Threat Source newsletter for Oct. 1, 2020
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. In the past, we’ve covered what disinformation (otherwise known as “fake news”) is and who spreads it. Now, we’re diving into why it works, and why it’s so easy for people to spread. Check out our full paper her
What to expect when you're electing: Information hygiene and the human levers of disinformation
Editor's note: Related reading on Talos election security research: /what-to-expect-when-youre-electing /election-roundtable-video /what-to-expect-electing-disinformation-building-blocks By Azim Khodjibaev and Ryan Pentney. As Cisco Talos researchers outlined in a paper
Vulnerability Spotlight: Remote code execution bugs in NVIDIA D3D10 driver
Piotr Bania of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered multiple remote code execution vulnerabilities in the NVIDIA D3D10 driver. This driver supports multiple GPUs that NVIDIA produces. An adversary could exploit these vul
LodaRAT Update: Alive and Well
* During our continuous monitoring of LodaRAT, Cisco Talos observed changes in the threat that add new functionality. * Multiple new versions of LodaRAT have been spotted being used in the wild. * These new versions of LodaRAT abandoned their previous obfuscation techniques.
Microsoft Netlogon exploitation continues to rise
Cisco Talos is tracking a spike in exploitation attempts against the Microsoft vulnerability CVE-2020-1472, an elevation of privilege bug in Netlogon, outlined in the August Microsoft Patch Tuesday report. The vulnerability stems from a flaw in a cryptographic authentication sche
Threat Roundup for September 18 to September 25
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Sept. 18 and Sept. 25. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting
Threat Source newsletter for Sept. 24, 2020
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. After months (years?) in beta, an official release candidate is out now for Snort 3. Stay tuned for an officially official release in about a month. In other Snort rules, we also have a deep dive into our detec
The Internet did my homework
By Jaeson Schultz and Matt Valites. As students return to school for in-person and virtual learning, Cisco Talos discovered an increase in DNS requests coming into Umbrella resolving domains we classify as "academic fraud." Data from Pew Research on back-to-school date
New Snort, ClamAV coverage strikes back against Cobalt Strike
By Nick Mavis. Editing by Joe Marshall and Jon Munshaw. Cisco Talos is releasing a new research paper called “The Art and Science of Detecting Cobalt Strike.” We recently released a more granular set of updated SNORTⓇ and ClamAVⓇ detection signatures to detect attempted obfusca