Exploit

November 1, 2018

THREAT RESEARCH

Talos Vulnerability Deep Dive – TALOS-2018-0636 / CVE-2018-3971 Sophos HitmanPro.Alert vulnerability

Overview Sophos patched two vulnerabilities in Sophos HitmanPro.Alert on Thursday. We publicly disclosed these issues last week here, Cisco Talos will show you the process of developing an exploit for one of these bugs. We will take a deep dive into TALOS-2018-0636/CVE-2018-3971 to show you the expl…

October 25, 2018

THREAT RESEARCH

Vulnerability Spotlight: TALOS-2018-0635/0636 – Sophos HitmanPro.Alert memory disclosure and code execution vulner …

Overview Cisco Talos is disclosing two vulnerabilities in Sophos HitmanPro.Alert, a malware detection and protection tool. Both vulnerabilities lie in the input/output control (IOCTL) message handler. One could allow an attacker to read kernel memory contents, while the other allows code execution a…

October 15, 2018

THREAT RESEARCH

Old dog, new tricks – Analysing new RTF-based campaign distributing Agent Tesla, Loki with PyREbox

This blog post was authored by Edmund Brumaghin and Holger Unterbrink with contributions from Emmanuel Tacheau. Executive Summary Cisco Talos has discovered a new malware campaign that drops the sophisticated information-stealing trojan called “Agent Tesla,” and other malware such as the…

October 1, 2018

THREAT RESEARCH

Vulnerability Spotlight: Multiple Issues in Foxit PDF Reader

Overview Cisco Talos is disclosing eightteen vulnerabilities in Foxit PDF Reader, a popular free program for viewing, creating and editing PDF documents. It is commonly used as an alternative to Adobe Acrobat Reader and has a widely used browser plugin. <<READ MORE>>…

June 22, 2018

SECURITY

Cisco PSIRT Notice About Public Exploitation of the Cisco ASA Web Services Denial of Service Vulnerability

PSIRT has recently become aware of public exploitation of the Cisco Adaptive Security Appliance Web Services Denial of Service Vulnerability identified by Cisco bug ID CSCvi16029 and CVE ID CVE-2018-0296. With the security of our customers’ networks being a top priority, we’re taking act…

January 15, 2018

THREAT RESEARCH

Korea In The Crosshairs

This blog post is authored by Warren Mercer and Paul Rascagneres and with contributions from Jungsoo An. This article exposes the malicious activities of Group 123 during 2017. We assess with high confidence that Group 123 was responsible for the following six campaigns: “Golden Time” c…

July 7, 2017

THREAT RESEARCH

Vulnerability Spotlight: TALOS-2017-0311,0319,0321 – Multiple Remote Code Execution Vulnerability in Poppler PDF l …

Vulnerability discovered by Marcin Noga, Lilith Wyatt and Aleksandar Nikolic of Cisco Talos. Overview Talos has discovered multiple vulnerabilities in the freedesktop.org Poppler PDF library. Exploiting these vulnerabilities can allow an attacker to gain full control over the victim’s machine.…

May 16, 2017

THREAT RESEARCH

Arbitrary Code Execution Vulnerabilities in MuPDF Identified and Patched

Talos is disclosing the presence of two vulnerabilities in the Artifex MuPDF renderer. MuPDF is a lightweight PDF parsing and rendering library featuring high fidelity graphics, high speed, and compact code size which makes it a fairly popular PDF library for embedding in different projects, especia…

April 3, 2017

THREAT RESEARCH

Introducing ROKRAT

This blog was authored by Warren Mercer and Paul Rascagneres with contributions from Matthew Molyett. Executive Summary A few weeks ago, Talos published research on a Korean MalDoc. As we previously discussed this actor is quick to cover their tracks and very quickly cleaned up their compromised hos…