Articles
From Box to Backdoor: Discovering Just How Insecure an ICS Device is in Only 2 Weeks
This post was authored by Martin Lee and Warren Mercer, based on research conducted by Patrick DeSantis. Industrial Control Systems provide stability to civilization. They clean our water, deliver our power, and enable the physical infrastructure that we have learnt to rely on. Industrial Control Sy…
Threat Round-up for Mar 31 – Apr 7
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between March 31 and April 7. As with previous round-ups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavior…
Hacking the Belkin E Series OmniView 2-Port KVM Switch
Author: Ian Payton, Security Advisory EMEAR Introduction Too frequently security professionals only consider software vulnerabilities when considering the risks of connecting devices to their networks and systems. When it comes to considering potential risks of connected devices and the Internet of…
Introducing ROKRAT
This blog was authored by Warren Mercer and Paul Rascagneres with contributions from Matthew Molyett. Executive Summary A few weeks ago, Talos published research on a Korean MalDoc. As we previously discussed this actor is quick to cover their tracks and very quickly cleaned up their compromised hos…
Threat Round-up for Mar 24 – Mar 31
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between March 24 and March 31. As with previous round-ups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavior…
Threat Spotlight: Sundown Matures
This post authored by Nick Biasini with contributions from Edmund Brumaghin and Alex Chiu The last time Talos discussed Sundown it was an exploit kit in transition. Several of the large exploit kits had left the landscape and a couple of strong contenders remain. Sundown was one of the kits still ac…
Vulnerability Spotlight: Certificate Validation Flaw in Apple macOS and iOS Identified and Patched
Most people don’t give much thought to what happens when you connect to your bank’s website or log in to your email account. For most people, securely connecting to a website seems as simple as checking to make sure the little padlock in the address bar is present. However, in the backgr…
Threat Round-up for the Week of Mar 20 – Mar 24
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed over the past week. As with previous round-ups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavior characteri…
How Malformed RTF Defeats Security Engines
This post is authored by Paul Rascagneres with contributions from Alex McDonnell Executive Summary Talos has discovered a new spam campaign used to infect targets with the well known Loki Bot stealer. The infection vector is an RTF document abusing an old exploit (CVE-2012-1856), however the most i…