exploits

October 31, 2023

SECURITY

Determining the 10 most critical vulnerabilities on your network

4 min read

Learn how to take threat intelligence data available in Cisco Vulnerability Management and use it to uncover trends in Cisco Secure Firewall, uncovering new insights.

October 30, 2023

SECURITY

The myth of the long-tail vulnerability

6 min read

A long tail distribution of exploit attempts sounds reasonable. But is this how exploitation attempts really play out? Do attackers abandon exploits after a certain stage? To answer these questions, we’ll look at Snort data from Cisco Secure Firewall.

June 13, 2023

SECURITY

Threat Trends: Snort IPS

7 min read

In this ThreatWise TV episode we look at how Snort can be used to protect organizations, analyze Snort telemetry, and talk about what attackers often target.

September 27, 2022

SECURITY

Threat Trends: Vulnerabilities

7 min read

Are the most talked about vulnerabilities the same as those that are most widely used in attacks?

December 8, 2017

THREAT RESEARCH

Vulnerability Spotlight: TALOS-2017-0393 / CVE-2017-2886 – ACDSee Ultimate 10 Remote Code Execution Vulnerability

1 min read

Overview Talos has discovered a remote code execution vulnerability in the ACDSee Ultimate 10 application from ACD Systems International Inc. Exploiting this vulnerabilities can potentially allow an attacker to gain full control over the victim’s machine. If an attacker builds a specially crafted .PSD (Photoshop) file and the victim opens it with the ACDSee Ultimate […]

August 14, 2017

THREAT RESEARCH

When combining exploits for added effect goes wrong

1 min read

Since public disclosure in April 2017, CVE-2017-0199 has been frequently used within malicious Office documents. The vulnerability allows attackers to include Ole2Link objects within RTF documents to launch remote code when HTA applications are opened and parsed by Microsoft Word. In this recent campaign, attackers combined CVE-2017-0199 exploitation with an earlier exploit, CVE-2012-0158, possibly in […]

May 23, 2017

THREAT RESEARCH

Modified Zyklon and plugins from India

1 min read

Streams of malicious emails Talos inspects every day usually consist of active spamming campaigns for various ransomware families, phishing campaigns and the common malware family suspects such as banking Trojans and bots.. It is however often more interesting to analyze campaigns smaller in volume as they might contain more interesting malware. A few weeks ago […]

August 12, 2014

SECURITY

Cisco 2014 Midyear Security Report: Exploit Kit Creators Vying for ‘Market Leader’ Role

1 min read

Even in the world of cybercrime, when a top “vendor” drops out of the market, competitors will scurry to fill the void with their own products. As reported in the Cisco 2014 Midyear Security Report, when Paunch—the alleged creator and distributor of the Blackhole exploit kit—was arrested in Russia in late 2013, other malware creators […]

September 23, 2013

SECURITY

Introducing Kvasir

4 min read

Cisco’s Advanced Services has been performing penetration tests for our customers since the acquisition of the Wheel Group in 1998. We call them Security Posture Assessments, or SPA for short, and I’ve been pen testing for just about as long. I’ll let you in on a little secret about penetration testing: it gets messy! During […]