Articles
Covert Channels and Poor Decisions: The Tale of DNSMessenger
This post was authored by Edmund Brumaghin and Colin Grady Executive Summary The Domain Name System (DNS) is one of the most commonly used Internet application protocols on corporate networks. It is responsible for providing name resolution so that network resources can be accessed by name, rather t…
Cisco Coverage for Smart Install Client Protocol Abuse
Summary Talos has become aware of active scanning against customer infrastructure with the intent of finding Cisco Smart Install clients. Cisco Smart Install is one component of the Cisco Smart Operations solution that facilitates the management of LAN switches. Research has indicated that malicious…
Vulnerability Spotlight: Multiple remote code execution vulnerabilities in Iceni Argus PDF Content Extraction affect Mar …
Overview Talos has discovered multiple vulnerabilities in Iceni Argus PDF content extraction product. Exploiting these vulnerabilities can allow an attacker to gain full control over the victim’s machine. Although the main product is deprecated by Iceni, the library is still supported. Iceni h…
Korean MalDoc Drops Evil New Years Presents
This blog was authored by Warren Mercer and Paul Rascagneres. Talos has investigated a targeted malware campaign against South Korean users. The campaign was active between November 2016 and January 2017, targeting a limited number of people. The infection vector is a Hangul Word Processor document…
Vulnerability Spoltlight: Multiple Vulnerabilities in the Aerospike NoSQL Database Server
Vulnerabilities discovered by Talos Talos is releasing multiple vulnerabilities discovered in the Aerospike Database Server. These vulnerabilities range from Denial of Service to potential remote code execution. This software is used by various companies that require a high performance NoSQL datab…
Cisco Coverage for ‘Magic Hound’
‘Magic Hound’ is the code name used to reference a seemingly limited series of malware distribution campaigns that were observed targeting organizations in Saudi Arabia as well as organizations with business interests in Saudi Arabia. Similar to other malware distribution campaigns that…
Vulnerability Spotlight: Apple Garage Band Out of Bounds Write Vulnerability
Discovered by Tyler Bohan of Cisco Talos Overview Talos is disclosing TALOS-2016-0262 (CVE-2017-2372) and TALOS-2017-0275 (CVE-2017-2374), an out of bounds write vulnerability in Apple GarageBand. GarageBand is a music creation program, allowing users to create and edit music easily and effectivel…
Cisco Coverage for ‘Ticketbleed’
Vulnerability Details A vulnerability (CVE-2016-9244) was recently disclosed affecting various F5 products due to the way in which the products handle Session IDs when the non-default Session Tickets option is enabled. By manipulating the Session IDs provided to affected products, an attacker could…
Go RAT, Go! AthenaGo points “TorWords” Portugal
This post was authored by Edmund Brumaghin with contributions from Angel Villegas Summary Talos is constantly monitoring the threat landscape in an effort to identify changes in the way attackers are attempting to target organizations around the world. We identified a unique malware campaign that wa…
2