Articles
Threat Roundup Sept 21 – 28
Today, as we do every week, Talos is giving you a glimpse into the most prevalent threats we’ve observed this week — covering the dates between Sept. 21 and 28. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, we will summarize the threats we’ve observed by highl…
VPNFilter III: More Tools for the Swiss Army Knife of Malware
Summary VPNFilter — a multi-stage, modular framework that has infected hundreds of thousands of network devices across the globe — is now known to possess even greater capabilities. Cisco Talos recently discovered seven additional third-stage VPNFilter modules that add significant functionality to t…
Vulnerability Spotlight: Epee Levin Packet Deserialization Code Execution Vulnerability
This vulnerability was discovered by Lilith (>_>) of Cisco Talos. Overview The Epee library, which is leveraged by a large number of cryptocurrencies, contains an exploitable code execution vulnerability in the Levin deserialization functionality. An attacker can send a specially crafted netwo…
IDA-minsc Wins Second Place in Hex-Rays Plugins Contest
Ali Rizvi-Santiago of Cisco Talos recently tied second place in the IDA plugin contest with a plugin named “IDA-minsc.” IDA is a multi-processor disassembler and debugger created by the company Hex-Rays and this year there were a total of 4 winners with 9 submissions total. Every year, t…
Adwind Dodges AV via DDE
This blog post is authored by Paul Rascagneres, Vitor Ventura and with the contribution of Tomislav Pericin and Robert Perica from ReversingLabs. Introduction Cisco Talos, along with fellow cybersecurity firm ReversingLabs, recently discovered a new spam campaign that is spreading the Adwind 3.0 rem…
Threat Roundup for Sept 14 – 21
Today, as we do every week, Talos is giving you a glimpse into the most prevalent threats we’ve observed this week — covering the dates between Sept. 14 and 21. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, we will summarize the threats we’ve observed by highl…
Cyber Threat Alliance Releases Cryptomining Whitepaper
Despite the recent devaluation of some cryptocurrencies, illicit cryptocurrency miners remain a lucrative and widespread attack vector in the threat landscape. These miners are easy to deploy, and attackers see it as a quick way to steal other users’ processing power to generate cryptocurrency…
Threat Roundup for September 7 to September 14
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between September 7 and September 14. As with previous round-ups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key b…
SigAnalyzer: Signature analysis with CASC
Executive summary ClamAV Signature Creator (CASC) is an IDA Pro plugin that assists in the creation of ClamAV pattern signatures. We have enhanced this plugin to also analyze these signatures. The plugin highlights matching parts in a binary when its given a particular signature. This function is he…