Articles
Vulnerability Spotlight: Hard-coded Credential Flaw in Moxa ICS Wireless Access Points Identified and Fixed
Earlier this month, Talos responsibly disclosed a set of vulnerabilities in Moxa ICS wireless access points. While most of the vulnerabilities were addressed in the previous set of advisories, Talos has continued to work with Moxa to ensure all remaining vulnerabilities that Talos identified are pat…
Threat Spotlight: Mighty Morphin Malware Purveyors: Locky Returns Via Necurs
This post was authored by Nick Biasini Throughout the majority of 2016, Locky was the dominant ransomware in the threat landscape. It was an early pioneer when it came to using scripting formats Windows hosts would natively handle, like .js, .wsf, and .hta. These scripting formats acted as a vehicl…
Threat Round-up for Apr 14 – Apr 21
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between April 14 and April 21. As with previous round-ups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavior…
Vulnerability Spotlight: ARM Mbedtls x509 ECDSA invalid public key Code Execution Vulnerability
Vulnerability Discovered by Aleksandar Nikolic Overview Talos is disclosing TALOS-2017-0274/CVE-2017-2784, a code execution vulnerability in ARM MbedTLS. This vulnerability is specifically related to how MbedTLS handles x509 certificates. MbedTLS is an SSL/TLS implementation aimed specifically at em…
Vulnerability Spotlight: Information Disclosure Vulnerability in Lexmark Perceptive Document Filters
Discovered by Marcin ‘Icewall’ Noga of Cisco Talos. Talos are today releasing a new vulnerability discovered within the Lexmark Perceptive Document Filters library. TALOS-2017-0302 allows for information disclosure using specifically crafted files. Overview The vulnerability is prese…
Cisco Coverage for Shadow Brokers 2017-04-14 Information Release
On Friday, April 14, the actor group identifying itself as the Shadow Brokers released new information containing exploits for vulnerabilities that affect various versions of Microsoft Windows as well as applications such as Lotus Domino. Additionally, the release included previously unknown tools,…
Threat Round-up for Apr 7 – Apr 14
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between April 7 and April 14. As with previous round-ups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavior…
Cisco Coverage for CVE-2017-0199
Over the past week, information regarding a serious zero-day vulnerability (CVE-2017-0199) in Microsoft Office was publically disclosed. Since learning of this flaw, Talos has been actively investigating the issue. Preliminary reports indicated that this vulnerability was actively being exploited in…
Microsoft Patch Tuesday – April 2017
It’s that time again! Today we bring you April’s Microsoft Patch Tuesday information. These fixed vulnerabilities affect Outlook, Edge, Internet Explorer, Hyper-V, .NET, and Scripting Engine. Read more »…