Articles
Detecting DNS Data Exfiltration
The recent discovery of Wekby and Point of Sale malware using DNS requests as a command and control channel highlights the need to consider DNS as a potentially malicious channel. Although a skilled analyst may be able to quickly spot unusual activity because they are familiar with their organisatio…
Vulnerability Spotlight: LibreOffice RTF Vulnerability
Vulnerability discovered by Aleksandar Nikolic of Cisco Talos. Talos is disclosing the presence of CVE-2016-4324 / TALOS-CAN-0126, a Use After Free vulnerability within the RTF parser of LibreOffice. The vulnerability lies in the parsing of documents containing both stylesheet and superscript tokens…
Vulnerability Spotlight: Pidgin Vulnerabilities
These vulnerabilities were discovered by Yves Younan. Pidgin is a universal chat client that is used on millions of systems worldwide. The Pidgin chat client enables you to communicate on multiple chat networks simultaneously. Talos has identified multiple vulnerabilities in the way Pidgin handles…
The Poisoned Archives
libarchive is an open-source library that provides access to a variety of different file archive formats, and it’s used just about everywhere. Cisco Talos has recently worked with the maintainers of libarchive to patch three rather severe bugs in the library. Because of the number of products that i…
Microsoft Patch Tuesday – June 2016
This post was authored by Warren Mercer. Patch Tuesday for June 2016 has arrived where Microsoft releases their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release contains 16 bulletins addressing 44 vulnerabilities. Five b…
TeslaCrypt: The Battle is Over
Talos has updated its TeslaCrypt decryptor tool, which now works with any version of this variant of ransomware. You can download the decryptor here. When Talos first examined TeslaCrypt version 1.0 in April of 2015, we articulated how this ransomware operated and were able to develop a decryptor.…
Vulnerability Spotlight: PDFium Vulnerability in Google Chrome Web Browser
This vulnerability was discovered by Aleksandar Nikolic of Cisco Talos. PDFium is the default PDF reader that is included in the Google Chrome web browser. Talos has identified an exploitable heap buffer overflow vulnerability in the Pdfium PDF reader. By simply viewing a PDF document that include…
Vulnerability Spotlight: ESnet iPerf3 JSON parse_string UTF Code Execution Vulnerability
This vulnerability was discovered by Dave McDaniel, Senior Research Engineer. Summary iPerf is a network testing application that is typically deployed in a client/server configuration and is used to measure the available network bandwidth between the systems by creating TCP and/or UDP connections.…
Research Spotlight: ROPMEMU – A Framework for the Analysis of Complex Code Reuse Attacks
The post was authored by Mariano Graziano. Executive Summary Attacks have grown more and more complex over the years. The evolution of the threat landscape has demonstrated this where adversaries have had to modify their tactics to bypass mitigations and compromise systems in response to better miti…