Logo
21.06.2016

Nachrichten

Vulnerability Spotlight: Pidgin Vulnerabilities

These vulnerabilities were discovered by Yves Younan. Pidgin is a universal chat client that is used on millions of systems worldwide. The Pidgin chat client enables you to communicate on multiple chat networks simultaneously. Talos has identified multiple vulnerabilities in the ...

lesen
Logo
21.06.2016

Nachrichten

The Poisoned Archives

libarchive is an open-source library that provides access to a variety of different file archive formats, and it’s used just about everywhere. Cisco Talos has recently worked with the maintainers of libarchive to patch three rather severe bugs in the library. Because of the numbe...

lesen
Logo
21.06.2016

Artikel

Das Rechenzentrum in der Echtzeitanalyse von Cisco

„Cisco überwacht derzeit 25 Millionen Flows live“, sagt René Raeber, Distinguished Engineer bei Cisco Systems, in dem Webcast „Digitaler Wandel: Was Sie wissen müssen, um zu bestehen“, den wir heute aufgezeichnet haben. Die Technik, mit der eine solch umfassende Rechenzentrums-Tr...

lesen
Logo
17.06.2016

Artikel

Das Rechenzentrum in der Echtzeitanalyse von Cisco

„Cisco überwacht derzeit 25 Millionen Flows live“, sagt René Raeber, Distinguished Engineer bei Cisco Systems, in dem Webcast „Digitaler Wandel: Was Sie wissen müssen, um zu bestehen“, den wir heute aufgezeichnet haben. Die Technik, mit der eine solch umfassende Rechenzentrums-Tr...

lesen
Logo
14.06.2016

Nachrichten

Microsoft Patch Tuesday – June 2016

This post was authored by Warren Mercer. Patch Tuesday for June 2016 has arrived where Microsoft releases their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release contains 16 bulletins addressing 44 vul...

lesen
Logo
13.06.2016

Artikel

Steckbare Module für bis zu 400 GBit/s

13 Unternehmen, darunter auch die Firmen Molex und Cisco, beteiligen sich an einem MSA (Multi-Supplier Agreement) zur gemeinsamen Entwicklung einer neuen kompakten und steckbaren Quad-Hochgeschwindigkeitsschnittstelle mit doppelter Dichte (QSFP-DD).

lesen
Logo
09.06.2016

Nachrichten

TeslaCrypt: The Battle is Over

Talos has updated its TeslaCrypt decryptor tool, which now works with any version of this variant of ransomware. You can download the decryptor here. When Talos first examined TeslaCrypt version 1.0 in April of 2015, we articulated how this ransomware operated and were able to de...

lesen
Logo
08.06.2016

Nachrichten

Vulnerability Spotlight: PDFium Vulnerability in Google Chrome Web Browser

This vulnerability was discovered by Aleksandar Nikolic of Cisco Talos. PDFium is the default PDF reader that is included in the Google Chrome web browser. Talos has identified an exploitable heap buffer overflow vulnerability in the Pdfium PDF reader. By simply viewing a PDF doc...

lesen
Logo
08.06.2016

Nachrichten

Vulnerability Spotlight: ESnet iPerf3 JSON parse_string UTF Code Execution Vulnerability

This vulnerability was discovered by Dave McDaniel, Senior Research Engineer. Summary iPerf is a network testing application that is typically deployed in a client/server configuration and is used to measure the available network bandwidth between the systems by creating TCP and/...

lesen
Logo
01.06.2016

Nachrichten

Research Spotlight: ROPMEMU – A Framework for the Analysis of Complex Code Reuse Attacks

The post was authored by Mariano Graziano. Executive Summary Attacks have grown more and more complex over the years. The evolution of the threat landscape has demonstrated this where adversaries have had to modify their tactics to bypass mitigations and compromise systems in res...

lesen
Logo
17.05.2016

Nachrichten

Making Friends By Proactive Notification

Talos has continued to observe ongoing attacks leveraging the use of JBoss exploits. Through our research efforts, we have identified an additional 600 or so compromised hosts which contain webshells due to adversaries compromising unpatched JBoss environments. In response to thi...

lesen
Logo
11.05.2016

Nachrichten

Multiple 7-Zip Vulnerabilities Discovered by Talos

7-Zip is an open-source file archiving application which features optional AES-256 encryption, support for large files, and the ability to use “any compression, conversion or encryption method”. Recently Cisco Talos has discovered multiple exploitable vulnerabilities in 7-Zip. Th...

lesen
Logo
10.05.2016

Nachrichten

Microsoft Patch Tuesday – May 2016

This post is authored by Holger Unterbrink. Patch Tuesday for May 2016 has arrived where Microsoft releases their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release contains 16 bulletins addressing 33 v...

lesen
Logo
03.05.2016

Nachrichten

Angler Catches Victims Using Phish as Bait

This post authored by Nick Biasini with contributions from Erick Galinkin. Exploit kits have been a recurring threat that we’ve discussed here on this blog as a method of driving users to maliciousness.  Users typically encounter exploit kit landing pages through  compromis...

lesen
Logo
03.05.2016

Nachrichten

Threat Spotlight: Spin to Win…Malware

This post was authored by Nick Biasini with contributions from Tom Schoellhammer and Emmanuel Tacheau The threat landscape is ever changing and adversaries are always working to find more efficient ways to compromise users. One of the many ways that users are driven to malicious ...

lesen
Logo
02.05.2016

Nachrichten

Cryptolocker 4 White Paper Available: The Evolution Continues

We are pleased to announce the availability of the cryptolocker 4 white paper. Over the past year, Talos has devoted a significant amount of time to better understanding how ransomware operates, its relation to other malware, and its economic impact. This research has proven valu...

lesen
Logo
01.05.2016

Whitepaper

Durchgängige Erkennung von Bedrohungen ermöglicht angemessene Reaktionen

Die zunehmend komplexe Bedrohungslandschaft von heute erfordert Maßnahmen, die das gesamte Angriffskontinuum abdecken – vor, während und nach einem Angriff.

Logo
01.05.2016

Whitepaper

Eine Lösung zum Schutz vor, während und nach Angriffen

Mit der hier vorgestellten Lösung kann ein globaler Öl- und Gaskonzern dauerhafte Infektionen durch Ransomware erkennen und beseitigen.

Logo
01.05.2016

Whitepaper

Sicherheit im Einzelhandel

In diesem Whitepaper werden die Herausforderungen für Netzwerke im Einzelhandel zusammengefasst. Darüber hinaus wird eine Sicherheitslösung erläutert, die hier effektiven, aktuellen und zuverlässigen Schutz bietet.

Logo
01.05.2016

Whitepaper

Schützen Sie Ihre Daten in der Cloud

Mit der in diesem Whitepaper vorgestellten Lösung meistern Unternehmen die Herausforderung, im erweiterten Netzwerk fortlaufende Sicherheit garantieren zu müssen.

Logo
01.05.2016

Whitepaper

Der Umgang mit modernen webbasierten Bedrohungen

Um den Herausforderungen im Zusammenhang mit der Web-Sicherheit wirksam zu begegnen, brauchen Unternehmen eine umfassende Lösung.

Logo
01.05.2016

Whitepaper

Der Umgang mit modernen E-Mail-Bedrohungen

Ein effektiver E-Mail-Schutz erfordert eine globale Multiprotocol-Perspektive hinsichtlich Bedrohungen und eine Infrastruktur, die das gesamte Angriffskontinuum abdeckt – vor, während und nach dem Angriff.

Logo
28.04.2016

Nachrichten

Research Spotlight: The Resurgence of Qbot

The post was authored by Ben Baker. Qbot, AKA Qakbot, has been around for since at least 2008, but it recently experienced a large surge in development and deployments. Qbot is being Qbot primarily targets sensitive information like banking credentials. Here we are unveiling rece...

lesen
Logo
27.04.2016

Nachrichten

The “Wizzards” of Adware

Talos posted a blog, September 2015, which aimed to identify how often seemingly benign software can be rightly condemned for being a piece of malware. With this in mind, this blog presents an interesting piece of “software” which we felt deserved additional information disclosur...

lesen
Logo
27.04.2016

Nachrichten

Vulnerability Spotlight: Further NTPD Vulnerabilities

As a member of the Linux Foundation Core Infrastructure Initiative, Cisco is contributing to the CII effort by evaluating the Network Time Protocol daemon (ntpd) for security defects. We previously identified a series of vulnerabilities in the Network Time Protocol daemon; throug...

lesen
Logo
20.04.2016

Nachrichten

Threat Spotlight: Exploit Kit Goes International Hits 150+ Countries

This post authored by Nick Biasini Talos is constantly monitoring the threat landscape and exploit kits are a constantly evolving component of it. An ongoing goal of Talos is to expose and disrupt these kits to protect the average internet user being targeted and compromised. We ...

lesen
Logo
20.04.2016

Nachrichten

Oracle OIT Image Export SDK libvs_pdf XRef Index Code Execution Vulnerability

Talos has recently discovered a vulnerability in Oracle’s Outside In Technology  Image Export SDK which, when exploited, allows an attacker to overflow the heap, leading to arbitrary code execution. The vulnerability lies in the Image Export SDK’s parsing of Portable Document For...

lesen
Logo
15.04.2016

Nachrichten

Widespread JBoss Backdoors a Major Threat

With around 2100 servers affected, there are a lot of stories about how this happened. But a consistent thread in them all is the need to patch....

lesen
Logo
15.04.2016

Nachrichten

Widespread JBoss Backdoors a Major Threat

With around 2100 servers affected, there are a lot of stories about how this happened. But a consistent thread in them all is the need to patch....

lesen
Logo
12.04.2016

Nachrichten

Microsoft Patch Tuesday – April 2016

Patch Tuesday for April has arrived with Microsoft releasing their latest monthly set of security bulletins to address security vulnerabilities in their products. This month’s release contains 13 bulletins relating to 31 vulnerabilities. Six bulletins address vulnerabilitie...

lesen
Logo
11.04.2016

Nachrichten

Ransomware: Past, Present, and Future

The rise of ransomware over the past year is an ever growing problem. Business often believe that paying the ransom is the most cost effective way of getting their data back – and this may also be the reality. The problem we face is that every single business that pays to r...

lesen
Logo
08.04.2016

Nachrichten

Nuclear Drops Tor Runs and Hides

Introduction Exploit kits are constantly compromising users, whether it’s via malvertising or compromised websites, they are interacting with a large amount of users on a daily basis. Talos is continuously monitoring these exploit kits to ensure protection, analyze changes ...

lesen
Logo
07.04.2016

Nachrichten

News Flash! Another Adobe Flash Zero-day Vulnerability Spotted in the Wild

In today’s threat landscape, Adobe Flash Player unfortunately remains an attractive attack vector for adversaries to exploit and compromise systems. Over the past year, Talos has observed several instances where adversaries have identified zero-day vulnerabilities and explo...

lesen
Logo
07.04.2016

Nachrichten

Vulnerability Deep Dive: Exploiting the Apple Graphics Driver and Bypassing KASLR

Cisco Talos vulnerability researcher Piotr Bania recently discovered a vulnerability in the Apple Intel HD 3000 Graphics driver, which we blogged about here. In this post we are going to take a deeper dive into this research and look into the details of the vulnerability as well ...

lesen
Logo
04.04.2016

Nachrichten

Research Spotlight: Enabling Evil for Pocket Change

This post is authored by Tazz.   EXECUTIVE SUMMARY At the end of February, one of the researchers on the team received a solicitation email from a domain reseller, which she reviewed the first week of March.  The email was from Namecheap offering deeply discounted domains for .88...

lesen
Logo
31.03.2016

Nachrichten

Vulnerability Spotlight: Lhasa Integer Underflow Exploit

Talos is disclosing the discovery of vulnerability TALOS-2016-0095 / CVE-2016-2347 in the Lhasa LZH/LHA decompression tool and library. This vulnerability is due to an integer underflow condition. The software verifies that header values are not too large, but does not check for ...

lesen
Logo
23.03.2016

Nachrichten

SamSam: The Doctor Will See You, After He Pays the Ransom

Cisco Talos is currently observing a widespread campaign leveraging the Samas/Samsam/MSIL.B/C ransomware variant. Unlike most ransomware, SamSam is not launched via user focused attack vectors, such as phishing campaigns and exploit kits. This particular family seems to be distri...

lesen
Logo
22.03.2016

Nachrichten

Vulnerability Spotlight: Apple OS X Graphics Kernel Driver Local Privilege Escalation Vulnerability

Piotr Bania of Cisco Talos is credited with the discovery of this vulnerability.   Cisco Talos, in conjunction with Apple’s security advisory issued on Mar 22, is disclosing the discovery of a local vulnerability in the communication functionality of the Apple Intel HD3000 G...

lesen
Logo
21.03.2016

Nachrichten

TESLACRYPT 3.0.1 – TALES FROM THE CRYPT(O)!

This post is authored by Andrea Allievi and Holger Unterbrink Executive Summary Ransomware is malicious software that is designed to hold users’ files (such as photos, documents, and music) for ransom by encrypting their contents and demanding the user pay a fee to decrypt ...

lesen
Logo
21.03.2016

Nachrichten

Malware Word Search: Identifying Angler’s Dictionary

This post authored by Steve Poulson with contributions from Nick Biasini. Exploit kits are constantly evolving and changing. We recently wrote about some subtle Angler changes but then Angler changed drastically on March 8. In this blog post, we will briefly cover these changes, ...

lesen