Lucene search
K
TalosblogRecent

2032 matches found

Talos Blog
Talos Blog
added 2017/10/19 1:51 p.m.48 views

Vulnerability Spotlight: Google PDFium Tiff Code Execution

OverviewTalos is disclosing a single off-by-one read/write vulnerability found in the TIFF image decoder functionality of PDFium as used in Google Chrome up to and including version 60.0.3112.101. Google Chrome is the most widely used web browser today and a specially crafted PDF could trigger th...

8.9AI score0.01999EPSS
Exploits1
Talos Blog
Talos Blog
added 2017/10/18 3:30 a.m.18 views

Beers with Talos EP 15: Landing a Job, Phishing Midstream, and Paul’s IDA Palette

Beers with Talos BWT Podcast Episode 15 is now available. Download this episode and subscribe to Beers with Talos:img border="0" data-original-height="45" data-original-width="160" src="https://2.bp.blogspot.com/-E-RSSZ9jbUY/WaWCkLGZnZI/AAAAAAAAAJE/Ciiz-Si4oA0cgR9tMGSGbT9336qr...

6.7AI score
Exploits0
Talos Blog
Talos Blog
added 2017/10/13 12:1 p.m.54 views

Threat Round Up for Oct 6 - Oct 13

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between October 6 and October 13. As with previous round-ups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavior...

7.2AI score
Exploits0
Talos Blog
Talos Blog
added 2017/10/12 4:26 a.m.26 views

Disassembler and Runtime Analysis

This post was authored by Paul Rascagneres.IntroductionIn the CCleaner 64bit stage 2 previously described in our blog, we explained that the attacker modified a legitimate executable that is part of "Symantec Endpoint". This file is named EFACli64.dll. The modification is performed in the runtime...

6.9AI score
Exploits0
Talos Blog
Talos Blog
added 2017/10/11 9:11 a.m.77 views

Spoofed SEC Emails Distribute Evolved DNSMessenger

This post was authored by Edmund Brumaghin, Colin Grady, with contributions from Dave Maynor and @Simpo13.Executive SummaryCisco Talos previously published research into a targeted attack that leveraged an interesting infection process using DNS TXT records to create a bidirectional command and...

7.6AI score
Exploits0
Talos Blog
Talos Blog
added 2017/10/10 1:25 p.m.118 views

Microsoft Patch Tuesday - October 2017

Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 63 new vulnerabilities with 28 of them rated critical and 35 rated important. These vulnerabilities impact Graphic...

10CVSS1.9AI score0.81627EPSS
Exploits39
Talos Blog
Talos Blog
added 2017/10/10 7:56 a.m.87 views

Vulnerability Spotlight: Arbitrary Code Execution Bugs in Simple DirectMedia Layer Fixed

Today, Talos is disclosing two vulnerabilities that have been identified in the Simple DirectMedia Layer library. Simple DirectMedia Layer SDL is a cross-platform development library designed for use in video playback software, emulators, and games by providing low level access to audio, keyboard...

6.8CVSS1.1AI score0.03072EPSS
Exploits3
Talos Blog
Talos Blog
added 2017/10/04 12:5 p.m.49 views

Vulnerability Spotlight: Multiple vulnerabilities in Computerinsel Photoline

These vulnerabilities are discovered by Piotr Bania of Cisco Talos.Today, Talos is releasing details of multiple vulnerabilities discovered within the Computerinsel GmbH PhotoLine image processing software. PhotoLine, developed by Computerinsel GmbH, is a well established raster and vector graphi...

6.8CVSS1.9AI score0.01835EPSS
Exploits7
Talos Blog
Talos Blog
added 2017/10/03 5:38 p.m.27 views

Beers with Talos EP14: Ranking Threats and Avoiding Bush League Breach Response

Beers with Talos BWT Podcast Episode 14 is now available. Download this episode and subscribe to Beers with Talos:If iTunes and Google Play aren't your thing: a href="http://www.talosin...

6.9AI score
Exploits0
Talos Blog
Talos Blog
added 2017/09/29 1:56 p.m.58 views

Threat Round Up for Sept 22 - Sept 29

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between September 22 and September 29. As with previous round-ups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavior...

7.1AI score
Exploits0
Talos Blog
Talos Blog
added 2017/09/28 8:9 a.m.66 views

Banking Trojan Attempts To Steal Brazillion$

This post was authored by Warren Mercer, Paul Rascagneres and Vanja SvajcerIntroductionBanking trojans are among some of the biggest threats to everyday users as they directly impact the user in terms of financial loss. Talos recently observed a new campaign specific to South America, namely...

7.6AI score
Exploits0
Talos Blog
Talos Blog
added 2017/09/27 10:38 a.m.86 views

FIN7 Group Uses JavaScript and Stealer DLL Variant in New Attacks

This post was authored by Michael Gorelik and Josh ReynoldsExecutive SummaryThroughout this blog post we will be detailing a newly discovered RTF document family that is being leveraged by the FIN7 group also known as the Carbanak gang which is a financially-motivated group targeting the financia...

7.7AI score
Exploits0
Talos Blog
Talos Blog
added 2017/09/20 2:57 p.m.51 views

CCleaner Command and Control Causes Concern

This post was authored by Edmund Brumaghin, Earl Carter, Warren Mercer, Matthew Molyett, Matthew Olney, Paul Rascagneres and Craig Williams.Note: This blog post discusses active research by Talos into a new threat. This information should be considered preliminary and will be updated as research...

7.1AI score
Exploits0
Talos Blog
Talos Blog
added 2017/09/20 7:37 a.m.20 views

Beers with Talos EP 13:A Vast CCleanup, Strutting Your Stuff, and the Ex$ploit Economy

Beers with Talos BWT Podcast Episode 13 is now available. Download this episode and subscribe to Beers with Talos:If iTunes and Google Play aren't your thing: a href="ht...

6.9AI score
Exploits0
Talos Blog
Talos Blog
added 2017/09/18 12:51 a.m.1163 views

CCleanup: A Vast Number of Machines at Risk

This post was authored by: Edmund Brumaghin, Ross Gibb, Warren Mercer, Matthew Molyett, and Craig WilliamsUpdate 9/18: CCleaner Cloud version 1.07.3191 is also reported to be affectedUpdate 9/19: This issue was discovered and reported by both Morphisec and Cisco in separate in-field cases and...

7.6AI score
Exploits0
Talos Blog
Talos Blog
added 2017/09/15 1:10 p.m.742 views

Threat Round Up For Sept 8 - Sept 15

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between September 08 and September 15. As with previous round-ups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavior...

9.3CVSS0.8AI score0.99933EPSS
Exploits29
Talos Blog
Talos Blog
added 2017/09/14 12:54 p.m.16 views

Beers with Talos EP12 - IrmaGerd! The Internet Ate Our Podcast!

Beers with Talos BWT Podcast Episode 12 is now available. Download this episode and subscribe to Beers with Talos:If iTunes and Google Play aren't your thing: www.talosintelligence.com/podcastbr /...

6.8AI score
Exploits0
Talos Blog
Talos Blog
added 2017/09/14 12:38 p.m.225 views

Deep Dive in MarkLogic Exploitation Process via Argus PDF Converter

This post authored by Marcin Noga with contributions from William LargentTalos discovers and responsibly discloses software vulnerabilities on a regular basis. Occasionally we publish a deep technical analysis of how the vulnerability was discovered or its potential impact. In a previous post Tal...

6.8CVSS8.6AI score0.02062EPSS
Exploits2
Talos Blog
Talos Blog
added 2017/09/14 7:30 a.m.311 views

Vulnerability Spotlight: YAML Parsing Remote Code Execution Vulnerabilities in Ansible Vault and Tablib

Vulnerabilities discovered by Cory Duplantis of Talos.Talos is disclosing the presences of remote code execution vulnerabilities in the processing of Yet Another Markup Language YAML content in Ansible Vault and Tablib. Attackers can exploit these vulnerabilities through supplying malicious YAML...

7.5CVSS1.7AI score0.0487EPSS
Exploits3
Talos Blog
Talos Blog
added 2017/09/13 7:24 a.m.51 views

Vulnerability Spotlight: LibOFX Tag Parsing Code Execution Vulnerability

This vulnerability was discovered by Cory Duplantis of TalosUpdate 9/20/2017: A patch is now available to fix this issue.OverviewLibOFX is an open source implementation of OFX Open Financial Exchange an open format used by financial institutions to share financial data with clients. As an...

6.8CVSS1.9AI score0.02393EPSS
Exploits1
Talos Blog
Talos Blog
added 2017/09/12 3:41 p.m.248 views

Microsoft Patch Tuesday - September 2017

Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 81 new vulnerabilities with 27 of them rated critical, 52 rated important, and 2 rated moderate. These...

9.3CVSS1.8AI score0.88698EPSS
Exploits59
Talos Blog
Talos Blog
added 2017/09/11 8:35 a.m.54 views

Vulnerability Spotlight: TALOS-2017-0430/0431: Multiple Vulnerabilities in FreeXL Library

Vulnerability discovered by Marcin Noga of Cisco TalosOverviewTalos has discovered two remote code execution vulnerabilities in the the FreeXL library. FreeXL is an open source C library to extract valid data from within an Excel .xls spreadsheet. Exploiting these vulnerabilities can potentially...

1.1AI score0.03313EPSS
Exploits2
Talos Blog
Talos Blog
added 2017/09/07 3:42 p.m.575 views

Another Apache Struts Vulnerability Under Active Exploitation

This post authored by Nick Biasini with contributions from Alex Chiu.Earlier this week, a critical vulnerability in Apache Struts was publicly disclosed in a security advisory. This new vulnerability, identified as CVE-2017-9805, manifests due to the way the REST plugin uses XStreamHandler with a...

10CVSS0.7AI score0.99999EPSS
Exploits66
Talos Blog
Talos Blog
added 2017/09/06 11:18 a.m.52 views

Vulnerability Spotlight: Content Security Policy bypass in Microsoft Edge, Google Chrome and Apple Safari

The vulnerabilities were discovered by Nicolai Grdum of Cisco.Today, Talos is releasing details of vulnerabilities discovered in Microsoft Edge browser as well as older versions of Google Chrome CVE-2017-5033 and browsers based on the Webkit such as Apple Safari CVE-2017-2419 . An attacker may be...

5CVSS0.2AI score0.02472EPSS
Exploits1
Talos Blog
Talos Blog
added 2017/09/05 8:0 a.m.124 views

Graftor - But I Never Asked for This…

This post is authored by Holger Unterbrink and Matthew MolyettOverviewFree software often downloaded from large freeware distribution sites is a boon for the internet, providing users with functionality that otherwise they would not be able to use. Often users, happy that they are getting somethi...

7.3AI score
Exploits0
Talos Blog
Talos Blog
added 2017/09/01 10:12 a.m.65 views

Threat Round Up for Aug 25 - Sep 1

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between August 25 and September 1. As with previous round-ups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavior...

7.3AI score
Exploits0
Talos Blog
Talos Blog
added 2017/08/31 8:5 a.m.26 views

Back to Basics: Worm Defense in the Ransomware Age

This post was authored by Edmund Brumaghin "Those who cannot remember the past are condemned to repeat it." - George SantayanaThe PrequelIn March 2017, Microsoft released a security update for various versions of Windows, which addressed a remote code execution vulnerability affecting a protocol...

7.7AI score
Exploits0
Talos Blog
Talos Blog
added 2017/08/30 12:6 p.m.67 views

Vulnerability Spotlight: Multiple Gdk-Pixbuf Vulnerabilities

OverviewToday, Talos is disclosing the discovery of two remote code execution vulnerabilities which have been identified in the Gdk-Pixbuf Toolkit. This toolkit used in multiple desktop applications including Chromium, Firefox, GNOME thumbnailer, VLC and others. Exploiting this vulnerability allo...

6.8CVSS1.4AI score0.04599EPSS
Exploits5
Talos Blog
Talos Blog
added 2017/08/29 8:9 a.m.125 views

Vulnerability Spotlight: Code Execution Vulnerability in LabVIEW

Vulnerability discovered by Cory Duplantis of Cisco Talos.Update: 9/1/17 - National Instruments has published the following advisoryOverviewLabVIEW is a system design and development platform released by National Instruments. The software is widely used to create applications for data acquisition...

9.3CVSS8.1AI score0.30666EPSS
Exploits3
Talos Blog
Talos Blog
added 2017/08/29 7:14 a.m.24 views

Beers with Talos EP11 - This is How the World Ends, Not with a Whimper but with Cyber Mercenaries

Beers with Talos BWT Podcast Episode 11 is now available. Download this episode and subscribe to Beers with Talos:If iTunes and Google Play aren't your thing: www.talosintelligence.com/podcastBeers wi...

6.8AI score
Exploits0
Talos Blog
Talos Blog
added 2017/08/28 8:30 a.m.60 views

Vulnerability Spotlight: Lexmark Perceptive Document Filters Code Execution Bugs

OverviewTalos is disclosing a pair of code execution vulnerabilities in Lexmark Perceptive Document Filters. Perceptive Document Filters are a series of libraries that are used to parse massive amounts of different types of file formats for multiple purposes. Talos has previously discussed in...

6.8CVSS9.2AI score0.02303EPSS
Exploits2
Talos Blog
Talos Blog
added 2017/08/18 11:15 a.m.22 views

Threat Round-up for Aug 11 - Aug 18

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between August 11 and August 18. As with previous round-ups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavior...

6.9AI score
Exploits0
Talos Blog
Talos Blog
added 2017/08/15 10:14 a.m.52 views

Booters with Chinese Characteristics: The Rise of Chinese Online DDoS Platforms

This post was authored by Dave LiebenbergIn the past few months, Talos has observed an uptick in the number of Chinese websites offering online DDoS services. Many of these websites have a nearly identical layout and design, offering a simple interface in which the user selects a target’s host,...

7.3AI score
Exploits0
Talos Blog
Talos Blog
added 2017/08/14 9:55 a.m.741 views

When combining exploits for added effect goes wrong

IntroductionSince public disclosure in April 2017, CVE-2017-0199 has been frequently used within malicious Office documents. The vulnerability allows attackers to include Ole2Link objects within RTF documents to launch remote code when HTA applications are opened and parsed by Microsoft Word.In...

9.3CVSS8AI score0.99966EPSS
Exploits41
Talos Blog
Talos Blog
added 2017/08/09 8:41 a.m.105 views

WinDBG and JavaScript Analysis

This blog was authored by Paul Rascagneres.IntroductionJavaScript is frequently used by malware authors to execute malicious code on Windows systems because it is powerful, natively available and rarely disabled. Our previous article on .NET analysis generated much interest relating to how to use...

7.1AI score
Exploits0
Talos Blog
Talos Blog
added 2017/08/08 11:30 a.m.124 views

Microsoft Patch Tuesday - August 2017

Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 48 new vulnerabilities with 25 of them rated critical, 21 rated important, and 2 rated moderate. These...

9.3CVSS1.8AI score0.72116EPSS
Exploits52
Talos Blog
Talos Blog
added 2017/08/08 9:15 a.m.81 views

Vulnerability Spotlight: Adobe Reader DC Parser Confusion

Parser vulnerabilities in common software packages such as Adobe Acrobat Reader pose a significant security risk to large portions of the internet. The fact that these software packages typically have a large footprints often gives attackers a broad attack surface they can potentially leverage fo...

6.8CVSS9.7AI score0.26064EPSS
Exploits1
Talos Blog
Talos Blog
added 2017/08/07 12:5 p.m.23 views

On Conveying Doubt

This post was authored by Matt Olney.Typically, Talos has the luxury of time when conducting research. We can carefully draft a report that clearly lays out the evidence and leads the reader to a clear understanding of our well supported findings. A great deal of time is spent ensuring that the...

6.5AI score
Exploits0
Talos Blog
Talos Blog
added 2017/08/04 10:1 a.m.49 views

Threat Round-up for July 28 - August 4

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between July 28 and August 04. As with previous round-ups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavior characteristic...

6.7AI score
Exploits0
Talos Blog
Talos Blog
added 2017/08/04 9:31 a.m.35 views

Vulnerability Spotlight: Kakadu SDK Vulnerabilities

Vulnerabilities discovered by Aleksandar Nikolic and Tyler Bohan of Cisco Talos.Today, Talos is disclosing multiple vulnerabilities that have been identified in the Kakadu JPEG 2000 SDK. The vulnerabilities manifest in a way that could be exploited if a user opens a specifically crafted JPEG 2000...

7.2AI score
Exploits0
Talos Blog
Talos Blog
added 2017/08/03 8:35 a.m.25 views

Taking the FIRST look at Crypt0l0cker

This post is authored by Matthew Molyett.Executive SummaryIn March, Talos reported on the details of Crypt0l0cker based on an extensive analysis I carried out on the sample binaries. Binaries -- plural -- because, as noted in the original blog, the Crypt0l0cker payload leveraged numerous executab...

7.1AI score
Exploits0
Talos Blog
Talos Blog
added 2017/08/02 1:52 a.m.56 views

Vulnerability Spotlight: EZB Systems UltraISO ISO Parsing Code Execution Vulnerability

Discovered by Piotr Bania of Cisco Talos.Today, Talos is releasing details of a new vulnerability discovered within the EZB Systems UltraISO ISO disk image creator software. TALOS-2017-0342 CVE-2017-2840 may allow an attacker to execute arbitrary code remotely on the vulnerable system when a...

8.6AI score0.01732EPSS
Exploits2
Talos Blog
Talos Blog
added 2017/07/24 8:12 a.m.48 views

Vulnerability Spotlight: FreeRDP Multiple Vulnerabilities

Vulnerabilities discovered by Tyler Bohan of TalosOverviewTalos has discovered multiple vulnerabilities in the FreeRDP product. FreeRDP is a free implementation of the Remote Desktop Protocol RDP originally developed by Microsoft. RDP allows users to connect remotely to systems so they can be...

0.8AI score0.01826EPSS
Exploits6
Talos Blog
Talos Blog
added 2017/07/21 9:34 a.m.63 views

Threat Round-up for July 14 - July 21

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between July 14 and July 21. As with previous round-ups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavior characteristics,...

7.2AI score
Exploits0
Talos Blog
Talos Blog
added 2017/07/20 12:29 p.m.43 views

Vulnerability Spotlight: Multiple Vulnerabilities in CorelDRAW X8

Today, Talos is disclosing several vulnerabilities that have been identified in CorelDRAW X8. CorelDRAW X8 is graphics suite used for manipulating raster and vector images and is a common alternative to Adobe Creative Cloud. Several of the vulnerabilities being disclosed today specifically affect...

8.6AI score0.0274EPSS
Exploits5
Talos Blog
Talos Blog
added 2017/07/19 9:13 a.m.139 views

Vulnerabilities in ProcessMaker, WebFOCUS, and OpenFire Identified and Patched

Today, Talos is disclosing several vulnerabilities that have been identified by Portcullis in various software products. All four vulnerabilities have been responsibly disclosed to each respective developer in order ensure they are addressed. In order better protect our customers, Talos has also...

1.1AI score0.03842EPSS
Exploits5
Talos Blog
Talos Blog
added 2017/07/19 7:49 a.m.122 views

Unravelling .NET with the Help of WinDBG

This blog was authored by Paul Rascagneres and Warren Mercer.Introduction.NET is an increasingly important component of the Microsoft ecosystem providing a shared framework for interoperability between different languages and hardware platforms. Many Microsoft tools, such as PowerShell, and other...

7.4AI score
Exploits0
Talos Blog
Talos Blog
added 2017/07/17 6:55 p.m.84 views

PyREBox, a Python Scriptable Reverse Engineering Sandbox

This post was authored by Xabier Ugarte PedreroIn Talos, we are continuously trying to improve our research and threat intelligence capabilities. As a consequence, we not only leverage standard tools for analysis, but we also focus our efforts on innovation, developing our own technology to...

6.7AI score
Exploits0
Talos Blog
Talos Blog
added 2017/07/17 7:35 a.m.73 views

Memcached - A Story of Failed Patching & Vulnerable Servers

This blog authored by Aleksandar Nikolich and David Maynor with contributions from Nick BiasiniMemcached - Not secure, Not Patched Fast Enough Recently high profile vulnerabilities in systems were used to unleash several global ransomware attacks that greatly impacted organizations. These types o...

7.5CVSS0.1AI score0.45703EPSS
Exploits3
Talos Blog
Talos Blog
added 2017/07/11 12:59 p.m.184 views

Microsoft Patch Tuesday - July 2017

Today, Microsoft has release their monthly set of security updates designed to address vulnerabilities. This month's release addresses 54 vulnerabilities with 19 of them rated critical, 32 rated important, and 3 rated moderate. Impacted products include Edge, .NET Framework, Internet Explorer,...

10CVSS1.5AI score0.89889EPSS
Exploits29
Total number of security vulnerabilities2032