Logo
21.09.2016

Nachrichten

The Rising Tides of Spam

This blog post was authored by Jaeson Schultz. For the past five years we have enjoyed a relatively calm period with respect to spam volumes. Back at the turn of the decade the world was experiencing record-high volumes of spam. However, with the evolution of new anti-spam techno...

lesen
Logo
14.09.2016

Nachrichten

Microsoft Patch Tuesday – September 2016

This post was authored by Jaeson Schultz. Well it’s Microsoft Patch Tuesday, again, and that must mean we are girding our systems against another round of security vulnerabilities. This month Microsoft has released fourteen (14) bulletins covering fifty (50) security vulner...

lesen
Logo
01.09.2016

Nachrichten

Talos ShadowGate Take Down: Global Malvertising Campaign Thwarted

Yet another example of how organizations work together to stop threats affecting users around the globe. ...

lesen
Logo
01.09.2016

Nachrichten

Talos ShadowGate Take Down: Global Malvertising Campaign Thwarted

This blog authored by Nick Biasini. Exploit kits are a class of threat that indiscriminately aims to compromise all users. Talos has continued to monitor this threat over time resulting in large scale research and even resulting in a large scale takedown. The focus of this invest...

lesen
Logo
26.08.2016

Nachrichten

Vulnerability Spotlight: Multiple DOS Vulnerabilities Within Kaspersky Internet Security Suite

Talos has discovered multiple vulnerabilities in Kaspersky’s Internet Security product which can be used by an attacker to cause a local denial of service attack or to leak memory from any machine running Kaspersky Internet Security software. The vulnerabilities affect Kaspersky ...

lesen
Logo
22.08.2016

Artikel

Stellenabbau trotz Gewinnplus

Im Zuge der Bekanntgabe der Geschäftszahlen 2016 bestätigte Cisco, 5.500 Stellen zu streichen. Die Entlassungswelle fällt damit nicht so drastisch aus, wie zunächst angenommen - in einem Bericht des US-amerikanischen Fachmagazins war unter Berufung auf unternehmensnahe Quellen zu...

lesen
Logo
15.08.2016

Nachrichten

Vulnerability Spotlight: Multiple Remote Code Execution Vulnerabilities Within Lexmark Perceptive Document Filters.

Vulnerabilities discovered by Tyler Bohan & Marcin Noga of Cisco Talos. Talos are today releasing three new vulnerabilities discovered within the Lexmark Perceptive Document Filters library. TALOS-2016-0172, TALOS-2016-0173 and TALOS-2016-0183 allow for a remote code executio...

lesen
Logo
12.08.2016

Nachrichten

Vulnerability Spotlight: Rockwell Automation MicroLogix 1400 SNMP Credentials Vulnerability

This vulnerability was discovered by Patrick DeSantis. Description Talos recently discovered a vulnerability in Allen-Bradley Rockwell Automation MicroLogix 1400 Programmable Logic Controllers (PLCs) related to the default configuration that is shipped with devices running affect...

lesen
Logo
11.08.2016

Nachrichten

Vulnerability Spotlight: BlueStacks App Player Privilege Escalation

Discovered by Marcin ‘Icewall’ Noga of Cisco Talos Talos is releasing an advisory for a vulnerability in BlueStacks App Player. (TALOS-2016-0124/CVE-2016-4288). The BlueStacks App Player is designed to enable Android applications to run on Windows PCs and Macintosh computers. It’...

lesen
Logo
09.08.2016

Nachrichten

Microsoft Patch Tuesday – August 2016

This post was authored by Edmund Brumaghin and Jonah Samost Today is Patch Tuesday for August 2016, and Microsoft has released several security bulletins and associated patches to resolve security issues across their products. This month’s patch release includes 9 bulletins addre...

lesen
Logo
02.08.2016

Nachrichten

Macro Intruders: Sneaking Past Office Defenses

Macros have been used since the mid 1990s to spread malware and infect systems. Increased user awareness of the need to disable the macro function within Microsoft Word during the late 90s and early 2000s sent these malware into decline. However, a change in Microsoft (MS) Office...

lesen
Logo
25.07.2016

Nachrichten

Ransomware: Because OpSec Is Hard?

This blog was authored by Edmund Brumaghin and Warren Mercer Summary Talos recently published research regarding a new variant of destructive ransomware, which we dubbed Ranscam. During further analysis of Ranscam samples, we discovered several indicators of compromise (IOCs) tha...

lesen
Logo
20.07.2016

Nachrichten

Vulnerability Spotlight: Oracle’s Outside In Technology, Turned Inside-Out

Vulnerabilities discovered by Aleksandar Nikolic. Blog post authored by Jaeson Schultz and Aleksandar Nikolic. One of the most fundamental tasks performed by many software programs involves the reading, writing, and general processing of files. In today’s highly networked e...

lesen
Logo
19.07.2016

Nachrichten

Vulnerability Spotlight: Apple Remote Code Execution With Image Files

Vulnerabilities discovered by Tyler Bohan of Cisco Talos. Many of the wide variety of file formats are designed for specialized uses within specific industries. Apple offers APIs as interfaces to provide a definitive way to access image data for multiple image formats on the Appl...

lesen
Logo
13.07.2016

Nachrichten

Microsoft Patch Tuesday – July 2016

This post was authored by William Largent Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release is has 11 bulletins addressing 49 vulnerabilities. 6 of these bulletins are rat...

lesen
Logo
11.07.2016

Nachrichten

When Paying Out Doesn’t Pay Off

This blog post was authored by Edmund Brumaghin and Warren Mercer Summary Talos recently observed a new ransomware variant targeting users. This ransomware shows that new threat actors are continuing to enter the ransomware market at a rapid pace due to the lucrative nature of th...

lesen
Logo
11.07.2016

Nachrichten

Vulnerability Spotlight: Local Code Execution via the Intel HD Graphics Windows Kernel Driver

This vulnerability was discovered by Piotr Bania. Talos, in coordination with Intel, is disclosing the discovery of TALOS-2016-0087, a local arbitrary code execution vulnerability within the Intel HD Graphics Windows Kernel Driver. This vulnerability exists in the communication f...

lesen
Logo
07.07.2016

Nachrichten

Connecting the Dots Reveals Crimeware Shake-up

This Post Authored by Nick Biasini For a couple of weeks in June the threat landscape was changed. Several high profile threats fell off the landscape, causing a shake-up that hadn’t been seen before.  For a period of three weeks the internet was safer, if only for a short ...

lesen
Logo
01.07.2016

Nachrichten

Gotta be SWIFT for this Spam Campaign!

Talos have observed a large uptick in the Zepto ransomware and have identified a method of distribution for the Zepto ransomware, Spam Email. Locky/Zepto continue to be well known ransomware variants and as such we will focus on the spam email campaign. We found 137,731 emails in...

lesen
Logo
29.06.2016

Nachrichten

Detecting DNS Data Exfiltration

The recent discovery of Wekby and Point of Sale malware using DNS requests as a command and control channel highlights the need to consider DNS as a potentially malicious channel. Although a skilled analyst may be able to quickly spot unusual activity because they are familiar wi...

lesen
Logo
28.06.2016

Nachrichten

Vulnerability Spotlight: LibreOffice RTF Vulnerability

Vulnerability discovered by Aleksandar Nikolic of Cisco Talos. Talos is disclosing the presence of CVE-2016-4324 / TALOS-CAN-0126, a Use After Free vulnerability within the RTF parser of LibreOffice. The vulnerability lies in the parsing of documents containing both stylesheet an...

lesen
Logo
27.06.2016

Artikel

Das Rechenzentrum in der Echtzeitanalyse von Cisco

„Cisco überwacht derzeit 25 Millionen Flows live“, sagt René Raeber, Distinguished Engineer bei Cisco Systems, in dem Webcast „Digitaler Wandel: Was Sie wissen müssen, um zu bestehen“, den wir am 17.06. aufgezeichnet haben. Die Technik, mit der eine solch umfassende Rechenzentrum...

lesen
Logo
21.06.2016

Nachrichten

Vulnerability Spotlight: Pidgin Vulnerabilities

These vulnerabilities were discovered by Yves Younan. Pidgin is a universal chat client that is used on millions of systems worldwide. The Pidgin chat client enables you to communicate on multiple chat networks simultaneously. Talos has identified multiple vulnerabilities in the ...

lesen
Logo
21.06.2016

Nachrichten

The Poisoned Archives

libarchive is an open-source library that provides access to a variety of different file archive formats, and it’s used just about everywhere. Cisco Talos has recently worked with the maintainers of libarchive to patch three rather severe bugs in the library. Because of the numbe...

lesen
Logo
21.06.2016

Artikel

Das Rechenzentrum in der Echtzeitanalyse von Cisco

„Cisco überwacht derzeit 25 Millionen Flows live“, sagt René Raeber, Distinguished Engineer bei Cisco Systems, in dem Webcast „Digitaler Wandel: Was Sie wissen müssen, um zu bestehen“, den wir heute aufgezeichnet haben. Die Technik, mit der eine solch umfassende Rechenzentrums-Tr...

lesen
Logo
17.06.2016

Artikel

Das Rechenzentrum in der Echtzeitanalyse von Cisco

„Cisco überwacht derzeit 25 Millionen Flows live“, sagt René Raeber, Distinguished Engineer bei Cisco Systems, in dem Webcast „Digitaler Wandel: Was Sie wissen müssen, um zu bestehen“, den wir heute aufgezeichnet haben. Die Technik, mit der eine solch umfassende Rechenzentrums-Tr...

lesen
Logo
14.06.2016

Nachrichten

Microsoft Patch Tuesday – June 2016

This post was authored by Warren Mercer. Patch Tuesday for June 2016 has arrived where Microsoft releases their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release contains 16 bulletins addressing 44 vul...

lesen
Logo
13.06.2016

Artikel

Steckbare Module für bis zu 400 GBit/s

13 Unternehmen, darunter auch die Firmen Molex und Cisco, beteiligen sich an einem MSA (Multi-Supplier Agreement) zur gemeinsamen Entwicklung einer neuen kompakten und steckbaren Quad-Hochgeschwindigkeitsschnittstelle mit doppelter Dichte (QSFP-DD).

lesen
Logo
09.06.2016

Nachrichten

TeslaCrypt: The Battle is Over

Talos has updated its TeslaCrypt decryptor tool, which now works with any version of this variant of ransomware. You can download the decryptor here. When Talos first examined TeslaCrypt version 1.0 in April of 2015, we articulated how this ransomware operated and were able to de...

lesen
Logo
08.06.2016

Nachrichten

Vulnerability Spotlight: PDFium Vulnerability in Google Chrome Web Browser

This vulnerability was discovered by Aleksandar Nikolic of Cisco Talos. PDFium is the default PDF reader that is included in the Google Chrome web browser. Talos has identified an exploitable heap buffer overflow vulnerability in the Pdfium PDF reader. By simply viewing a PDF doc...

lesen
Logo
08.06.2016

Nachrichten

Vulnerability Spotlight: ESnet iPerf3 JSON parse_string UTF Code Execution Vulnerability

This vulnerability was discovered by Dave McDaniel, Senior Research Engineer. Summary iPerf is a network testing application that is typically deployed in a client/server configuration and is used to measure the available network bandwidth between the systems by creating TCP and/...

lesen
Logo
01.06.2016

Nachrichten

Research Spotlight: ROPMEMU – A Framework for the Analysis of Complex Code Reuse Attacks

The post was authored by Mariano Graziano. Executive Summary Attacks have grown more and more complex over the years. The evolution of the threat landscape has demonstrated this where adversaries have had to modify their tactics to bypass mitigations and compromise systems in res...

lesen
Logo
17.05.2016

Nachrichten

Making Friends By Proactive Notification

Talos has continued to observe ongoing attacks leveraging the use of JBoss exploits. Through our research efforts, we have identified an additional 600 or so compromised hosts which contain webshells due to adversaries compromising unpatched JBoss environments. In response to thi...

lesen
Logo
11.05.2016

Nachrichten

Multiple 7-Zip Vulnerabilities Discovered by Talos

7-Zip is an open-source file archiving application which features optional AES-256 encryption, support for large files, and the ability to use “any compression, conversion or encryption method”. Recently Cisco Talos has discovered multiple exploitable vulnerabilities in 7-Zip. Th...

lesen
Logo
10.05.2016

Nachrichten

Microsoft Patch Tuesday – May 2016

This post is authored by Holger Unterbrink. Patch Tuesday for May 2016 has arrived where Microsoft releases their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release contains 16 bulletins addressing 33 v...

lesen
Logo
03.05.2016

Nachrichten

Angler Catches Victims Using Phish as Bait

This post authored by Nick Biasini with contributions from Erick Galinkin. Exploit kits have been a recurring threat that we’ve discussed here on this blog as a method of driving users to maliciousness.  Users typically encounter exploit kit landing pages through  compromis...

lesen
Logo
03.05.2016

Nachrichten

Threat Spotlight: Spin to Win…Malware

This post was authored by Nick Biasini with contributions from Tom Schoellhammer and Emmanuel Tacheau The threat landscape is ever changing and adversaries are always working to find more efficient ways to compromise users. One of the many ways that users are driven to malicious ...

lesen
Logo
02.05.2016

Nachrichten

Cryptolocker 4 White Paper Available: The Evolution Continues

We are pleased to announce the availability of the cryptolocker 4 white paper. Over the past year, Talos has devoted a significant amount of time to better understanding how ransomware operates, its relation to other malware, and its economic impact. This research has proven valu...

lesen
Logo
01.05.2016

Whitepaper

Durchgängige Erkennung von Bedrohungen ermöglicht angemessene Reaktionen

Die zunehmend komplexe Bedrohungslandschaft von heute erfordert Maßnahmen, die das gesamte Angriffskontinuum abdecken – vor, während und nach einem Angriff.

Logo
01.05.2016

Whitepaper

Eine Lösung zum Schutz vor, während und nach Angriffen

Mit der hier vorgestellten Lösung kann ein globaler Öl- und Gaskonzern dauerhafte Infektionen durch Ransomware erkennen und beseitigen.