Articles
Fake AV Investigation Unearths KevDroid, New Android Malware
This blog post is authored by Warren Mercer, Paul Rascagneres, Vitor Ventura and with contributions from Jungsoo An. Summary Several days ago, EST Security published a post concerning a fake antivirus malware targeting the Android mobile platform. In the Korean media, it was mentioned that there cou…
Vulnerability Spotlight: Multiple Vulnerabilities in Allen Bradley MicroLogix 1400 Series Devices
These vulnerabilities were discovered by Jared Rittle and Patrick DeSantis of Cisco Talos. Summary Rockwell Automation Allen-Bradley MicroLogix 1400 Programmable Logic Controllers (PLCs) are marketed for use in a variety of different Industrial Control System (ICS) applications and processes. As suc…
Vulnerability Spotlight: Multiple Nvidia D3D10 Driver Pixel Shader Vulnerabilities
Discovered by Piotr Bania of Cisco Talos Overview Today, Cisco Talos is disclosing multiple vulnerabilities that exist within the Nvidia D3D10 driver. This driver is used throughout multiple GPU product lines available from Nvidia. This is a commonly used driver, and can be found within VMware, thus…
Forgot About Default Accounts? No Worries, GoScanSSH Didn’t
This blog post was authored by Edmund Brumaghin, Andrew Williams, and Alain Zidouemba. Executive Summary During a recent Incident Response (IR) engagement, Talos identified a new malware family that was being used to compromise SSH servers exposed to the internet. This malware, which we have named G…
Microsoft Patch Tuesday – March 2018
Today, Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month’s advisory release addresses 74 new vulnerabilities, with 14 of them rated critical and 59 of them rated important. These vulnerabili…
Gozi ISFB Remains Active in 2018, Leverages “Dark Cloud” Botnet For Distribution
Gozi ISFB is a well-known and widely distributed banking trojan, and has been in the threat landscape for the past several years. Banking trojans are a widely distributed type of malware that attackers leverage in an attempt to obtain banking credentials from customers of various financial instituti…
Vulnerability Spotlight: Simple DirectMedia Layer’s SDL2_Image
Overview Talos is disclosing several vulnerabilities identified in Simple DirectMedia Layer’s SDL2_Image library that could allow code execution. Simple DirectMedia Layer is a cross-platform development library designed to provide low level access to audio, keyboard, mouse, joystick, and graph…
Vulnerability Spotlight: Dovecot out-of-bounds Read Vulnerability
Overview Today, Cisco Talos is disclosing a single out-of-bounds read vulnerability in the Dovecot IMAP server. Dovecot is a popular internet message access protocol, or IMAP, server with performance and security-oriented design. It is a popular choice for robust email servers. In accordance with ou…
CannibalRAT targets Brazil
Malware continues to evolve in different ways and forms, one of which is the language it is written in, from Visual C++, to Powershell, almost everything has been used to develop malware. Today, we will focus on a remote access trojan, otherwise known as a RAT, written entirely in Python and wrapped…