2032 matches found
Vulnerability Spotlight: Google PDFium Tiff Code Execution
OverviewTalos is disclosing a single off-by-one read/write vulnerability found in the TIFF image decoder functionality of PDFium as used in Google Chrome up to and including version 60.0.3112.101. Google Chrome is the most widely used web browser today and a specially crafted PDF could trigger th...
Beers with Talos EP 15: Landing a Job, Phishing Midstream, and Paul’s IDA Palette
Beers with Talos BWT Podcast Episode 15 is now available. Download this episode and subscribe to Beers with Talos:img border="0" data-original-height="45" data-original-width="160" src="https://2.bp.blogspot.com/-E-RSSZ9jbUY/WaWCkLGZnZI/AAAAAAAAAJE/Ciiz-Si4oA0cgR9tMGSGbT9336qr...
Threat Round Up for Oct 6 - Oct 13
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between October 6 and October 13. As with previous round-ups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavior...
Disassembler and Runtime Analysis
This post was authored by Paul Rascagneres.IntroductionIn the CCleaner 64bit stage 2 previously described in our blog, we explained that the attacker modified a legitimate executable that is part of "Symantec Endpoint". This file is named EFACli64.dll. The modification is performed in the runtime...
Spoofed SEC Emails Distribute Evolved DNSMessenger
This post was authored by Edmund Brumaghin, Colin Grady, with contributions from Dave Maynor and @Simpo13.Executive SummaryCisco Talos previously published research into a targeted attack that leveraged an interesting infection process using DNS TXT records to create a bidirectional command and...
Microsoft Patch Tuesday - October 2017
Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 63 new vulnerabilities with 28 of them rated critical and 35 rated important. These vulnerabilities impact Graphic...
Vulnerability Spotlight: Arbitrary Code Execution Bugs in Simple DirectMedia Layer Fixed
Today, Talos is disclosing two vulnerabilities that have been identified in the Simple DirectMedia Layer library. Simple DirectMedia Layer SDL is a cross-platform development library designed for use in video playback software, emulators, and games by providing low level access to audio, keyboard...
Vulnerability Spotlight: Multiple vulnerabilities in Computerinsel Photoline
These vulnerabilities are discovered by Piotr Bania of Cisco Talos.Today, Talos is releasing details of multiple vulnerabilities discovered within the Computerinsel GmbH PhotoLine image processing software. PhotoLine, developed by Computerinsel GmbH, is a well established raster and vector graphi...
Beers with Talos EP14: Ranking Threats and Avoiding Bush League Breach Response
Beers with Talos BWT Podcast Episode 14 is now available. Download this episode and subscribe to Beers with Talos:If iTunes and Google Play aren't your thing: a href="http://www.talosin...
Threat Round Up for Sept 22 - Sept 29
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between September 22 and September 29. As with previous round-ups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavior...
Banking Trojan Attempts To Steal Brazillion$
This post was authored by Warren Mercer, Paul Rascagneres and Vanja SvajcerIntroductionBanking trojans are among some of the biggest threats to everyday users as they directly impact the user in terms of financial loss. Talos recently observed a new campaign specific to South America, namely...
FIN7 Group Uses JavaScript and Stealer DLL Variant in New Attacks
This post was authored by Michael Gorelik and Josh ReynoldsExecutive SummaryThroughout this blog post we will be detailing a newly discovered RTF document family that is being leveraged by the FIN7 group also known as the Carbanak gang which is a financially-motivated group targeting the financia...
CCleaner Command and Control Causes Concern
This post was authored by Edmund Brumaghin, Earl Carter, Warren Mercer, Matthew Molyett, Matthew Olney, Paul Rascagneres and Craig Williams.Note: This blog post discusses active research by Talos into a new threat. This information should be considered preliminary and will be updated as research...
Beers with Talos EP 13:A Vast CCleanup, Strutting Your Stuff, and the Ex$ploit Economy
Beers with Talos BWT Podcast Episode 13 is now available. Download this episode and subscribe to Beers with Talos:If iTunes and Google Play aren't your thing: a href="ht...
CCleanup: A Vast Number of Machines at Risk
This post was authored by: Edmund Brumaghin, Ross Gibb, Warren Mercer, Matthew Molyett, and Craig WilliamsUpdate 9/18: CCleaner Cloud version 1.07.3191 is also reported to be affectedUpdate 9/19: This issue was discovered and reported by both Morphisec and Cisco in separate in-field cases and...
Threat Round Up For Sept 8 - Sept 15
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between September 08 and September 15. As with previous round-ups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavior...
Beers with Talos EP12 - IrmaGerd! The Internet Ate Our Podcast!
Beers with Talos BWT Podcast Episode 12 is now available. Download this episode and subscribe to Beers with Talos:If iTunes and Google Play aren't your thing: www.talosintelligence.com/podcastbr /...
Deep Dive in MarkLogic Exploitation Process via Argus PDF Converter
This post authored by Marcin Noga with contributions from William LargentTalos discovers and responsibly discloses software vulnerabilities on a regular basis. Occasionally we publish a deep technical analysis of how the vulnerability was discovered or its potential impact. In a previous post Tal...
Vulnerability Spotlight: YAML Parsing Remote Code Execution Vulnerabilities in Ansible Vault and Tablib
Vulnerabilities discovered by Cory Duplantis of Talos.Talos is disclosing the presences of remote code execution vulnerabilities in the processing of Yet Another Markup Language YAML content in Ansible Vault and Tablib. Attackers can exploit these vulnerabilities through supplying malicious YAML...
Vulnerability Spotlight: LibOFX Tag Parsing Code Execution Vulnerability
This vulnerability was discovered by Cory Duplantis of TalosUpdate 9/20/2017: A patch is now available to fix this issue.OverviewLibOFX is an open source implementation of OFX Open Financial Exchange an open format used by financial institutions to share financial data with clients. As an...
Microsoft Patch Tuesday - September 2017
Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 81 new vulnerabilities with 27 of them rated critical, 52 rated important, and 2 rated moderate. These...
Vulnerability Spotlight: TALOS-2017-0430/0431: Multiple Vulnerabilities in FreeXL Library
Vulnerability discovered by Marcin Noga of Cisco TalosOverviewTalos has discovered two remote code execution vulnerabilities in the the FreeXL library. FreeXL is an open source C library to extract valid data from within an Excel .xls spreadsheet. Exploiting these vulnerabilities can potentially...
Another Apache Struts Vulnerability Under Active Exploitation
This post authored by Nick Biasini with contributions from Alex Chiu.Earlier this week, a critical vulnerability in Apache Struts was publicly disclosed in a security advisory. This new vulnerability, identified as CVE-2017-9805, manifests due to the way the REST plugin uses XStreamHandler with a...
Vulnerability Spotlight: Content Security Policy bypass in Microsoft Edge, Google Chrome and Apple Safari
The vulnerabilities were discovered by Nicolai Grdum of Cisco.Today, Talos is releasing details of vulnerabilities discovered in Microsoft Edge browser as well as older versions of Google Chrome CVE-2017-5033 and browsers based on the Webkit such as Apple Safari CVE-2017-2419 . An attacker may be...
Graftor - But I Never Asked for This…
This post is authored by Holger Unterbrink and Matthew MolyettOverviewFree software often downloaded from large freeware distribution sites is a boon for the internet, providing users with functionality that otherwise they would not be able to use. Often users, happy that they are getting somethi...
Threat Round Up for Aug 25 - Sep 1
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between August 25 and September 1. As with previous round-ups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavior...
Back to Basics: Worm Defense in the Ransomware Age
This post was authored by Edmund Brumaghin "Those who cannot remember the past are condemned to repeat it." - George SantayanaThe PrequelIn March 2017, Microsoft released a security update for various versions of Windows, which addressed a remote code execution vulnerability affecting a protocol...
Vulnerability Spotlight: Multiple Gdk-Pixbuf Vulnerabilities
OverviewToday, Talos is disclosing the discovery of two remote code execution vulnerabilities which have been identified in the Gdk-Pixbuf Toolkit. This toolkit used in multiple desktop applications including Chromium, Firefox, GNOME thumbnailer, VLC and others. Exploiting this vulnerability allo...
Vulnerability Spotlight: Code Execution Vulnerability in LabVIEW
Vulnerability discovered by Cory Duplantis of Cisco Talos.Update: 9/1/17 - National Instruments has published the following advisoryOverviewLabVIEW is a system design and development platform released by National Instruments. The software is widely used to create applications for data acquisition...
Beers with Talos EP11 - This is How the World Ends, Not with a Whimper but with Cyber Mercenaries
Beers with Talos BWT Podcast Episode 11 is now available. Download this episode and subscribe to Beers with Talos:If iTunes and Google Play aren't your thing: www.talosintelligence.com/podcastBeers wi...
Vulnerability Spotlight: Lexmark Perceptive Document Filters Code Execution Bugs
OverviewTalos is disclosing a pair of code execution vulnerabilities in Lexmark Perceptive Document Filters. Perceptive Document Filters are a series of libraries that are used to parse massive amounts of different types of file formats for multiple purposes. Talos has previously discussed in...
Threat Round-up for Aug 11 - Aug 18
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between August 11 and August 18. As with previous round-ups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavior...
Booters with Chinese Characteristics: The Rise of Chinese Online DDoS Platforms
This post was authored by Dave LiebenbergIn the past few months, Talos has observed an uptick in the number of Chinese websites offering online DDoS services. Many of these websites have a nearly identical layout and design, offering a simple interface in which the user selects a target’s host,...
When combining exploits for added effect goes wrong
IntroductionSince public disclosure in April 2017, CVE-2017-0199 has been frequently used within malicious Office documents. The vulnerability allows attackers to include Ole2Link objects within RTF documents to launch remote code when HTA applications are opened and parsed by Microsoft Word.In...
WinDBG and JavaScript Analysis
This blog was authored by Paul Rascagneres.IntroductionJavaScript is frequently used by malware authors to execute malicious code on Windows systems because it is powerful, natively available and rarely disabled. Our previous article on .NET analysis generated much interest relating to how to use...
Microsoft Patch Tuesday - August 2017
Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 48 new vulnerabilities with 25 of them rated critical, 21 rated important, and 2 rated moderate. These...
Vulnerability Spotlight: Adobe Reader DC Parser Confusion
Parser vulnerabilities in common software packages such as Adobe Acrobat Reader pose a significant security risk to large portions of the internet. The fact that these software packages typically have a large footprints often gives attackers a broad attack surface they can potentially leverage fo...
On Conveying Doubt
This post was authored by Matt Olney.Typically, Talos has the luxury of time when conducting research. We can carefully draft a report that clearly lays out the evidence and leads the reader to a clear understanding of our well supported findings. A great deal of time is spent ensuring that the...
Threat Round-up for July 28 - August 4
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between July 28 and August 04. As with previous round-ups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavior characteristic...
Vulnerability Spotlight: Kakadu SDK Vulnerabilities
Vulnerabilities discovered by Aleksandar Nikolic and Tyler Bohan of Cisco Talos.Today, Talos is disclosing multiple vulnerabilities that have been identified in the Kakadu JPEG 2000 SDK. The vulnerabilities manifest in a way that could be exploited if a user opens a specifically crafted JPEG 2000...
Taking the FIRST look at Crypt0l0cker
This post is authored by Matthew Molyett.Executive SummaryIn March, Talos reported on the details of Crypt0l0cker based on an extensive analysis I carried out on the sample binaries. Binaries -- plural -- because, as noted in the original blog, the Crypt0l0cker payload leveraged numerous executab...
Vulnerability Spotlight: EZB Systems UltraISO ISO Parsing Code Execution Vulnerability
Discovered by Piotr Bania of Cisco Talos.Today, Talos is releasing details of a new vulnerability discovered within the EZB Systems UltraISO ISO disk image creator software. TALOS-2017-0342 CVE-2017-2840 may allow an attacker to execute arbitrary code remotely on the vulnerable system when a...
Vulnerability Spotlight: FreeRDP Multiple Vulnerabilities
Vulnerabilities discovered by Tyler Bohan of TalosOverviewTalos has discovered multiple vulnerabilities in the FreeRDP product. FreeRDP is a free implementation of the Remote Desktop Protocol RDP originally developed by Microsoft. RDP allows users to connect remotely to systems so they can be...
Threat Round-up for July 14 - July 21
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between July 14 and July 21. As with previous round-ups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavior characteristics,...
Vulnerability Spotlight: Multiple Vulnerabilities in CorelDRAW X8
Today, Talos is disclosing several vulnerabilities that have been identified in CorelDRAW X8. CorelDRAW X8 is graphics suite used for manipulating raster and vector images and is a common alternative to Adobe Creative Cloud. Several of the vulnerabilities being disclosed today specifically affect...
Vulnerabilities in ProcessMaker, WebFOCUS, and OpenFire Identified and Patched
Today, Talos is disclosing several vulnerabilities that have been identified by Portcullis in various software products. All four vulnerabilities have been responsibly disclosed to each respective developer in order ensure they are addressed. In order better protect our customers, Talos has also...
Unravelling .NET with the Help of WinDBG
This blog was authored by Paul Rascagneres and Warren Mercer.Introduction.NET is an increasingly important component of the Microsoft ecosystem providing a shared framework for interoperability between different languages and hardware platforms. Many Microsoft tools, such as PowerShell, and other...
PyREBox, a Python Scriptable Reverse Engineering Sandbox
This post was authored by Xabier Ugarte PedreroIn Talos, we are continuously trying to improve our research and threat intelligence capabilities. As a consequence, we not only leverage standard tools for analysis, but we also focus our efforts on innovation, developing our own technology to...
Memcached - A Story of Failed Patching & Vulnerable Servers
This blog authored by Aleksandar Nikolich and David Maynor with contributions from Nick BiasiniMemcached - Not secure, Not Patched Fast Enough Recently high profile vulnerabilities in systems were used to unleash several global ransomware attacks that greatly impacted organizations. These types o...
Microsoft Patch Tuesday - July 2017
Today, Microsoft has release their monthly set of security updates designed to address vulnerabilities. This month's release addresses 54 vulnerabilities with 19 of them rated critical, 32 rated important, and 3 rated moderate. Impacted products include Edge, .NET Framework, Internet Explorer,...