Threat Roundup for Jan. 11 to Jan. 18
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Jan. 11 and Jan. 18. As with previous roundups, this post isn't meant to be an...
Threat Research
What we learned by unpacking a recent wave of Imminent RAT infections using AMP
Cisco Talos has been tracking a series of Imminent RAT infections for the past two months following reported data from Cisco Advanced Malware Protection's (AMP) Exploit Prevention engine. AMP successfully...
Emotet re-emerges after the holidays
While Emotet has been around for many years and is one of the most well-known pieces of malware in the wild, that doesn't mean attackers don't try to freshen it...
Vulnerability Deep Dive: TP-Link TL-R600VPN remote code execution vulnerabilities
Introduction TP-Link recently patched three vulnerabilities in their TL-R600VPN gigabit broadband VPN router, firmware version 1.3.0. Cisco Talos publicly disclosed these issues after working with TP-Link to ensure...
Pylocky Unlocked: Cisco Talos releases PyLocky ransomware decryptor
PyLocky is a family of ransomware written in Python that attempts to masquerade as a Locky variant. This ransomware will encrypt all files on a victim machine before...
Why we want users’ feedback on Snort rule documentation
Today, Talos is launching a new community survey to solicit feedback on SNORTⓇ documentation. When Snort alerts the end user, the rule documentation is their first and possibly only avenue...
Microsoft Patch Tuesday — January 2019: Vulnerability disclosures and Snort coverage
Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 49 vulnerabilities, seven of which are rated “critical,”...
Vulnerability Spotlight: Multiple privilege escalation vulnerabilities in CleanMyMac X
Tyler Bohan of Cisco Talos discovered several vulnerabilities in MacPaw’s CleanMyMac X software, a cleanup application for Mac operating systems that allows users to free up space on their machines.
Threat Roundup for Dec. 14 to Dec. 21
Summary of threats observed between December 14-21. Our customers are automatically protected from these threats, but we highlight key behavioral characteristics and indicators of compromise (not in-depth analysis).