Articles
Cisco Coverage for ‘Regin’ Campaign
1 min read
This post was authored by Alex Chiu with contributions from Joel Esler. Advanced persistent threats are a problem that many companies and organizations of all sizes face. In the past two days, information regarding a highly targeted campaign known as ‘Regin’ has been publicly disclosed. The threat actors behind ‘Regin’ appear to be targeting organizations […]
Microsoft Update Tuesday November 2014: Fixes for 3 0-day Vulnerabilities
3 min read
This month Microsoft is releasing 14 security bulletins. Originally they had planned to release 16, but due to issues that emerged in late testing, two bulletins that were announced in the Advance Security Notification, MS14-068 and MS14-075, have been postponed. Of the 14 bulletins, four are considered critical, eight are important, while two are moderate. […]
Talos Discovered Three More Vulnerabilities in Pidgin
3 min read
This post was authored by Yves Younan and edited by Armin Pelkmann Table of contents CVE-2014-3697, VRT-2014-0205 CVE-2014-3696, VRT-2014-0204 CVE-2014-3695, VRT-2014-0203 Cisco Talos is announcing the discovery and patching of another three 3 CVE vulnerabilities in Pidgin (An open-source multi-platform instant messaging client – see wikipedia page). These vulnerabilities were discovered by our team and reported to the Pidgin team. They were […]
Threat Spotlight: Group 72, Opening the ZxShell
17 min read
This post was authored by Andrea Allievi, Douglas Goddard, Shaun Hurley, and Alain Zidouemba. Recently, there was a blog post on the takedown of a botnet used by threat actor group known as Group 72 and their involvement in Operation SMN. This group is sophisticated, well funded, and exclusively targets high profile organizations with high […]
Weaponized Powerpoint in the Wild
1 min read
This post was written by Jaeson Schultz. On October 14th information related to a new Windows vulnerability, CVE-2014-4114, was published. This new vulnerability affects all supported versions of Microsoft Windows. Windows XP, however, is not affected by this vulnerability. The problem lies in Windows’ OLE package manager. When triggered it allows for remote code execution.
Reversing Multilayer .NET Malware
9 min read
This post was authored by Dave McDaniel with contributions from Jaeson Schultz Recently, we came across a malware sample that has been traversing the Internet disguised as an image of a woman. The malware sample uses several layers of obfuscation to hide its payload, including the use of steganography. Steganography is the practice of concealing […]
POODLE and The Curse of Backwards Compatibility
2 min read
This post was written by Martin Lee Old protocol versions are a fact of life. When a new improved protocol is released, products still need to support the old version for backwards compatibility. If previous versions contain weaknesses in security, yet their continued support is mandated, then security can become a major issue when a […]
Threat Spotlight: Group 72
3 min read
This post is co-authored by Joel Esler, Martin Lee and Craig Williams Everyone has certain characteristics that can be recognised. This may be a way of walking, an accent, a turn of phrase or a style of dressing. If you know what to look for you can easily spot a friend or acquaintance in a […]
Microsoft Update Tuesday October 2014: Fixes for 4 0-day Vulnerabilities
2 min read
This post was authored by Yves Younan Microsoft Tuesday is here once again and this month they are releasing a total of eight bulletins. Three of which are rated as critical, while the remaining five are rated as important. There’s a total of 24 CVEs this month, 20 of which were privately disclosed to Microsoft […]
Evolution of the Nuclear Exploit Kit
6 min read
This post is co-authored by Alex Chiu, Martin Lee, Emmanuel Tacheau, and Angel Villegas. Exploit kits remain an efficient mechanism for cyber criminals to distribute malware. Such kits include exploits for multiple vulnerabilities within a single malicious webpage. Criminals can check operating systems, web browsers and browser plugins for anything that is not fully patched […]