SEC News

What's new arround internet

Last one

Src	Date (GMT)	Titre	Description	Tags	Stories	Notes
	2021-04-01 11:00:00	Threat Source Newsletter (April 1, 2021) (lien direct)	Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. We hope you're enjoying Cisco Live this week and only reading this after you've caught up on your sessions for the day. No April Fool's jokes here (thankfully) - we are just excited to tell you that applications... [[ This is only the beginning! Please visit the blog for the complete entry ]]
	2021-04-01 05:36:22	Vulnerability Spotlight: Out-of-bounds write vulnerabilities in Accusoft ImageGear (lien direct)	Emmanuel Tacheau of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered multiple out-of-bounds write vulnerabilities in Accusoft ImageGear that an adversary could exploit to corrupt memory on the targeted machine. The ImageGear library is a... [[ This is only the beginning! Please visit the blog for the complete entry ]]
	2021-03-31 06:29:41	Cheating the cheater: How adversaries are using backdoored video game cheat engines and modding tools (lien direct)	By Nick Lister and Holger Unterbrink, with contributions from Vanja Svajcer. News summary Cisco Talos recently discovered a new campaign targeting video game players and other PC modders.Talos detected a new cryptor used in several different malware campaigns hidden in seemingly legitimate files... [[ This is only the beginning! Please visit the blog for the complete entry ]]	Malware
	2021-03-18 11:00:10	Threat Source newsletter (March 18, 2021) (lien direct)	Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. Start spreading the word now, the Snort scholarship is back for 2021! This year, we're giving away two $10,000 awards to two college students who are studying cybersecurity or another IT-related field. Applications open on April 1, but we want everyone to start getting their applications together now. Upcoming public engagements with Talos Title: Cisco Live 2021Date: March 30 – April... [[ This is only the beginning! Please visit the blog for the complete entry ]]
	2021-03-12 07:19:55	Talos Takes Ep. #44: A roundtable discussion on SolarWinds (lien direct)	The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. Welcome to the first-ever XL edition of Talos Takes. This one is a little longer than usual, but we promise you it's worth it. We recently brought together researchers from all corners of Talos to talk about what we know about SolarWinds so far, and what's still to be discovered. Our various teams have spent the past several... [[ This is only the beginning! Please visit the blog for the complete entry ]]
	2021-03-11 11:00:00	Threat Source newsletter (March 11, 2021) - Featuring new SolarWinds roundtable (lien direct)	Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. We have a special edition of the Threat Source newsletter to bring you this week, because we're premiering a new video for you right now! Below, you'll find a full roundtable we put together discussing the SolarWinds supply chain attack. We brought together Talos researchers from several parts of our organization, including incident responders, global threat intelligence researchers and our Outreach team. We... [[ This is only the beginning! Please visit the blog for the complete entry ]]	Threat
	2021-03-10 07:14:49	Vulnerability Spotlight: Use-after-free vulnerability in 3MF Consortium lib3mf (lien direct)	Lilith >_> of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. 3MF Consortium's lib3mf library is vulnerable to a use-after-free vulnerability that could allow an adversary to execute remote code on the victim machine. The lib3mf library is an open-source implementation of the 3MF file format and standard, mainly used for 3D-printing. An attacker could send a target a specially crafted file to create a use-after-free condition. The 3MF standard has been adopted in a... [[ This is only the beginning! Please visit the blog for the complete entry ]]	Vulnerability
	2021-03-09 16:52:02	Hafnium Update: Continued Microsoft Exchange Server Exploitation (lien direct)	It's been a week since Microsoft first disclosed several zero-day vulnerabilities in Exchange Server - and the scope has only grown since then. In its disclosure, Microsoft stated that a new threat actor known as Hafnium was exploiting these vulnerabilities to steal emails. Since Microsoft's initial disclosure, Cisco Talos has seen shifts in the tactics, techniques, and procedures (TTPs) associated with this activity. The majority of the activity continues to follow the guidance that was... [[ This is only the beginning! Please visit the blog for the complete entry ]]	Threat
	2021-03-09 10:20:37	(Déjà vu) Microsoft Patch Tuesday for March 2021 - Snort rules and prominent vulnerabilities (lien direct)	By Jon Munshaw, with contributions from Nick Biasini. Microsoft released its monthly security update Tuesday, disclosing 89 vulnerabilities across its suite of products, the most in any month so far this year. There are 14 critical vulnerabilities as part of this release and one considered of “low” severity. The remainder are all “important.” Three of the critical vulnerabilities are the ones Microsoft disclosed last week in Exchange Server that the company said state-sponsored... [[ This is only the beginning! Please visit the blog for the complete entry ]]
	2021-03-08 09:00:31	Domain dumpster diving (lien direct)	By Jaeson Schultz. Dumpster diving - searching through the trash looking for items of value - has long been a staple of hacking culture. In the 1995 movie "Hackers," Acid Burn and Crash Override are seen dumpster diving for information they can use to help them "hack the Gibson." Of course, not all trash is physical garbage located in a dumpster behind an office building. Some trash is virtual. Just like real physical clues that can be found inside a dumpster, some pieces of digital garbage... [[ This is only the beginning! Please visit the blog for the complete entry ]]
	2021-03-05 06:33:03	Talos Takes Ep. #43: What you should know about the Microsoft Exchange Server zero-days (lien direct)	The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. We put this episode together quickly this week to address the zero-day vulnerabilities Microsoft disclosed earlier this week in Exchange Server. The company says a state-sponsored APT was exploiting these vulnerabilities in the wild to steal emails. We cover this incident in quick detail, covering what you should know, what... [[ This is only the beginning! Please visit the blog for the complete entry ]]			★★★★
	2021-03-04 11:00:00	Threat Source newsletter (March 4, 2021) (lien direct)	Newsletter compiled by Jon Munshaw. Of course, we will start things off talking about the Microsoft Exchange Server zero-day vulnerabilities disclosed earlier this week. Microsoft said in a statement that a threat actor is exploiting these vulnerabilities in the wild to steal users' emails, understandably causing a lot of panic in the security community. Thankfully, patches are already available for the product, so updated asap. We also have a ton of coverage across Cisco Secure products... [[ This is only the beginning! Please visit the blog for the complete entry ]]	Threat
	2021-03-04 08:06:10	Threat Advisory: HAFNIUM and Microsoft Exchange zero-day (lien direct)	Microsoft released patches for four vulnerabilities in Exchange Server on March 2, disclosing that these vulnerabilities were being exploited by a previously unknown threat actor, referred to as HAFNIUM. The vulnerabilities in question - CVE-2021-26855, CVE-2021-26857, CVE-2021-26858 and CVE-2021-27065 - affect Microsoft Exchange Server 2019, 2016, 2013 and the out-of-support Microsoft Exchange Server 2010. The patches for these vulnerabilities should be applied as soon as possible. Microsoft... [[ This is only the beginning! Please visit the blog for the complete entry ]]	Threat
	2021-03-03 06:59:15	(Déjà vu) Vulnerability Spotlight: Remote code execution vulnerability in WebKit WebAudio API (lien direct)	Marcin “Icewall” Noga of Cisco Talos discovered these vulnerabilities. Blog by Jon MunshawExecutive summary The WebKit browser engine contains a remote code execution vulnerability in its WebAudio API interface. A malicious web page code could trigger a use-after-free error, which could lead to arbitrary code execution. An attacker could exploit this vulnerability by tricking the user into visiting a specially crafted, malicious web page and performing a guest-to-host escape through Hyper-V... [[ This is only the beginning! Please visit the blog for the complete entry ]]	Vulnerability Guideline
	2021-03-03 06:50:51	Vulnerability Spotlight: Password reset vulnerability in Epignosis eFront (lien direct)	A Cisco Talos researcher discovered this vulnerability. Blog by Jon Munshaw. Epignosis eFront contains a vulnerability that could allow an adversary to reset the password of any account of their choosing. eFront is a learning management system platform that allows users to create training courses, post courses and more. An attacker could exploit this vulnerability by predicting a password reset seed to generate the correct password reset for a one-time token. In accordance with our... [[ This is only the beginning! Please visit the blog for the complete entry ]]	Vulnerability
	2021-03-03 06:38:00	Vulnerability Spotlight: Memory corruption vulnerability in Accusoft ImageGear (lien direct)	Emmanuel Tacheau discovered this vulnerability. Blog by Jon Munshaw. Accusoft ImageGear contains a vulnerability that could allow an attacker to corrupt the software's memory, potentially allowing them to execute arbitrary code on the victim machine. The ImageGear library is a document-imaging developer toolkit that offers image conversion, creation, editing, annotation and more. It supports more than 100 formats such as DICOM, PDF, Microsoft Office and others. An adversary could send a... [[ This is only the beginning! Please visit the blog for the complete entry ]]	Vulnerability
	2021-03-02 05:49:51	ObliqueRAT returns with new campaign using hijacked websites (lien direct)	By Asheer Malhotra. Cisco Talos has observed another malware campaign that utilizes malicious Microsoft Office documents (maldocs) to spread the remote access trojan (RAT) ObliqueRAT. This campaign targets organizations in South Asia.ObliqueRAT has been linked to the Transparent Tribe APT group in the past.This campaign hides the ObliqueRAT payload in seemingly benign image files hosted on compromised websites. What's new?Cisco Talos recently discovered another new campaign distributing the... [[ This is only the beginning! Please visit the blog for the complete entry ]]	Malware	APT 36
	2021-02-26 07:57:19	Talos Takes Ep. #42: Seriously folks, save your logs (lien direct)	The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. When Pierre Cadieux steps into a Cisco Talos Incident Response engagement, the first thing he wants to do is check out the customer's logs. But if there are no logs to be found, he'll be pretty limited in the kinds of insights he can provide. This has come up several times during the SolarWinds era, when customers are wanting to know... [[ This is only the beginning! Please visit the blog for the complete entry ]]
	2021-02-25 11:00:14	Threat Source newsletter (Feb. 25, 2021) (lien direct)	Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. We all think of APTs as these wide-reaching, silent threat groups who are backed by a nation-state. But our recent research into Gamaredon shows that not all APTs are created equal. We've spotted this actor carrying out several different attacks across the globe, many of which are mainly just interested in stealing information. And what they do with that information is still up for debate. Upcoming public... [[ This is only the beginning! Please visit the blog for the complete entry ]]	Threat
	2021-02-25 08:34:33	Beers with Talos Ep. #101: Is security the career you really want? (lien direct)	Beers with Talos (BWT) Podcast episode No. 101 is now available. Download this episode and subscribe to Beers with Talos:Apple Podcasts Google PodcastsSpotify StitcherIf iTunes and Google Play aren't your thing, click here. By Mitch Neff. Recorded Jan. 22, 2020 – We get a lot of questions in Talos about HOW to get a job in security. In this episode, we take a look at figuring out IF Security is the right career choice for you - and if so, where? The industry... [[ This is only the beginning! Please visit the blog for the complete entry ]]	Guideline
	2021-02-24 10:13:34	Vulnerability Spotlight: Out-of-bounds read vulnerability in Slic3r could lead to information disclosure (lien direct)	Lilith >_> of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered an out-of-bounds read vulnerability in Slic3r's library. Slic3r is an open-source 3-D printing toolbox, mainly utilized for translating assorted 3-D printing model file types into machine code for a specific printer. The software uses libslic3er to perform most of the non-GUI-based processes such as reading various file formats, converting formats and outputting appropriate gcode... [[ This is only the beginning! Please visit the blog for the complete entry ]]	Vulnerability
	2021-02-23 04:59:42	Gamaredon - When nation states don\'t pay all the bills (lien direct)	By Warren Mercer and Vitor Ventura. Gamaredon is a threat actor, active since at least 2013, that has long been associated with pro-Russian activities in several reports throughout the years. It is extremely aggressive and is usually not associated with high-visibility campaigns, Cisco Talos sees it is incredibly active and we believe the group is on par with some of the most prolific crimeware gangs.It has been considered an APT for a long time, however, its characteristics don't match the... [[ This is only the beginning! Please visit the blog for the complete entry ]]	Threat
	2021-02-18 11:00:06	Threat Source newsletter (Feb. 18, 2021) (lien direct)	Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. Whether you want to read Talos' research or listen to it, we've got plenty of options for you this week. Beers with Talos hit its 100th episode last week. To celebrate, we brought Nigel back out of retirement to update us on the Mighty Reds and talk about SolarWinds. What's your favorite Beers with Talos moment of the past 100 episodes? Tag us on Twitter @TalosSecurity. The latest Talos Takes... [[ This is only the beginning! Please visit the blog for the complete entry ]]
	2021-02-18 07:50:03	Vulnerability Spotlight: Two vulnerabilities in Advantech WebAccess/SCADA (lien direct)	Yuri Kramarz of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered two vulnerabilities in the Advantech WebAccess/SCADA software package. An adversary could exploit each of these vulnerabilities to disclose sensitive information and elevate their privileges on the targeted system, respectively. This software package, based in HTML-5, allows users to perform data visualization and supervisory controls over internet-of-things and operational technology... [[ This is only the beginning! Please visit the blog for the complete entry ]]
	2021-02-18 07:17:02	Masslogger campaigns exfiltrates user credentials (lien direct)	By Vanja Svajcer. News summary As protection techniques develop, attackers are finding it harder to successfully attack their targets and must find creative ways to succeed. Cisco Talos recently discovered a campaign utilizing a variant of the Masslogger trojan designed to retrieve and exfiltrate user credentials from multiple sources such as Microsoft Outlook, Google Chrome and instant messengers. Apart from the initial email attachment, all the stages of the attacks are fileless and they only... [[ This is only the beginning! Please visit the blog for the complete entry ]]
	2021-02-12 07:00:04	Talos Takes Ep. #41: The tl;dr of Snort 3 (lien direct)	The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. This week's episode is for all our SNORTⓇ lovers out there. To celebrate last month's release of the Snort 3 GA, we have Nicholas Mavis on the show again to talk about working with Snort 3 and the benefits of upgrading to it. Nick, who writes Snort rules for Cisco Talos, talks about how rules are more powerful and versatile with... [[ This is only the beginning! Please visit the blog for the complete entry ]]
	2021-02-11 11:00:05	Threat Source newsletter (Feb. 11, 2021) (lien direct)	Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. We have an update on LodaRAT, a trojan we've been following for years. This threat has a new version targeting Android devices, looking to infect devices and steal user's credentials and monitor things like their phone calls and messages. Patch Tuesday was also this week, which was relatively quiet in terms of the volume of vulnerabilities. We have our full Microsoft blog post as usual, and also a Snort... [[ This is only the beginning! Please visit the blog for the complete entry ]]	Threat
	2021-02-11 07:58:44	Beers with Talos Ep. #100: The supersized centennial episode (lien direct)	Beers with Talos (BWT) Podcast episode No. 100 is now available. Download this episode and subscribe to Beers with Talos:Apple Podcasts Google PodcastsSpotify StitcherIf iTunes and Google Play aren't your thing, click here. By Mitch Neff. Recorded Jan. 8, 2020. It's hard to believe that we have made 100 episodes of BWT. It really feels like a lot more. This is a long-winded show, as we welcome back our buddy Nigel for this special milestone, complete with a Mighty... [[ This is only the beginning! Please visit the blog for the complete entry ]]
	2021-02-10 08:17:04	Kasablanka Group\'s LodaRAT improves espionage capabilities on Android and Windows (lien direct)	By Warren Mercer, Chris Neal and Vitor Ventura. The developers of LodaRAT have added Android as a targeted platform.A new iteration of LodaRAT for Windows has been identified with improved sound recording capabilities.The operators behind LodaRAT tied to a specific campaign targeting Bangladesh, although others have been seen.Kasablanca, the group behind LodaRAT, seems to be motivated by information gathering and espionage rather than direct financial gain.Threat actors attempt to evolve over... [[ This is only the beginning! Please visit the blog for the complete entry ]]			★★
	2021-02-09 11:31:07	Vulnerability Spotlight: Accusoft ImageGear vulnerabilities could lead to code execution (lien direct)	Marcin Towalski, Emmanuel Tacheau and another Cisco Talos team member discovered these vulnerabilities. Blog by Jon Munshaw. Accusoft ImageGear contains two remote code execution vulnerabilities. ImageGear is a document and imaging library from Accusoft that developers can use to build their applications. The library contains the entire document imaging lifecycle. These vulnerabilities are present in the Accusoft ImageGear library, which is a document-imaging developer toolkit. An adversary... [[ This is only the beginning! Please visit the blog for the complete entry ]]			★★★★
	2021-02-09 11:17:28	(Déjà vu) Microsoft Patch Tuesday for Feb. 2021 - Snort rules and prominent vulnerabilities (lien direct)	By Jon Munshaw, with contributions from Bill Largent. Microsoft released its monthly security update Tuesday, disclosing 56 vulnerabilities across its suite of products. This is the smallest amount of vulnerabilities Microsoft has disclosed in a month since January 2020. There are only 11 critical vulnerabilities as part of this release, while there are three moderate-severity exploits, and the remainder are considered “important.” Users of all Microsoft and Windows products are... [[ This is only the beginning! Please visit the blog for the complete entry ]]			★★★
	2021-02-08 08:39:05	(Déjà vu) Threat Roundup for January 29 to February 5 (lien direct)	Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Jan. 29 and Feb. 5. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threatsx we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is... [[ This is only the beginning! Please visit the blog for the complete entry ]]			★★★★
	2021-02-05 08:34:18	Talos Takes Ep. #40: Takeaways from interviewing a ransomware operator (lien direct)	The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. This week, we have two guests on (a Talos Takes first!) to discuss our recent research paper on the LockBit ransomware. Two of the authors, who spoke to the actor directly, join the show to talk about their major takeaways. They talk about how the operator chooses their targets and what defenders should take away from the paper.Apple... [[ This is only the beginning! Please visit the blog for the complete entry ]]	Ransomware
	2021-02-05 08:27:34	A ransomware primer (lien direct)	Ransomware defenseCyber security is continually a relevant topic for Cisco customers and other stakeholders. Ransomware is quickly becoming one of the hottest topics in the technology space as these malware families target high-leverage companies and organizations. We at Cisco are often contacted for guidance and recommendations for ways organizations can prepare for, detect and prevent ransomware attacks. Some of Cisco's vendors have also been affected by ransomware and have looked to Cisco... [[ This is only the beginning! Please visit the blog for the complete entry ]]	Ransomware Malware
	2021-02-04 11:00:06	Threat Source newsletter (Feb. 4, 2021) (lien direct)	Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. We are excited to finally share this LockBit research paper with you all after months of work. Some of our researchers spoke to a ransomware operator, which provided us insight into a threat actor's day-to-day goals and tactics. The paper includes information on how the attacker chooses its targets and why it's easier for the attacker to operate in some countries than others. Upcoming public engagements... [[ This is only the beginning! Please visit the blog for the complete entry ]]	Ransomware Threat
	2021-02-03 10:00:03	Vulnerability Spotlight: Multiple vulnerabilities in SoftMaker Office PlanMaker (lien direct)	Discovered by a Cisco Talos researcher. Blog by Jon Munshaw. SoftMaker's Office PlanMaker contains multiple vulnerabilities that could allow an adversary to cause a variety of malicious conditions in the software. SoftMaker's flagship product, SoftMaker Office, is supported on a variety of platforms and contains a handful of components that allows the user to write text documents, create spreadsheets, design presentations and more. The SoftMaker Office suite supports a variety of... [[ This is only the beginning! Please visit the blog for the complete entry ]]
	2021-02-03 06:13:04	Vulnerability Spotlight: Allen-Bradley Flex I/O vulnerable to denial of service (lien direct)	Jared Rittle of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. The Rockwell Automation Allen-Bradley Flex I/O input/output device is vulnerable to a denial-of-service vulnerability. FLEX I/O provides a wide range of input/output operations while keeping a smaller form factor. Users can communicate with the device via Ethernet/IP (ENIP) and HTTP. An attacker could send a specially crafted, malicious packet to the affected device, causing a denial of service. In accordance with... [[ This is only the beginning! Please visit the blog for the complete entry ]]
	2021-02-02 07:08:45	Interview with a LockBit ransomware operator (lien direct)	By Azim Khodjibaev, Dymtro Korzhevin and Kendall McKay. Ransomware is still highly prevalent in our current threat landscape - it's one of the top threats Cisco Talos Incident Response responds to. One such ransomware family we encounter is called LockBit, a ransomware-as-a-service (RaaS) platform that's known for its automation and the speed at which it attacks its victims. At Cisco Talos, we strive to understand the malware utilized in ransomware, the infrastructure leveraged... [[ This is only the beginning! Please visit the blog for the complete entry ]]	Ransomware Malware Threat
	2021-01-29 09:33:15	Talos Takes Ep. #39: SolarWinds\' implications for IoT and OT (lien direct)	The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. This week, we're continuing our deep dive into the SolarWinds campaign. After Nick Biasini gave us a broad overview of supply chain attacks last week, Joe Marshall joins the show today to talk about how this attack has wide-reaching consequences in the internet-of-things and operational technology spaces. For a good primer for this... [[ This is only the beginning! Please visit the blog for the complete entry ]]
	2021-01-28 11:00:05	Threat Source newsletter (Jan. 28, 2021) (lien direct)	Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. Unfortunately, I don't have any stock tips to give you to help you get rich overnight. But I do have two Vulnerability Spotlights you should read so your network can stay safer. We disclosed multiple vulnerabilities in phpGACL and Micrium uc-HTTP. There are patches available for both products and Snort rules for extra coverage. The biggest news in the security community this week is a recently disclosed that a... [[ This is only the beginning! Please visit the blog for the complete entry ]]	Vulnerability
	2021-01-27 10:27:19	Vulnerability Spotlight: Multiple vulnerabilities in phpGACL class (lien direct)	Claudio Bozzato of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered multiple vulnerabilities in the phpGACL class. One of these vulnerabilities also affects OpenEMR, a medical practice management software written in PHP. phpGACL is a PHP library that allows developers to implement permission systems via a Generic Access Control List. An adversary could exploit these vulnerabilities by sending the target machine a specially crafted, malicious... [[ This is only the beginning! Please visit the blog for the complete entry ]]			★★
	2021-01-26 11:57:16	Vulnerability Spotlight: Denial-of-service vulnerabilities in Micrium uc-HTTP\'s HTTP server (lien direct)	Kelly Leuschner of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered two vulnerabilities in Micrium uc-HTTP's HTTP server that could cause denial-of-service conditions. An attacker could trigger these vulnerabilities by targeting the user machine with specially crafted HTTP requests. The uC-HTTP server implementation is designed to be used on embedded systems running the µC/OS II or µC/OS III RTOS kernels. This HTTP server supports many features,... [[ This is only the beginning! Please visit the blog for the complete entry ]]
	2021-01-26 08:45:36	Nation State Campaign Targets Talos Researchers (lien direct)	Google's Threat Analysis Group published a blog Monday evening warning of an ongoing campaign attempting to compromise security researchers. Google TAG's blog outlines the attacker's motivations and various TTPs used in these attacks. We can confirm that multiple Cisco Talos researchers received messages that appear to be linked to this campaign. As you can see below our researchers did not engage to the point where the malicious files were provided. As security researchers it is... [[ This is only the beginning! Please visit the blog for the complete entry ]]	Threat		★★★
	2021-01-22 09:29:35	Talos Takes Ep. #37: What\'s with all this talk about supply chain attacks? (lien direct)	The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. The major SolarWinds campaign has been generating headlines for weeks now. And while its specific targets make this attack unique, this is far from the first-ever supply chain attack. So what is a supply chain attack? And should your organization be prepared for them? In this episode of Talos Takes, Nick Biasini talks about the history of... [[ This is only the beginning! Please visit the blog for the complete entry ]]
	2021-01-21 11:00:05	Threat Source newsletter (Jan. 21, 2021) (lien direct)	Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. We know it's hard to focus on anything happening outside of Washington, D.C. this week. But we would be remiss if we didn't mention the exciting news that the Snort 3 GA is officially out now! This update has been literally years in the making and is a major upgrade to Snort's performance and its level of customization. Here's our announcement post from Tuesday, and for the official downloads and even more resources,... [[ This is only the beginning! Please visit the blog for the complete entry ]]
	2021-01-19 12:26:23	Vulnerability Spotlight: Multiple vulnerabilities in PrusaSlicer (lien direct)	Lilith >_> of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered two out-of-bounds write vulnerabilities in Prusa Research's PrusaSlicer. Prusa Slicer is an open-source 3-D printer slicing program forked off Slic3r that can convert various 3-D model file formats and can output corresponding 3-D printer-readable Gcode. Two functions in the software could be exploited with specially crafted OBJ and AMF files to cause an out-of-bounds write... [[ This is only the beginning! Please visit the blog for the complete entry ]]
	2021-01-18 11:20:13	Beers with Talos Ep. #99: P@ssw0rds and closing out 2020 (lien direct)	Beers with Talos (BWT) Podcast episode No. 99 is now available. Download this episode and subscribe to Beers with Talos:Apple Podcasts Google PodcastsSpotify StitcherIf iTunes and Google Play aren't your thing, click here. By Mitch Neff. Recorded late November 2020. We recorded this episode toward the end of 2020 and since then, it's lived a quiet, but meaningful life in the production queue patiently waiting its turn to get released. In this episode, we dig... [[ This is only the beginning! Please visit the blog for the complete entry ]]
	2021-01-14 11:00:03	Threat Source newsletter (Jan. 14, 2021) (lien direct)	Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. Microsoft released its monthly security update this week, disclosing 83 vulnerabilities across its suite of products to kickoff 2021. Our blog post has the most important vulnerabilities you need to know about, along with our released Snort rules to keep your network protected. TalosIntelligence.com users will also want to check out the list of our new Content and Threat Categories that will provide you with... [[ This is only the beginning! Please visit the blog for the complete entry ]]	Threat
	2021-01-12 10:49:30	(Déjà vu) Microsoft Patch Tuesday for Jan. 2021 - Snort rules and prominent vulnerabilities (lien direct)	By Jon Munshaw, with contributions from Asheer Malhotra. Microsoft released its monthly security update Tuesday, disclosing 83 vulnerabilities across its suite of products to kick-off 2021. There are only 10 critical vulnerabilities as part of this release, while there are two moderate-severity exploits, and the remainder is considered “important.” Users of all Microsoft and Windows products are urged to update their software as soon as possible to avoid possible exploitation of all... [[ This is only the beginning! Please visit the blog for the complete entry ]]
	2021-01-11 08:08:49	Changes to Cisco Talos\' Content and Threat Category lists (lien direct)	Cisco Talos is happy to announce the upcoming changes to our Content and Threat Category lists. Our goal is to provide you with sufficient intelligence details to allow you to make informed decisions to protect your network without disrupting your organization's productivity. These changes will give you additional details needed to make more informed decisions for your network. Beginning Jan. 21, customers using Cisco platforms that receive Talos Intelligence will see updates to our Content... [[ This is only the beginning! Please visit the blog for the complete entry ]]	Threat

Last update at: 2024-05-20 00:07:57
See our sources.

To see everything: Our RSS (filtrered)