Articles
Threat Spotlight: TeslaCrypt – Decrypt It Yourself
This post was authored by: Andrea Allievi, Earl Carter & Emmanuel Tacheau Update 4/28: Windows files recompiled with backward compatibility in Visual Studio 2008 Update 5/8: We’ve made the source code available via Github here Update 6/9/2016: We’ve released a tool to decrypt any Tes…
Threat Spotlight: Upatre – Say No to Drones, Say Yes to Malware
This post was authored by Nick Biasini and Joel Esler Talos has observed an explosion of malicious downloaders in 2015 which we’ve documented on several occasions on our blog. These downloaders provide a method for attackers to push different types of malware to endpoint systems easily and effective…
Microsoft Patch Tuesday for April 2015: 11 Bulletins Released
Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release sees a total of 11 bulletins being released which address 26 CVEs. The first 4 bulletins are rated Critical and address vulnerabilities wit…
Threat Spotlight: SSHPsychos
This post was authored by Nick Biasini, Matt Olney, & Craig Williams Introduction Talos has been monitoring a persistent threat for quite some time, a group we refer to as SSHPsychos or Group 93. This group is well known for creating significant amounts of scanning traffic across the Int…
Threat Spotlight: Spam Served With a Side of Dridex
This post was authored by Nick Biasini with contributions from Kevin Brooks Overview The use of macro enabled word documents has exploded over the last year, a primary example payload being Dridex. Last week, Talos researchers identified another short lived spam campaign that was delivering a new va…
Research Spotlight: FreeSentry Mitigating use-after-free Vulnerabilities
This post was authored by Earl Carter & Yves Younan. Talos is constantly researching the ways in which threat actors take advantage of security weaknesses to exploit systems. Use-after-free vulnerabilities have become an important class of security problems due to the existence of mitigations th…
Research Spotlight: Project FTR
Intro Historically, networks have always been at risk for new, undiscovered threats. The risk of state sponsored hackers or criminal organizations utilizing 0-day was a constant, and the best defense was simply to keep adding on technologies to maximize th…
Threat Spotlight: Dyre/Dyreza: An Analysis to Discover the DGA
This post was authored by Alex Chiu & Angel Villegas. Overview Banking and sensitive financial information is a highly coveted target for attackers because of the high value and obvious financial implications. In the past year, a large amount of attention has been centered on Point of Sale (PoS…
Threat Spotlight: The Imperiosus Curse –A Tool of the Dark Arts
Authors: William Largent, Jaeson Schultz, Craig Williams. Special thanks to Richard Harman for his contributions to this post. As consumers, we are constantly bombarded by advertising, especially on the World Wide Web. There is a lot of money to be made either pushing Internet traffic, or displaying…
214