Emotet is back after a summer break
Emotet is still evolving, five years after its debut as a banking trojan. It is one of the world's most dangerous botnets and malware droppers-for-hire. The malware payloads dropped by Emotet serve to more fully monetize their attacks, and often include additional banking tro
Cryptocurrency miners aren’t dead yet: Documenting the voracious but simple “Panda”
By Christopher Evans and David Liebenberg. Executive summary A new threat actor named "Panda" has generated thousands of dollars worth of the Monero cryptocurrency through the use of remote access tools (RATs) and illicit cryptocurrency-mining malware. This is far fr
Vulnerability Spotlight: Multiple vulnerabilities in Aspose PDF API
Marcin Noga of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered multiple remote code execution vulnerabilities in the Aspose.PDF API. Aspose provides a series of APIs for manipulating or converting a large family of document formats. These vulnerabil
New Cisco Talos web reputation verdicts
Cisco Talos has updated and expanded the Talos Threat Levels used to describe our web reputation verdicts. As you will see in the chart below, we are increasing the amount of reputation verdicts from three to five. We are retaining the Unknown category, just as before. Cisco Se
Vulnerability Spotlight: AMD ATI Radeon ATIDXX64.DLL shader functionality remote code execution vulnerability
Piotr Bania of Cisco Talos discovered this vulnerability. Some AMD Radeon cards contain a remote code execution vulnerability in their ATIDXX64.DLL driver. AMD produces the Radeon line of hardware, which includes graphics cards and graphics processing units. This specific vulner
Vulnerability Spotlight: Multiple vulnerabilities in Atlassian Jira
Ben Taylor of Cisco ASIG discovered these vulnerabilities. Atlassian’s Jira software contains multiple vulnerabilities that could allow an attacker to carry out a variety of actions, including the disclosure of sensitive information and the remote execution of JavaScript code. J
Threat Roundup for September 6 to September 13
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Sept. 6 and Sept. 13. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting
Threat Source newsletter (Sept. 12, 2019)
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. You’ve heard it a million times: Always patch. But in case you needed another example that it’s important, Cisco Inc
Watchbog and the Importance of Patching
What Happened? Cisco Incident Response (CSIRS) recently responded to an incident involving the Watchbog cryptomining botnet. The attackers were able to exploit CVE-2018-1000861 to gain a foothold and install the Watchbog malware on the affected systems. This Linux-based malw