Wednesday, January 27, 2021

Vulnerability Spotlight: Multiple vulnerabilities in phpGACL class



Claudio Bozzato of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.

Cisco Talos recently discovered multiple vulnerabilities in the phpGACL class. One of these vulnerabilities also affects OpenEMR, a medical practice management software written in PHP. phpGACL is a PHP library that allows developers to implement permission systems via a Generic Access Control List. An adversary could exploit these vulnerabilities by sending the target machine a specially crafted, malicious HTTP request or URL.

In accordance with our coordinated disclosure policy, Cisco Talos worked with phpGACL and OpenEMR to ensure that these issues are resolved and that an update is available for affected customers.

Tuesday, January 26, 2021

Nation-state campaign targets Talos researchers



Google's Threat Analysis Group published a blog Monday evening warning of an ongoing campaign attempting to compromise security researchers. Google TAG's blog outlines the attacker's motivations and various TTPs used in these attacks.

Vulnerability Spotlight: Denial-of-service vulnerabilities in Micrium uc-HTTP’s HTTP server



Kelly Leuschner of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.

Cisco Talos recently discovered two vulnerabilities in Micrium uc-HTTP’s HTTP server that could cause denial-of-service conditions. An attacker could trigger these vulnerabilities by targeting the user machine with specially crafted HTTP requests. The uC-HTTP server implementation is designed to be used on embedded systems running the µC/OS II or µC/OS III RTOS kernels. This HTTP server supports many features, including persistent connections, form processing, chunked transfer encoding, HTTP header fields processing, HTTP query string processing and dynamic content.

In accordance with our coordinated disclosure policy, Cisco Talos worked with Micrium to disclose these vulnerabilities and ensure that an update is available.

Friday, January 22, 2021

Threat Roundup for January 15 to January 22


Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Jan. 15 and Jan. 22. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats.

As a reminder, the information provided for the following threats in this post is non-exhaustive and current as of the date of publication. Additionally, please keep in mind that IOC searching is only one part of threat hunting. Spotting a single IOC does not necessarily indicate maliciousness. Detection and coverage for the following threats is subject to updates, pending additional threat or vulnerability analysis. For the most current information, please refer to your Firepower Management Center, Snort.org, or ClamAV.net.

Talos Takes Ep. #37: What's with all this talk about supply chain attacks?



The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page.

The major SolarWinds campaign has been generating headlines for weeks now. And while its specific targets make this attack unique, this is far from the first-ever supply chain attack. So what is a supply chain attack? And should your organization be prepared for them? In this episode of Talos Takes, Nick Biasini talks about the history of supply chain attacks, and how they can even be traced back to the 1970s.

Thursday, January 21, 2021

Threat Source newsletter (Jan. 21, 2021)

Newsletter compiled by Jon Munshaw.

Good afternoon, Talos readers.  

We know it’s hard to focus on anything happening outside of Washington, D.C. this week. But we would be remiss if we didn’t mention the exciting news that the Snort 3 GA is officially out now! This update has been literally years in the making and is a major upgrade to Snort’s performance and its level of customization. Here’s our announcement post from Tuesday, and for the official downloads and even more resources, check out the Snort 3 hub page

Talos is also hiring for multiple positions. Please bookmark our Careers page and come back every so often to see if we have any new listings up. But we have several openings now for security experts who want to join our team. 

Tuesday, January 19, 2021

Vulnerability Spotlight: Multiple vulnerabilities in PrusaSlicer



Lilith >_> of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.

Cisco Talos recently discovered two out-of-bounds write vulnerabilities in Prusa Research’s PrusaSlicer. Prusa Slicer is an open-source 3-D printer slicing program forked off Slic3r that can convert various 3-D model file formats and can output corresponding 3-D printer-readable Gcode. Two functions in the software could be exploited with specially crafted OBJ and AMF files to cause an out-of-bounds write condition or a buffer overflow, and then execute code on the victim machine.

In accordance with our coordinated disclosure policy, Cisco Talos worked with Prusa Research to disclose these vulnerabilities and ensure that an update is available.

Monday, January 18, 2021

Beers with Talos Ep. #99: P@ssw0rds and closing out 2020

 

Beers with Talos (BWT) Podcast episode No. 99 is now available. Download this episode and subscribe to Beers with Talos:

If iTunes and Google Play aren't your thing, click here.

By Mitch Neff.

Recorded late November 2020.

We recorded this episode toward the end of 2020 and since then, it's lived a quiet, but meaningful life in the production queue patiently waiting its turn to get released. In this episode, we dig into a discussion on passwords and some issues and how they appluy conceptually and in practice. Passwords aren’t inherently problematic, but how they are used...sometimes is. We discuss best practices to share with your friends and also touch on MFA (and SMS as an option of last resort). Craig seems to think lock analogies are key to understanding everything. The session was two hours long and this is the balance remaining after decency and standards review.

All of us want to thank you for listening and making three years and (almost)100 episodes of Beers with Talos possible. Cheers.

Friday, January 15, 2021

Threat Roundup for January 8 to January 15


Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Jan. 8 and Jan. 15. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats.

As a reminder, the information provided for the following threats in this post is non-exhaustive and current as of the date of publication. Additionally, please keep in mind that IOC searching is only one part of threat hunting. Spotting a single IOC does not necessarily indicate maliciousness. Detection and coverage for the following threats is subject to updates, pending additional threat or vulnerability analysis. For the most current information, please refer to your Firepower Management Center, Snort.org, or ClamAV.net.

Thursday, January 14, 2021

Threat Source newsletter (Jan. 14, 2021)

Newsletter compiled by Jon Munshaw.

Good afternoon, Talos readers.  

Microsoft released its monthly security update this week, disclosing 83 vulnerabilities across its suite of products to kickoff 2021. Our blog post has the most important vulnerabilities you need to know about, along with our released Snort rules to keep your network protected. 

TalosIntelligence.com users will also want to check out the list of our new Content and Threat Categories that will provide you with sufficient intelligence details to allow you to make informed decisions to protect your network without disrupting your organization’s productivity.