Threat Source newsletter (Sept. 9, 2021)
Good afternoon, Talos readers. The biggest security news this week is no doubt another Microsoft zero-day. On the heels of PrintNightmare and multiple Exchange Server vulnerabilities comes a code execution vulnerability in MSHTML, the rendering engine in Internet Explorer. We h
Talos release protection against zero-day vulnerability (CVE-2021-40444) in Microsoft MSHTML
Cisco Talos released new SNORT® rules Thursday to protect against the exploitation of a zero-day vulnerability in Microsoft MSHTML that the company warns is being actively exploited in the wild. Users are encouraged to deploy SIDs 58120 – 58129, Snort 3 SID 300049 and ClamAV sig
Vulnerability Spotlight: Heap buffer overflow vulnerability in Ribbonsoft dxflib library
Lilith >_> of Cisco Talos discovered this vulnerability. Cisco Talos recently discovered an exploitable heap-based buffer overflow vulnerability in Ribbonsoft’s dxflib library that could lead to code execution. The dxflib library is a C++ library utilized by digital desig
Threat Roundup for August 27 to September 3
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Aug. 27 and Sept. 3. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting k
Talos Takes Ep. #66: Dude, where's my bandwidth?
The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. “Proxyware” sounds like a complicated topic that you’re too afraid to ask about. But really, it’s just software that all
Beers with Talos, Ep. #109: We have not secured our society — Or, working out a conference talk in realtime
Beers with Talos (BWT) Podcast episode No. 109 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Most of the Beers with Talos guys got a chance to take a summer vacation after the last episode
Threat Source newsletter (Sept. 2, 2021)
Good afternoon, Talos readers. If you haven't seen already, our blog has a lot of cool and new stuff this week. We first dove into the world of proxyware on Tuesday (aka internet-sharing applications). Attackers are hiding in this newly popular software to steal users'
Translated: Talos' insights from the recently leaked Conti ransomware playbook
Executive summary Cisco Talos recently became aware of a leaked playbook that has been attributed to the ransomware-as-a-service (RaaS) group Conti. Talos has a team of dedicated, native-level speakers that translated these documents in their entirety into English. We also trans
Attracting flies with Honey(gain): Adversarial abuse of proxyware
By Edmund Brumaghin and Vitor Ventura. * With internet-sharing applications, or "proxyware," users download software that allows them to share a percentage of their bandwidth with other internet users for a fee, with the companies that created this software acting as