Threat Research

May 3, 2016

THREAT RESEARCH

Angler Catches Victims Using Phish as Bait

This post authored by Nick Biasini with contributions from Erick Galinkin. Exploit kits have been a recurring threat that we’ve discussed here on this blog as a method of driving users to maliciousness.  Users typically encounter exploit kit landing pages through  compromised websites and malv…

May 3, 2016

THREAT RESEARCH

Threat Spotlight: Spin to Win…Malware

This post was authored by Nick Biasini with contributions from Tom Schoellhammer and Emmanuel Tacheau The threat landscape is ever changing and adversaries are always working to find more efficient ways to compromise users. One of the many ways that users are driven to malicious content is through m…

April 27, 2016

THREAT RESEARCH

The “Wizzards” of Adware

Talos posted a blog, September 2015, which aimed to identify how often seemingly benign software can be rightly condemned for being a piece of malware. With this in mind, this blog presents an interesting piece of “software” which we felt deserved additional information disclosure. This software exh…

April 20, 2016

THREAT RESEARCH

Threat Spotlight: Exploit Kit Goes International Hits 150+ Countries

This post authored by Nick Biasini Talos is constantly monitoring the threat landscape and exploit kits are a constantly evolving component of it. An ongoing goal of Talos is to expose and disrupt these kits to protect the average internet user being targeted and compromised. We were able to gain un…

April 8, 2016

THREAT RESEARCH

Nuclear Drops Tor Runs and Hides

Introduction Exploit kits are constantly compromising users, whether it’s via malvertising or compromised websites, they are interacting with a large amount of users on a daily basis. Talos is continuously monitoring these exploit kits to ensure protection, analyze changes as they occur, and l…

March 23, 2016

THREAT RESEARCH

SamSam: The Doctor Will See You, After He Pays the Ransom

Cisco Talos is currently observing a widespread campaign leveraging the Samas/Samsam/MSIL.B/C ransomware variant. Unlike most ransomware, SamSam is not launched via user focused attack vectors, such as phishing campaigns and exploit kits. This particular family seems to be distributed via compromisi…

March 22, 2016

THREAT RESEARCH

Vulnerability Spotlight: Apple OS X Graphics Kernel Driver Local Privilege Escalation Vulnerability

Piotr Bania of Cisco Talos is credited with the discovery of this vulnerability.   Cisco Talos, in conjunction with Apple’s security advisory issued on Mar 22, is disclosing the discovery of a local vulnerability in the communication functionality of the Apple Intel HD3000 Graphics kernel drive…

March 1, 2016

THREAT RESEARCH

Angler Attempts to Slip the Hook

This post was authored by Nick Biasini with contributions from Joel Esler and Melissa Taylor Talos has discussed at length the sophistication of the Angler exploit kit. One thing that always makes Angler stand apart is the speed with which they develop and implement new techniques. Whether its doma…

February 10, 2016

SECURITY

DNSChanger Outbreak Linked to Adware Install Base

[Ed. note: This post was authored by Veronica Valeros, Ross Gibb, Eric Hulse, and Martin Rehak] Late last autumn, the detector described in one of our previous posts, Cognitive Research: Learning Detectors of Malicious Network Traffic, started to pick up a handful of infected hosts exhibiting a new…