πŸ”’
❌
There are new articles available, click to refresh the page.
Before yesterdayCisco Talos

The BlackByte ransomware group is striking users all over the globe

News summary Cisco Talos has been monitoring the BlackByte Ransomware Group for several months, infecting victims all over the world, from North America to Colombia, Netherlands, China, Mexico and Vietnam.The FBI released a joint cybersecurity advisory in February 2022 warning about this group,...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Vulnerability Spotlight: Multiple memory corruption vulnerabilities in NVIDIA GPU driver

Piotr Bania of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.Β  Cisco Talos recently discovered four vulnerabilities in the NVIDIA D3D10 driver for graphics cards that could allow an attacker to corrupt memory and write arbitrary memory on the card.Β  NVIDIA graphics...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Ransomware: How executives should prepare given the current threat landscape

By Nate Pors. Top executives are increasingly dreading the phone call from their fellow employees notifying them that their company has been hit by a cyber attack. Nearly every week in 2021 and early 2022, a prominent organization has been in the media spotlight as their public relations team...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Roundup for May 6 to May 13

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between May 6 and May 13. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

EMEAR Monthly Talos Update: Wiper malware

Cisco Talos and Cisco Secure are launching a new video series to fill you in on the latest cybersecurity trends. We’re thrilled to launch our first video in the new Talos Threat Update series, which you can watch above or over at this link, where Martin Lee and Hazel Burton talk about wiper...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Source newsletter (May 12, 2022) β€” Mandatory MFA adoption is great, but is it too late?

By Jon Munshaw.Β  Welcome to this week’s edition of the Threat Source newsletter.Β  Mandatory multi-factor authentication is all the rage nowadays. GitHub just announced that all contributors would have to enroll in MFA by 2023 to log into their accounts. And Google announced as part of...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Vulnerability Spotlight: How an attacker could chain several vulnerabilities in an industrial wireless router to gain root access

Francesco Benvenuto of Cisco Talos discovered these vulnerabilities. Blog by Francesco Benvenuto and Jon Munshaw.Β  Cisco Talos recently discovered several vulnerabilities in InHand Networks’ InRouter302 that could allow an attacker to escalate their privileges on the targeted device from a...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Bitter APT adds Bangladesh to their targets

Cisco Talos has observed an ongoing malicious campaign since August 2021 from the Bitter APT group that appears to target users in Bangladesh, a change from the attackers' usual victims.As part of this, there's a new trojan based on Apost Talos is calling "ZxxZ," that, among other...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Microsoft Patch Tuesday for May 2022 β€” Snort rules and prominent vulnerabilities

By Jon Munshaw, with contributions from Jaeson Schultz.Β  Microsoft returned to its normal monthly patching volume in May, disclosing and fixing 74 vulnerabilities as part of the company’s latest security update. This month’s Patch Tuesday includes seven critical vulnerabilities after Microsoft...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Talos Incident Response added to German BSI Advanced Persistent Threat response list

Cisco Talos Incident Response is now listed as an approved vendor on the Bundesamt fΓΌr Sicherheit in der Informationstechnik (BSI) Advanced Persistent Threat (APT) response service providers list. Talos Incident Response successfully demonstrated to the BSI, through a review of our processes and a...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Advisory: Critical F5 BIG-IP Vulnerability

10 May 2022 at 16:24
Summary A recently disclosed vulnerability in F5 Networks' BIG-IP could allow an unauthenticated attacker to access the BIG-IP system to execute arbitrary system commands, create and delete files, disable services and could lead to additional malicious activity. This vulnerability, tracked as...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Vulnerability Spotlight: Vulnerabilities in Alyac antivirus program could stop virus scanning, cause code execution

3 August 2022 at 18:46


Jaewon Min of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.Β 

Update (Aug. 3, 2022): Talos disclosed two new vulnerabilities in the Alyac antivirus software and added their details to this post.

Cisco Talos recently discovered out-of-bounds read and buffer overflow vulnerabilities in ESTsecurity Corp.’s Alyac antivirus software that could cause a denial-of-service condition or arbitrary code execution. Alyac is an antivirus software developed for Microsoft Windows machines.Β 

TALOS-2022-1452Β (CVE-2022-21147) is a vulnerability that exists in a specific Alyac module that, eventually, leads to a crash of Alyac’s scanning process, which effectively neutralizes the antivirus scan. If successful, an attacker could trigger this vulnerability to stop the program from scanning for malware, which would be crucial in a potential attack scenario.Β 

TALOS-2022-1527 (CVE-2022-32543) and TALOS-2022-1533 (CVE-2022-29886) are heap-based buffer overflow vulnerabilities that an attacker could exploit to execute arbitrary code on the targeted machine. The adversary would have to convince a user to open a specially crafted OLE file to trigger this condition.

Cisco Talos worked with ESTsecurity to ensure that these issues are resolved and an update is available for affected customers, all in adherence to Cisco’s vulnerability disclosure policy.Β 

Users are encouraged to update these affected products as soon as possible: ESTsoft Alyac, versions 2.5.7.7 and 2.5.8.544. Talos tested and confirmed ESTsoft Alyac, version 2.5.7.7, is affected by TALOS-2022-1452. Version 2.5.8.544 is vulnerable to TALOS-2022-1533 and TALOS-2022-1527.

The following Snort rules will detect exploitation attempts against these vulnerabilities: 59014, 59015, and 60035 - 60042. Additional rules may be released in the future and current rules are subject to change, pending additional vulnerability information. For the most current rule information, please refer to your Cisco Secure Firewall Management Center or Snort.org.Β 

Threat Roundup for April 29 to May 6

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between April 29 and May 6. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Source newsletter (May 5, 2022) β€” Emotet is using up all of its nine lives

By Jon Munshaw.Β  Welcome to this week’s edition of the Threat Source newsletter.Β  Emotet made headlines last week for being β€œback” after a major international law enforcement takedown last year. But I’m here to argue that Emotet never left, and honestly, I’m not sure it ever...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Mustang Panda deploys a new wave of malware targeting Europe

By Jung soo An, Asheer Malhotra and Justin Thattil, with contributions from Aliza Berk and Kendall McKay. In February 2022, corresponding roughly with the start of the Russian Invasion of Ukraine, Cisco Talos began observing the China-based threat actor Mustang Panda conducting phishing campaigns...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Conti and Hive ransomware operations: What we learned from these groups' victim chats

As part of Cisco Talos’ continuous efforts to learn more about the current ransomware landscape, we recently examined a trove of chat logs between the Conti and Hive ransomware gangs and their victims. Ransomware-as-a-service groups have exploded in popularity over the past few years, with these...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Vulnerability Spotlight: Two vulnerabilities in Accusoft ImageGear could lead to DoS, arbitrary free

Emmanuel Tacheau of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.Β  Cisco Talos recently discovered two new vulnerabilities in Accusoft ImageGear.Β  The ImageGear library is a document-imaging developer toolkit that allows users to create, edit, annotate and convert...

[[ This is only the beginning! Please visit the blog for the complete entry ]]
  • There are no more articles
❌