Talos Group- Cisco blog

Subscribe to Talos Group- Cisco blog hírcsatorna
Frissítve: 19 perc 27 másodperc
2017. szeptember 21.

CCleaner Command and Control Causes Concern

This post was authored by Edmund Brumaghin, Earl Carter, Warren Mercer, Matthew Molyett, Matthew Olney, Paul Rascagneres and Craig Williams. Note: This blog post discusses active research by Talos into a new threat. This information should be considered preliminary and will be updated as research continues. Introduction Talos recently published a technical analysis of a backdoor which was included with version 5.33 of the CCleaner […]
2017. szeptember 18.

CCleanup: A Vast Number of Machines at Risk

This post was authored by: Edmund Brumaghin, Ross Gibb, Warren Mercer, Matthew Molyett, and Craig Williams Introduction Supply chain attacks are a very effective way to distribute malicious software into target organizations. This is because with supply chain attacks, the attackers are relying on the trust relationship between a manufacturer or supplier and a customer. […]
2017. szeptember 15.

Threat Round Up for Sept 8 – Sept 15

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between September 08 and September 15. As with previous round-ups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavior characteristics, indicators of compromise, and how our customers are automatically […]
2017. szeptember 14.

Deep Dive in MarkLogic Exploitation Process via Argus PDF Converter

This post authored by Marcin Noga with contributions from William Largent Introduction Talos discovers and responsibly discloses software vulnerabilities on a regular basis. Occasionally we publish a deep technical analysis of how the vulnerability was discovered or its potential impact. In a previous post Talos took a deep dive into Lexmark Perceptive Document Filters, in […]
2017. szeptember 14.

Vulnerability Spotlight: YAML Parsing Remote Code Execution Vulnerabilities in Ansible Vault and Tablib.

Talos is disclosing the presences of remote code execution vulnerabilities in the processing of Yet Another Markup Language (YAML) content in Ansible Vault and Tablib. Attackers can exploit these vulnerabilities through supplying malicious YAML content to execute arbitrary commands on vulnerable systems. YAML is a data serialisation markup format which is designed to be readable […]
2017. szeptember 13.

Vulnerability Spotlight: LibOFX Tag Parsing Code Execution Vulnerability

This vulnerability was discovered by Cory Duplantis of Talos Overview LibOFX is an open source implementation of OFX (Open Financial Exchange) an open format used by financial institutions to share financial data with clients. As an implementation of a complex standard, this library is used by financial software such as GnuCash. Talos has discovered an […]
2017. szeptember 13.

Microsoft Patch Tuesday – September 2017

Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month’s advisory release addresses 81 new vulnerabilities with 27 of them rated critical, 52 rated important, and 2 rated moderate. These vulnerabilities impact Edge, Hyper-V, Internet Explorer, Office, Remote Desktop Protocol, Sharepoint, Windows Graphic […]
2017. szeptember 11.

Vulnerability Spotlight: TALOS-2017-0430/0431: Multiple Vulnerabilities in FreeXL Library

Talos has discovered two remote code execution vulnerabilities in the the FreeXL library. FreeXL is an open source C library to extract valid data from within an Excel (.xls) spreadsheet. Exploiting these vulnerabilities can potentially allow an attacker to execute arbitrary code on the victim’s machine. If an attacker builds a specially crafted XLS (Excel) […]
2017. szeptember 8.

Another Apache Struts Vulnerability Under Active Exploitation

This post authored by Nick Biasini with contributions from Alex Chiu. Earlier this week, a critical vulnerability in Apache Struts was publically disclosed in a security advisory. This new vulnerability, identified as CVE-2017-9805, manifests due to the way the REST plugin uses XStreamHandler with an instance of XStream for deserialization without any type filtering. As […]
2017. szeptember 6.

Vulnerability Spotlight: Content Security Policy bypass in Microsoft Edge, Google Chrome and Apple Safari

The vulnerabilities were discovered by Nicolai Grødum of Cisco. Today, Talos is releasing details of vulnerabilities discovered in Microsoft Edge browser as well as older versions of Google Chrome (CVE-2017-5033) and browsers based on the Webkit such as Apple Safari (CVE-2017-2419). An attacker may be able to exploit the vulnerabilities and bypass the Content Security […]
2017. szeptember 5.

Graftor – But I Never Asked for This…

Overview Free software often downloaded from large freeware distribution sites is a boon for the internet, providing users with functionality that otherwise they would not be able to use. Often users, happy that they are getting something free, fail to pay attention to the hints in the licence agreement that they are receiving additional software […]
2017. szeptember 1.

Threat Round Up for Aug 25 – Sep 1

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between August 25 and September 1. As with previous round-ups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavior characteristics, indicators of compromise, and how our customers are automatically […]
2017. augusztus 31.

Back to Basics: Worm Defense in the Ransomware Age

This post was authored by Edmund Brumaghin “Those who cannot remember the past are condemned to repeat it.” – George Santayana The Prequel In March 2017, Microsoft released a security update for various versions of Windows, which addressed a remote code execution vulnerability affecting a protocol called SMBv1 (MS17-010). As this vulnerability could allow a […]
2017. augusztus 30.

Vulnerability Spotlight: Multiple Gdk-Pixbuf Vulnerabilities

Today, Talos is disclosing the discovery of two remote code execution vulnerabilities which have been identified in the Gdk-Pixbuf Toolkit. This toolkit used in multiple desktop applications including Chromium, Firefox, GNOME thumbnailer, VLC and others. Exploiting this vulnerability allows an attacker to gain full control over the victim’s machine. If an attacker builds a specially […]
2017. augusztus 29.

Vulnerability Spotlight: Code Execution Vulnerability in LabVIEW

LabVIEW is a system design and development platform released by National Instruments. The software is widely used to create applications for data acquisition, instrument control and industrial automation. Talos is disclosing the presence of a code execution vulnerability which can be triggered by opening specially crafted VI files, the proprietary file format used by LabVIEW. […]
2017. augusztus 28.

Vulnerability Spotlight: Lexmark Perceptive Document Filters Code Execution Bugs

Overview Talos is disclosing a pair of code execution vulnerabilities in Lexmark Perceptive Document Filters. Perceptive Document Filters are a series of libraries that are used to parse massive amounts of different types of file formats for multiple purposes. Talos has previously discussed in detail these filters and how they operate. The software update to […]
2017. augusztus 18.

Threat Round-up for Aug 11 – Aug 18

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between August 11 and August 18. As with previous round-ups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavior characteristics, indicators of compromise, and how our customers are automatically […]
2017. augusztus 15.

Booters with Chinese Characteristics: The Rise of Chinese Online DDoS Platforms

This post was authored by Dave Liebenberg In the past few months, Talos has observed an uptick in the number of Chinese websites offering online DDoS services. Many of these websites have a nearly identical layout and design, offering a simple interface in which the user selects a target’s host, port, attack method, and duration […]
2017. augusztus 14.

When combining exploits for added effect goes wrong

Since public disclosure in April 2017, CVE-2017-0199 has been frequently used within malicious Office documents. The vulnerability allows attackers to include Ole2Link objects within RTF documents to launch remote code when HTA applications are opened and parsed by Microsoft Word. In this recent campaign, attackers combined CVE-2017-0199 exploitation with an earlier exploit, CVE-2012-0158, possibly in […]
2017. augusztus 9.

WinDBG and JavaScript Analysis

This blog was authored by Paul Rascagneres. Introduction JavaScript is frequently used by malware authors to execute malicious code on Windows systems because it is powerful, natively available and rarely disabled. Our previous article on .NET analysis generated much interest relating to how to use WinDBG to analyse .js files. In this post we extend our description of […]