Lucene search
K
TalosblogRecent

2032 matches found

Talos Blog
Talos Blog
added 2017/07/11 7:29 a.m.126 views

Vulnerability Spotlight: Iceni Infix PDF Editor Memory Corruption

Today, Talos is disclosing a vulnerability that has been identified in Iceni Infix PDF Editor that could lead to arbitrary code execution on affected hosts. This vulnerability manifests in a way that could be exploited if a user opens a specifically crafted PDF file that triggers this flaw. Talos...

6.8CVSS8.3AI score0.01215EPSS
Exploits2
Talos Blog
Talos Blog
added 2017/07/07 1:34 p.m.98 views

Attack on Critical Infrastructure Leverages Template Injection

Contributors: Sean Baird, Earl Carter, Erick Galinkin, Christopher Marczewski & Joe Marshall Executive SummaryAttackers are continually trying to find new ways to target users with malware sent via email. Talos has identified an email-based attack targeting the energy sector, including nuclear...

7.2AI score
Exploits0
Talos Blog
Talos Blog
added 2017/07/07 9:30 a.m.45 views

Threat Round-up for June 30 - July 07

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between June 30 and July 07. As with previous round-ups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavior characteristics,...

6.9AI score
Exploits0
Talos Blog
Talos Blog
added 2017/07/07 8:27 a.m.122 views

Vulnerability Spotlight: TALOS-2017-0311,0319,0321 - Multiple Remote Code Execution Vulnerability in Poppler PDF library

Vulnerability discovered by Marcin Noga, Lilith Wyatt and Aleksandar Nikolic of Cisco Talos.OverviewTalos has discovered multiple vulnerabilities in the freedesktop.org Poppler PDF library. Exploiting these vulnerabilities can allow an attacker to gain full control over the victim's machine. If a...

7.5CVSS0.8AI score0.05566EPSS
Exploits5
Talos Blog
Talos Blog
added 2017/07/06 12:58 a.m.94 views

New KONNI Campaign References North Korean Missile Capabilities

This blog was authored by Paul RascagneresExecutive SummaryWe recently wrote about the KONNI Remote Access Trojan RAT which has been distributed by a small number of campaigns over the past 3 years. We have identified a new distribution campaign which took place on 4th July. The malware used in...

7.1AI score
Exploits0
Talos Blog
Talos Blog
added 2017/07/05 11:22 a.m.85 views

The MeDoc Connection

This Post Authored by David Maynor, Aleksandar Nikolic, Matt Olney, and Yves YounanSummaryThe Nyetya attack was a destructive ransomware variant that affected many organizations inside of Ukraine and multinational corporations with operations in Ukraine. In cooperation with Cisco Advanced Service...

7.8AI score
Exploits0
Talos Blog
Talos Blog
added 2017/06/30 11:5 a.m.66 views

Vulnerability Spotlight: Dell Precision Optimizer and Invincea Vulnerabilities

Vulnerabilities discovered by Marcin ‘Icewall’ Noga of Cisco Talos.OverviewTalos are releasing advisories for vulnerabilities in the Dell Precision Optimizer application service software, Invincea-X and Invincea Dell Protected Workspace. These packages are pre-installed on certain Dell systems...

7.9AI score0.01166EPSS
Exploits6
Talos Blog
Talos Blog
added 2017/06/27 11:2 a.m.91 views

New Ransomware Variant "Nyetya" Compromises Systems Worldwide

Note: This blog post discusses active research by Talos into a new threat. This information should be considered preliminary and will be updated as research continues.Update 2017-07-06 12:30 EDT: Updated to explain the modified DoublePulsar backdoor.Since the SamSam attacks that targeted US...

7.8AI score
Exploits0
Talos Blog
Talos Blog
added 2017/06/23 12:55 p.m.36 views

Threat Round-up for June 16 - June 23

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between June 16 and June 23. As with previous round-ups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavior characteristics,...

6.6AI score
Exploits0
Talos Blog
Talos Blog
added 2017/06/22 10:37 a.m.50 views

Vulnerability Spotlight: Multiple Vulnerabilities in InsideSecure MatrixSSL

These vulnerabilities were discovered by Aleksandar Nikolic of Cisco TalosOverviewMatrixSSL is a TLS/SSL stack offered in the form of a Software Development Kit SDK that is geared towards application in Internet of Things IOT devices and other embedded systems. It features low resource overhead a...

7.5CVSS0.8AI score0.02344EPSS
Exploits6
Talos Blog
Talos Blog
added 2017/06/21 2:0 p.m.27 views

Player 1 Limps Back Into the Ring - Hello again, Locky!

This post was authored by Alex Chiu, Warren Mercer, and Jaeson Schultz. Sean Baird and Matthew Molyett contributed to this post.Back in May, the Necurs spam botnet jettisoned Locky ransomware in favor of the new Jaff ransomware variant. However, earlier this month Kaspersky discovered a...

7.3AI score
Exploits0
Talos Blog
Talos Blog
added 2017/06/20 10:22 a.m.49 views

Talos Targets Disinformation with Fake News Challenge Victory

This post was authored by Sean Baird with contributions by Doug Sibley and Yuxi PanExecutive SummaryFor the past several months, the problem of “fake news” has been abuzz in news headlines, tweets, and social media posts across the web. With historical roots in information warfare and...

6.8AI score
Exploits0
Talos Blog
Talos Blog
added 2017/06/19 8:48 a.m.43 views

Delphi Used To Score Against Palestine

This blog was authored by Paul Rascagneres and Warren Mercer with contributions from Emmanuel Tacheau, Vanja Svajcer and Martin Lee.Executive SummaryTalos continuously monitors malicious emails campaigns. We identified one specific spear phishing campaign launched against targets within Palestine...

7.2AI score
Exploits0
Talos Blog
Talos Blog
added 2017/06/19 8:45 a.m.237 views

Vulnerability Spotlight: Multiple Foscam C1 Vulnerabilities Come in to Focus

Executive SummaryThe Foscam C1 is a webcam that is marketed for use in a variety of applications including home security monitoring. As an indoor webcam, it is designed to be set up inside of a building and features the ability to be accessed remotely via a web interface or from within a mobile...

7.5CVSS1.6AI score0.26248EPSS
Exploits29
Talos Blog
Talos Blog
added 2017/06/19 2:41 a.m.53 views

BASS - BASS Automated Signature Synthesizer

This blog post was authored by Jonas Zaddach and Mariano Graziano.Executive SummaryGiven the rapid pace of change in the threat landscape with new threats emerging and existing ones evolving, there are bound to be challenges defenders face. These challenges can manifest in multiple ways, such as...

7AI score
Exploits0
Talos Blog
Talos Blog
added 2017/06/14 11:41 a.m.36 views

Deep dive in Lexmark Perceptive Document Filters Exploitation

This post authored by Marcin Noga with contributions from Nick BiasiniIntroductionTalos discovers and releases software vulnerabilities on a regular basis. We don't always publish a deep technical analysis of how the vulnerability was discovered or its potential impact. This blog will cover these...

8.5AI score
Exploits0
Talos Blog
Talos Blog
added 2017/06/13 1:48 p.m.193 views

Microsoft Patch Tuesday - June 2017

Today, Microsoft has release their monthly set of security updates designed to address vulnerabilities. This month's release addresses 92 vulnerabilities with 17 of them rated critical and 75 rated important. Impacted products include Edge, Internet Explorer, Office, Sharepoint, Skype for Busines...

10CVSS1.9AI score0.90026EPSS
Exploits108
Talos Blog
Talos Blog
added 2017/06/13 1:5 p.m.11 views

BWT EP6: Enter the Talos, But Please Use a Unique Password

LISTEN HERE:Listen via iTunesListen directly on the Talos Podcasts page.Episode Notes:The team discusses how to get into threat intel and join a team like Talos. There are many routes to enter the Talos, but no exits. Seriously, they won’t let me leave. Passwords, vaults, and other access control...

6.8AI score
Exploits0
Talos Blog
Talos Blog
added 2017/06/09 11:41 a.m.11 views

Threat Round-up for June 2 - June 9

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between June 02 and June 09. As with previous round-ups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavior characteristics,...

6.8AI score
Exploits0
Talos Blog
Talos Blog
added 2017/06/06 10:0 a.m.20 views

The Internet of Vulnerable Things

IntroductionTechnological progress is resulting in computing systems that are smaller, cheaper and consuming less power. These micro-computing systems are able to be integrated into everyday objects; when coupled with ubiquitous wireless connectivity these devices form the “Internet of Things”. T...

6.9AI score
Exploits0
Talos Blog
Talos Blog
added 2017/05/30 11:42 a.m.14 views

BWT EP5 - It Has Been 0-days Since This Term was Abused

Beers with Talos Episode 5 "It Has Been 0-days Since This Term was Abused" is now availableListen here:Listen via iTunesListen directly on the Talos Podcasts page.Episode Notes:The crew talks about the potential of Samba echoing WannaCry and blocking SMB ports but you already did that, RIGHT?. We...

6.8AI score
Exploits0
Talos Blog
Talos Blog
added 2017/05/26 9:41 a.m.24 views

Threat Round-up for May 19 - May 26

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between May 19 and May 26. As with previous round-ups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavior characteristics,...

6.8AI score
Exploits0
Talos Blog
Talos Blog
added 2017/05/25 12:31 a.m.80 views

Samba Vulnerability: Dancing Its Way to a Network Near You

OverviewToday, a new vulnerability affecting the widely used Samba software was released. Samba is the SMB/CIFS protocol commonly used in NIX operating systems. CVE-2017-7494 has the potential to impact many systems around the world. This vulnerability could allow a user to upload a shared librar...

10CVSS0.6AI score0.99448EPSS
Exploits24
Talos Blog
Talos Blog
added 2017/05/24 9:2 a.m.54 views

File2pcap - The Talos Swiss Army Knife of Snort Rule Creation

This post was authored by Martin Zeiser with contributions by Joel EslerAt Talos we are constantly on the lookout for threats to our customers networks, and part of the protection process is creating Snort rules for the latest vulnerabilities in order to detect any attacks.To improve your...

6.9AI score
Exploits0
Talos Blog
Talos Blog
added 2017/05/23 6:5 a.m.212 views

Modified Zyklon and plugins from India

IntroductionStreams of malicious emails Talos inspects every day usually consist of active spamming campaigns for various ransomware families, phishing campaigns and the common malware family suspects such as banking Trojans and bots.. It is however often more interesting to analyze campaigns...

9.3CVSS7.9AI score0.84971EPSS
Exploits8
Talos Blog
Talos Blog
added 2017/05/22 3:14 p.m.139 views

Cisco Coverage for Adylkuzz, Uiwix, and EternalRocks

When the WannaCry attack was launched a little over a week ago, it was one of the first large scale attacks leveraging the data that was leaked by the Shadow Brokers. At the time the real concern was how quickly we would begin to see other threats leverage the same vulnerabilities. Over the past...

9.3CVSS1.1AI score0.93307EPSS
Exploits46
Talos Blog
Talos Blog
added 2017/05/18 11:27 a.m.52 views

Terror Evolved: Exploit Kit Matures

This post is authored by Holger Unterbrink and Emmanuel Tacheau Executive SummaryTalos is monitoring the major Exploit KitsEK on an ongoing basis. While investigating the changes we recently observed in the RIG EK campaigns, we identified another well known candidate: Terror Exploit Kit.Terror EK...

7.8AI score
Exploits0
Talos Blog
Talos Blog
added 2017/05/17 9:56 a.m.22 views

Beers with Talos Podcast Now Available

The first episodes of Beers with Talos are now available on iTunes and directly on talosintelligence.com/podcasts.When Talos decided to make a threat intelligence podcast, we wanted to make it different than your typical buttoned down, subdued security podcast. The BWT crew: Craig, Joel, a...

6.8AI score
Exploits0
Talos Blog
Talos Blog
added 2017/05/16 9:47 a.m.16 views

Arbitrary Code Execution Vulnerabilities in MuPDF Identified and Patched

Talos is disclosing the presence of two vulnerabilities in the Artifex MuPDF renderer. MuPDF is a lightweight PDF parsing and rendering library featuring high fidelity graphics, high speed, and compact code size which makes it a fairly popular PDF library for embedding in different projects,...

8.7AI score
Exploits0
Talos Blog
Talos Blog
added 2017/05/12 3:9 p.m.25 views

Player 3 Has Entered the Game: Say Hello to 'WannaCry'

This post was authored by Martin Lee, Warren Mercer, Paul Rascagneres, and Craig Williams.Executive SummaryA major ransomware attack has affected many organizations across the world reportedly including Telefonica in Spain, the National Health Service in the UK, and FedEx in the US. The malware...

7.3AI score
Exploits0
Talos Blog
Talos Blog
added 2017/05/12 9:40 a.m.14 views

Threat Round-up for May 05 - May 12

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between May 05 and May 12. As with previous round-ups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavior characteristics,...

7.1AI score
Exploits0
Talos Blog
Talos Blog
added 2017/05/12 6:58 a.m.31 views

Jaff Ransomware: Player 2 Has Entered The Game

This post was written by Nick Biasini, Edmund Brumaghin and Warren Mercer with contributions from Colin GradySummaryTalos is constantly monitoring the email threat landscape and tracking both new threats as well as changes to existing threats. We recently observed several large scale email...

6.7AI score
Exploits0
Total number of security vulnerabilities2032