between June 11 and June 17. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
|||
|
2021-06-17 11:00:00 | Threat Source newsletter (June 17, 2021) (lien direct) | Newsletter compiled by Jon Munshaw.Good afternoon, Talos readers.
Although the Colonial Pipeline attack is largely behind us now, its potential repercussions are not. This was just the latest in a string of attacks against American critical infrastructure over the past few years, and we...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
|||
|
2021-06-16 12:51:51 | Vulnerability Spotlight: EIP Stack Group OpENer information disclosure vulnerability (lien direct) | Martin Zeiser of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.
Cisco Talos recently discovered an exploitable information disclosure vulnerability in EIP Stack Group OpENer's Ethernet/IP UDP handler.
OpENer is an Ethernet/IP stack for I/O adapter devices that...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
Vulnerability | ||
|
2021-06-15 05:00:00 | What\'s past is prologue – A new world of critical infrastructure security (lien direct) | By Caitlin Huey, Joe Marshall and Thomas Pope.
Attackers have targeted American critical infrastructure several times over the past few years, putting at risk U.S. electrical grids, oil pipelines and water supply systems. However, we collectively have not responded in a meaningful way to these...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
|||
|
2021-06-11 11:12:37 | (Déjà vu) Threat Roundup for June 4 to June 11 (lien direct) | Today, Talos is publishing a glimpse into the most prevalent threats we've observed between June 4 and June 11. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
|||
|
2021-06-11 06:16:01 | Talos Takes Ep. #56: The first security steps you should take when you return to the office (lien direct) | By Jon Munshaw.
The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page.
We started out the COVID-19 pandemic by thinking we'd be away from the office for a month - maybe two. More than 12...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
|||
|
2021-06-10 11:00:00 | Threat Source newsletter (June 10, 2021) (lien direct) | Newsletter compiled by Jon Munshaw.Good afternoon, Talos readers.
We seriously can't escape from ransomware. It's in the headlines constantly and has now drawn the full attention of the federal government. But we at Talos recognize that is going to take far more than just words to...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
★★★★★ | ||
|
2021-06-10 05:00:00 | Quarterly Report: Incident Response trends from Spring 2021 (lien direct) | By David Liebenberg and Caitlin Huey.
While the security community made a great effort to warn users of the exploitation of several Microsoft Exchange Server zero-day vulnerabilities, it was still the biggest threat Cisco Talos Incident Response (CTIR) saw this past quarter. These...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
Threat | ||
|
2021-06-08 13:19:32 | Vulnerability Spotlight: Code execution vulnerability in Google Web Audio API (lien direct) | Piotr Bania of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.
Cisco Talos recently discovered two use-after-free vulnerabilities in Google's Web Audio API that an adversary could exploit to execute remote code on the victim machine. Web Audio API is a high-level JavaScript API...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
Vulnerability | ||
|
2021-06-08 10:43:20 | (Déjà vu) Microsoft Patch Tuesday for June 2021 - Snort rules and prominent vulnerabilities (lien direct) | By Jon Munshaw, with contributions from Edmund Brumaghin.
Microsoft released its monthly security update Tuesday, disclosing 51 vulnerabilities across its suite of products, breaking last month's 16-month record of the fewest vulnerabilities disclosed in a month by the company.
There...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
|||
|
2021-06-07 05:02:43 | Intelligence-driven disruption of ransomware campaigns (lien direct) | By Neil Jenkins and Matthew Olney.
Note: Our guest co-author, Neil Jenkins, is the Chief Analytic Officer at the Cyber Threat Alliance. He leads the CTA's analytic efforts, focusing on the development of threat profiles, adversary playbooks and other analysis using the threat intelligence in the...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
Ransomware Threat Guideline | ||
|
2021-06-04 11:11:38 | (Déjà vu) Threat Roundup for May 28 to June 4 (lien direct) | Today, Talos is publishing a glimpse into the most prevalent threats we've observed between May 28 and June 4. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
|||
|
2021-06-03 11:00:00 | Threat Source newsletter (June 3, 2021) (lien direct) | Newsletter compiled by Jon Munshaw.Good afternoon, Talos readers.
If you didn't catch us live yesterday, we've uploaded the full version of our stream on Discord and Slack malware to our YouTube page. Chris Neal from Talos Outreach walked through his recent research into these campaigns...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
Malware | ||
|
2021-06-03 05:00:05 | Necro Python bot adds new exploits and Tezos mining to its bag of tricks (lien direct) | By Vanja Svajcer, with contributions from Caitlin Huey and Kendall McKay.
News summarySome malware families stay static in terms of their functionality. But a newly discovered malware campaign utilizing the Necro Python bot shows this actor is adding new functionality and improving its chances of...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
Malware | ||
|
2021-06-02 14:19:39 | (Déjà vu) Vulnerability Spotlight: Use-after-free vulnerability in WebKit (lien direct) | Marcin Towalski of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.
The WebKit browser engine contains a use-after-free vulnerability in its GraphicsContext function. A malicious web page code could trigger a use-after-free error, which could lead to can lead to a potential...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
Vulnerability Guideline | ||
|
2021-06-02 06:13:05 | Vulnerability Spotlight: A deep dive into macOS SMB server (lien direct) | By Aleksandar Nikolich.Executive summary
Cisco Talos recently discovered multiple vulnerabilities in macOS's implementation of SMB server. An adversary could exploit these vulnerabilities to carry out a variety of malicious actions, including revealing sensitive information on the server, bypassing...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
|||
|
2021-06-01 10:26:23 | Vulnerability Spotlight: Multiple vulnerabilities in Accusoft ImageGear (lien direct) | Emmanuel Tacheau of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.
Cisco Talos recently discovered multiple vulnerabilities in Accusoft ImageGear.
The ImageGear library is a document-imaging developer toolkit that allows users to create, edit, annotate and convert various...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
|||
|
2021-05-28 09:32:38 | (Déjà vu) Threat Roundup for May 21 to May 28 (lien direct) | Today, Talos is publishing a glimpse into the most prevalent threats we've observed between May 21 and May 28. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
|||
|
2021-05-28 07:30:24 | Talos Takes Ep. #55: How Transparent Tribe could evolve in the future (lien direct) | By Jon Munshaw.
The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page.
We recently covered how the Transparent Tribe APT added another RAT to its arsenal. Where might they go from here? In...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
APT 36 |
To see everything:
Our RSS (filtrered)
