2032 matches found
Vulnerability Spotlight: Iceni Infix PDF Editor Memory Corruption
Today, Talos is disclosing a vulnerability that has been identified in Iceni Infix PDF Editor that could lead to arbitrary code execution on affected hosts. This vulnerability manifests in a way that could be exploited if a user opens a specifically crafted PDF file that triggers this flaw. Talos...
Attack on Critical Infrastructure Leverages Template Injection
Contributors: Sean Baird, Earl Carter, Erick Galinkin, Christopher Marczewski & Joe Marshall Executive SummaryAttackers are continually trying to find new ways to target users with malware sent via email. Talos has identified an email-based attack targeting the energy sector, including nuclear...
Threat Round-up for June 30 - July 07
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between June 30 and July 07. As with previous round-ups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavior characteristics,...
Vulnerability Spotlight: TALOS-2017-0311,0319,0321 - Multiple Remote Code Execution Vulnerability in Poppler PDF library
Vulnerability discovered by Marcin Noga, Lilith Wyatt and Aleksandar Nikolic of Cisco Talos.OverviewTalos has discovered multiple vulnerabilities in the freedesktop.org Poppler PDF library. Exploiting these vulnerabilities can allow an attacker to gain full control over the victim's machine. If a...
New KONNI Campaign References North Korean Missile Capabilities
This blog was authored by Paul RascagneresExecutive SummaryWe recently wrote about the KONNI Remote Access Trojan RAT which has been distributed by a small number of campaigns over the past 3 years. We have identified a new distribution campaign which took place on 4th July. The malware used in...
The MeDoc Connection
This Post Authored by David Maynor, Aleksandar Nikolic, Matt Olney, and Yves YounanSummaryThe Nyetya attack was a destructive ransomware variant that affected many organizations inside of Ukraine and multinational corporations with operations in Ukraine. In cooperation with Cisco Advanced Service...
Vulnerability Spotlight: Dell Precision Optimizer and Invincea Vulnerabilities
Vulnerabilities discovered by Marcin ‘Icewall’ Noga of Cisco Talos.OverviewTalos are releasing advisories for vulnerabilities in the Dell Precision Optimizer application service software, Invincea-X and Invincea Dell Protected Workspace. These packages are pre-installed on certain Dell systems...
New Ransomware Variant "Nyetya" Compromises Systems Worldwide
Note: This blog post discusses active research by Talos into a new threat. This information should be considered preliminary and will be updated as research continues.Update 2017-07-06 12:30 EDT: Updated to explain the modified DoublePulsar backdoor.Since the SamSam attacks that targeted US...
Threat Round-up for June 16 - June 23
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between June 16 and June 23. As with previous round-ups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavior characteristics,...
Vulnerability Spotlight: Multiple Vulnerabilities in InsideSecure MatrixSSL
These vulnerabilities were discovered by Aleksandar Nikolic of Cisco TalosOverviewMatrixSSL is a TLS/SSL stack offered in the form of a Software Development Kit SDK that is geared towards application in Internet of Things IOT devices and other embedded systems. It features low resource overhead a...
Player 1 Limps Back Into the Ring - Hello again, Locky!
This post was authored by Alex Chiu, Warren Mercer, and Jaeson Schultz. Sean Baird and Matthew Molyett contributed to this post.Back in May, the Necurs spam botnet jettisoned Locky ransomware in favor of the new Jaff ransomware variant. However, earlier this month Kaspersky discovered a...
Talos Targets Disinformation with Fake News Challenge Victory
This post was authored by Sean Baird with contributions by Doug Sibley and Yuxi PanExecutive SummaryFor the past several months, the problem of “fake news” has been abuzz in news headlines, tweets, and social media posts across the web. With historical roots in information warfare and...
Delphi Used To Score Against Palestine
This blog was authored by Paul Rascagneres and Warren Mercer with contributions from Emmanuel Tacheau, Vanja Svajcer and Martin Lee.Executive SummaryTalos continuously monitors malicious emails campaigns. We identified one specific spear phishing campaign launched against targets within Palestine...
Vulnerability Spotlight: Multiple Foscam C1 Vulnerabilities Come in to Focus
Executive SummaryThe Foscam C1 is a webcam that is marketed for use in a variety of applications including home security monitoring. As an indoor webcam, it is designed to be set up inside of a building and features the ability to be accessed remotely via a web interface or from within a mobile...
BASS - BASS Automated Signature Synthesizer
This blog post was authored by Jonas Zaddach and Mariano Graziano.Executive SummaryGiven the rapid pace of change in the threat landscape with new threats emerging and existing ones evolving, there are bound to be challenges defenders face. These challenges can manifest in multiple ways, such as...
Deep dive in Lexmark Perceptive Document Filters Exploitation
This post authored by Marcin Noga with contributions from Nick BiasiniIntroductionTalos discovers and releases software vulnerabilities on a regular basis. We don't always publish a deep technical analysis of how the vulnerability was discovered or its potential impact. This blog will cover these...
Microsoft Patch Tuesday - June 2017
Today, Microsoft has release their monthly set of security updates designed to address vulnerabilities. This month's release addresses 92 vulnerabilities with 17 of them rated critical and 75 rated important. Impacted products include Edge, Internet Explorer, Office, Sharepoint, Skype for Busines...
BWT EP6: Enter the Talos, But Please Use a Unique Password
LISTEN HERE:Listen via iTunesListen directly on the Talos Podcasts page.Episode Notes:The team discusses how to get into threat intel and join a team like Talos. There are many routes to enter the Talos, but no exits. Seriously, they won’t let me leave. Passwords, vaults, and other access control...
Threat Round-up for June 2 - June 9
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between June 02 and June 09. As with previous round-ups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavior characteristics,...
The Internet of Vulnerable Things
IntroductionTechnological progress is resulting in computing systems that are smaller, cheaper and consuming less power. These micro-computing systems are able to be integrated into everyday objects; when coupled with ubiquitous wireless connectivity these devices form the “Internet of Things”. T...
BWT EP5 - It Has Been 0-days Since This Term was Abused
Beers with Talos Episode 5 "It Has Been 0-days Since This Term was Abused" is now availableListen here:Listen via iTunesListen directly on the Talos Podcasts page.Episode Notes:The crew talks about the potential of Samba echoing WannaCry and blocking SMB ports but you already did that, RIGHT?. We...
Threat Round-up for May 19 - May 26
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between May 19 and May 26. As with previous round-ups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavior characteristics,...
Samba Vulnerability: Dancing Its Way to a Network Near You
OverviewToday, a new vulnerability affecting the widely used Samba software was released. Samba is the SMB/CIFS protocol commonly used in NIX operating systems. CVE-2017-7494 has the potential to impact many systems around the world. This vulnerability could allow a user to upload a shared librar...
File2pcap - The Talos Swiss Army Knife of Snort Rule Creation
This post was authored by Martin Zeiser with contributions by Joel EslerAt Talos we are constantly on the lookout for threats to our customers networks, and part of the protection process is creating Snort rules for the latest vulnerabilities in order to detect any attacks.To improve your...
Modified Zyklon and plugins from India
IntroductionStreams of malicious emails Talos inspects every day usually consist of active spamming campaigns for various ransomware families, phishing campaigns and the common malware family suspects such as banking Trojans and bots.. It is however often more interesting to analyze campaigns...
Cisco Coverage for Adylkuzz, Uiwix, and EternalRocks
When the WannaCry attack was launched a little over a week ago, it was one of the first large scale attacks leveraging the data that was leaked by the Shadow Brokers. At the time the real concern was how quickly we would begin to see other threats leverage the same vulnerabilities. Over the past...
Terror Evolved: Exploit Kit Matures
This post is authored by Holger Unterbrink and Emmanuel Tacheau Executive SummaryTalos is monitoring the major Exploit KitsEK on an ongoing basis. While investigating the changes we recently observed in the RIG EK campaigns, we identified another well known candidate: Terror Exploit Kit.Terror EK...
Beers with Talos Podcast Now Available
The first episodes of Beers with Talos are now available on iTunes and directly on talosintelligence.com/podcasts.When Talos decided to make a threat intelligence podcast, we wanted to make it different than your typical buttoned down, subdued security podcast. The BWT crew: Craig, Joel, a...
Arbitrary Code Execution Vulnerabilities in MuPDF Identified and Patched
Talos is disclosing the presence of two vulnerabilities in the Artifex MuPDF renderer. MuPDF is a lightweight PDF parsing and rendering library featuring high fidelity graphics, high speed, and compact code size which makes it a fairly popular PDF library for embedding in different projects,...
Player 3 Has Entered the Game: Say Hello to 'WannaCry'
This post was authored by Martin Lee, Warren Mercer, Paul Rascagneres, and Craig Williams.Executive SummaryA major ransomware attack has affected many organizations across the world reportedly including Telefonica in Spain, the National Health Service in the UK, and FedEx in the US. The malware...
Threat Round-up for May 05 - May 12
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between May 05 and May 12. As with previous round-ups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavior characteristics,...
Jaff Ransomware: Player 2 Has Entered The Game
This post was written by Nick Biasini, Edmund Brumaghin and Warren Mercer with contributions from Colin GradySummaryTalos is constantly monitoring the email threat landscape and tracking both new threats as well as changes to existing threats. We recently observed several large scale email...