Exploit

November 1, 2018

THREAT RESEARCH

Talos Vulnerability Deep Dive – TALOS-2018-0636 / CVE-2018-3971 Sophos HitmanPro.Alert vulnerability

1 min read

Overview After disclosing two vulnerabilities in Sophos HitmanPro.Alert on Thursday, Cisco Talos will show you the process of developing an exploit for one of these bugs. We will take...

October 25, 2018

THREAT RESEARCH

Vulnerability Spotlight: TALOS-2018-0635/0636 – Sophos HitmanPro.Alert memory disclosure and code execution vulner …

1 min read

Overview Cisco Talos is disclosing two vulnerabilities in Sophos HitmanPro.Alert, a malware detection and protection tool. Both vulnerabilities lie in the input/output control (IOCTL) message handler. One could allow an...

October 15, 2018

THREAT RESEARCH

Old dog, new tricks – Analysing new RTF-based campaign distributing Agent Tesla, Loki with PyREbox

1 min read

This blog post was authored by Edmund Brumaghin and Holger Unterbrink with contributions from Emmanuel Tacheau. Executive Summary Cisco Talos has discovered a new malware campaign...

October 1, 2018

THREAT RESEARCH

Vulnerability Spotlight: Multiple Issues in Foxit PDF Reader

1 min read

Overview Cisco Talos is disclosing eightteen vulnerabilities in Foxit PDF Reader, a popular free program for viewing, creating and editing PDF documents. It is commonly used as an...

June 22, 2018

SECURITY

Cisco PSIRT Notice About Public Exploitation of the Cisco ASA Web Services Denial of Service Vulnerability

1 min read

With the security of our customers' networks being a top priority, we're actively raising awareness of a vulnerability affecting Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software.

January 15, 2018

THREAT RESEARCH

Korea In The Crosshairs

2 min read

This article exposes the malicious activities of Group 123 during 2017. We assess with high confidence that Group 123 was responsible for six campaigns targeting both Korean and Non-Korean institutions.

July 7, 2017

THREAT RESEARCH

Vulnerability Spotlight: TALOS-2017-0311,0319,0321 – Multiple Remote Code Execution Vulnerability in Poppler PDF l …

1 min read

Vulnerability discovered by Marcin Noga, Lilith Wyatt and Aleksandar Nikolic of Cisco Talos. Overview Talos has discovered multiple vulnerabilities in the freedesktop.org Poppler PDF library. Exploiting these vulnerabilities can allow an attacker to gain full control over the victim’s machine. If an attacker builds a specially crafted PDF document and the victim opens it, the […]

May 16, 2017

THREAT RESEARCH

Arbitrary Code Execution Vulnerabilities in MuPDF Identified and Patched

1 min read

Talos is disclosing the presence of two vulnerabilities in the Artifex MuPDF renderer. MuPDF is a lightweight PDF parsing and rendering library featuring high fidelity graphics, high speed, and compact code size which makes it a fairly popular PDF library for embedding in different projects, especially mobile and web applications. Both of these vulnerabilities, if […]

April 3, 2017

THREAT RESEARCH

Introducing ROKRAT

1 min read

This blog was authored by Warren Mercer and Paul Rascagneres with contributions from Matthew Molyett. Executive Summary A few weeks ago, Talos published research on a Korean MalDoc. As we previously discussed this actor is quick to cover their tracks and very quickly cleaned up their compromised hosts. We believe the compromised infrastructure was live […]