Articles
Who Wasn’t Responsible for Olympic Destroyer?
This blog post is authored by Paul Rascagneres and Martin Lee. Summary Absent contributions from traditional intelligence capacities, the available evidence linking the Olympic Destroyer malware to a specific threat actor group is contradictory, and does not allow for unambiguous attribution. The th…
Vulnerability Spotlight: Adobe Acrobat Reader DC Document ID Remote Code Execution Vulnerability
Today, Talos is releasing details of a new vulnerability within Adobe Acrobat Reader DC. Adobe Acrobat Reader is the most popular and most feature-rich PDF reader. It has a big user base, is usually a default PDF reader on systems and integrates into web browsers as a plugin for rendering PDFs. As s…
COINHOARDER: Tracking a Ukrainian Bitcoin Phishing Ring DNS Style
This post is authored by Jeremiah O’Connor and Dave Maynor with contributions from Artsiom Holub and Austin McBride. Executive Summary Cisco has been tracking a bitcoin theft campaign for over 6 months. The campaign was discovered internally and researched with the aid of an intelligence shar…
Microsoft Patch Tuesday – February 2018
Microsoft Patch Tuesday – February 2018 Today Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month’s advisory release addresses 54 new vulnerabilities with 14 of them rated critical, 38 o…
Olympic Destroyer Takes Aim At Winter Olympics
The Winter Olympics this year is being held in Pyeongchang, South Korea. The Guardian, a UK Newspaper reported an article that suggested the Olympic computer systems suffered technical issues during the opening ceremony. Officials at the games confirmed some technical issues to non-critical systems…
Targeted Attacks In The Middle East
This blog post is authored by Paul Rascagneres with assistance of Martin Lee. Executive Summary Talos has identified a targeted attack affecting the Middle East. This campaign contains the following elements, which are described in detail in this article. The use of allegedly confidential decoy doc…
Flash 0-Day In The Wild: Group 123 At The Controls
The 1st of February, Adobe published an advisory concerning a Flash vulnerability (CVE-2018-4878). This vulnerability is a use after free that allows Remote Code Execute through a malformed Flash object. Additionally KISA (Korean CERT) published an advisory about a Flash 0-day used in the wild. Talo…
Ransom Where? Malicious Cryptocurrency Miners Takeover, Generating Millions
The Dark Side of the Digital Gold Rush This post was authored by Nick Biasini, Edmund Brumaghin, Warren Mercer and Josh Reynolds with contributions from Azim Khodijbaev and David Liebenberg. Executive Summary The threat landscape is constantly changing; over the last few years malware threat vector…
2017 in Snort Signatures.
2017 was an eventful year for cyber security with high profile vulnerabilities that allowed self-replicating worm attacks such as WannaCry and BadRabbit to impact organizations throughout the world. In 2017, Talos researchers discovered many new attacks including backdoors in legitimate software suc…