Articles
Threat Spotlight: Exploit Kit Goes International Hits 150+ Countries
This post authored by Nick Biasini Talos is constantly monitoring the threat landscape and exploit kits are a constantly evolving component of it. An ongoing goal of Talos is to expose and disrupt these kits to protect the average internet user being targeted and compromised. We were able to gain un…
Oracle OIT Image Export SDK libvs_pdf XRef Index Code Execution Vulnerability
Talos has recently discovered a vulnerability in Oracle’s Outside In Technology Image Export SDK which, when exploited, allows an attacker to overflow the heap, leading to arbitrary code execution. The vulnerability lies in the Image Export SDK’s parsing of Portable Document Format (PDF) files. Wh…
Widespread JBoss Backdoors a Major Threat
Recently a large scale ransomware campaign delivering Samsam changed the threat landscape for ransomware delivery. Targeting vulnerabilities in servers to spread ransomware is a new dimension to an already prolific threat. Due to information provided from our Cisco IR Services Team, stemming from a…
Microsoft Patch Tuesday – April 2016
Patch Tuesday for April has arrived with Microsoft releasing their latest monthly set of security bulletins to address security vulnerabilities in their products. This month’s release contains 13 bulletins relating to 31 vulnerabilities. Six bulletins address vulnerabilities rated as critical…
Ransomware: Past, Present, and Future
The rise of ransomware over the past year is an ever growing problem. Business often believe that paying the ransom is the most cost effective way of getting their data back – and this may also be the reality. The problem we face is that every single business that pays to recover their files,…
Nuclear Drops Tor Runs and Hides
Introduction Exploit kits are constantly compromising users, whether it’s via malvertising or compromised websites, they are interacting with a large amount of users on a daily basis. Talos is continuously monitoring these exploit kits to ensure protection, analyze changes as they occur, and l…
News Flash! Another Adobe Flash Zero-day Vulnerability Spotted in the Wild
In today’s threat landscape, Adobe Flash Player unfortunately remains an attractive attack vector for adversaries to exploit and compromise systems. Over the past year, Talos has observed several instances where adversaries have identified zero-day vulnerabilities and exploited them to comprom…
Vulnerability Deep Dive: Exploiting the Apple Graphics Driver and Bypassing KASLR
Cisco Talos vulnerability researcher Piotr Bania recently discovered a vulnerability in the Apple Intel HD 3000 Graphics driver, which we blogged about here. In this post we are going to take a deeper dive into this research and look into the details of the vulnerability as well as the KASLR bypass…
Research Spotlight: Enabling Evil for Pocket Change
This post is authored by Tazz. EXECUTIVE SUMMARY At the end of February, one of the researchers on the team received a solicitation email from a domain reseller, which she reviewed the first week of March. The email was from Namecheap offering deeply discounted domains for .88 cents. The timing o…
1