Articles
Microsoft Patch Tuesday – February 2016
Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release contains twelve bulletins addressing 37 vulnerabilities. Five bulletins are rated critical and address vulnerabilities in Internet Explorer,…
Bedep Lurking in Angler’s Shadows
This post is authored by Nick Biasini. In October 2015, Talos released our detailed investigation of the Angler Exploit Kit which outlined the infrastructure and monetary impact of an exploit kit campaign delivering ransomware. During the investigation we found that two thirds of Angler’s payl…
The Internet of Things Is Not Always So Comforting
Over the past few years, the Internet of Things (IoT) has emerged as reality with the advent of smart refrigerators, smart HVAC systems, smart TVs, and more. Embedding internet-enabled devices into everything presents new opportunities in connecting these systems to each other, making them “sm…
Vulnerability Spotlight: Libgraphite Font Processing Vulnerabilities
Vulnerabilities Discovered by Yves Younan of Cisco Talos. Talos is releasing an advisory for four vulnerabilities that have been found within the Libgraphite library, which is used for font processing in Linux, Firefox, LibreOffice, and other major applications. The most severe vulnerability results…
Bypassing MiniUPnP Stack Smashing Protection
This post was authored by Aleksandar Nikolic, Warren Mercer, and Jaeson Schultz. Summary MiniUPnP is commonly used to allow two devices which are behind NAT firewalls to communicate with each other by opening connections in each of the firewalls, commonly known as “hole punching”. Various software i…
Research Spotlight: Needles in a Haystack
This post was authored by Mariano Graziano. Malware sandboxes are automated dynamic analysis systems that execute programs in a controlled environment. Within the large volumes of samples submitted daily to these services, some submissions appear to be different from others and show interesting ch…
Microsoft Patch Tuesday – January 2016
The first Patch Tuesday of 2016 has arrived. Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release is relatively light with nine bulletins addressing 25 vulnerabilities. Six bulletins are rated c…
Rigging compromise – RIG Exploit Kit
This Post was Authored by Nick Biasini, with contributions by Joel Esler Exploit Kits are one of the biggest threats that affects users, both inside and outside the enterprise, as it indiscriminately compromises simply by visiting a web site, delivering a malicious payload. One of the challenges wit…
Threat Spotlight: Holiday Greetings from Pro PoS – Is your payment card data someone else’s Christmas present?
The post was authored by Ben Baker and Earl Carter. Payment cards without an EMV chip have reached their end-of-life. Point of Sale (PoS) malware, such as PoSeidon, has continued to threaten businesses. The news is continually filled with stories of payment card data being stolen through a breach in…
1