Articles
Vulnerability Spotlight: Iceni Infix PDF Editor Memory Corruption
1 min read
Today, Talos is disclosing a vulnerability that has been identified in Iceni Infix PDF Editor that could lead to arbitrary code execution on affected hosts. This vulnerability manifests in a way that could be exploited if a user opens a specifically crafted PDF file that triggers this flaw. Talos has coordinated with Iceni to ensure […]
Attack on Critical Infrastructure Leverages Template Injection
1 min read
Talos has identified an email-based attack targeting the energy sector, including nuclear power, that puts a new spin on the classic word document attachment phish.
Threat Round-up for June 30 – July 7
1 min read
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between June 30 and July 07. As with previous round-ups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavior characteristics, indicators of compromise, and how our customers are automatically […]
Vulnerability Spotlight: TALOS-2017-0311,0319,0321 – Multiple Remote Code Execution Vulnerability in Poppler PDF l …
1 min read
Vulnerability discovered by Marcin Noga, Lilith Wyatt and Aleksandar Nikolic of Cisco Talos. Overview Talos has discovered multiple vulnerabilities in the freedesktop.org Poppler PDF library. Exploiting these vulnerabilities can allow an attacker to gain full control over the victim’s machine. If an attacker builds a specially crafted PDF document and the victim opens it, the […]
New KONNI Campaign References North Korean Missile Capabilities
1 min read
This blog was authored by Paul Rascagneres Executive Summary We recently wrote about the KONNI Remote Access Trojan (RAT) which has been distributed by a small number of campaigns over the past 3 years. We have identified a new distribution campaign which took place on 4th July. The malware used in this campaign has similar […]
The MeDoc Connection
1 min read
Summary The Nyetya attack was a destructive ransomware variant that affected many organizations inside of Ukraine and multinational corporations with operations in Ukraine. In cooperation with Cisco Advanced Services Incident Response, Talos identified several key aspects of the attack. The investigation found a supply chain-focused attack at M.E.Doc software that delivered a destructive payload disguised […]
Vulnerability Spotlight: Dell Precision Optimizer and Invincea Vulnerabilities
1 min read
Talos are releasing advisories for vulnerabilities in the Dell Precision Optimizer application service software, Invincea-X and Invincea Dell Protected Workspace. These packages are pre-installed on certain Dell systems. Vulnerabilities present in these applications could allow attackers to disable security mechanisms, escalate privileges and execute arbitrary code within the context of the application user. Read more […]
Vulnerability Spotlight: Content Security Policy bypass in Microsoft Edge, Google Chrome and Apple Safari
1 min read
The vulnerabilities were discovered by Nicolai Grødum of Cisco. Today, Talos is releasing details of vulnerabilities discovered in Microsoft Edge browser as well as older versions of Google Chrome (CVE-2017-5033) and browsers based on the Webkit such as Apple Safari (CVE-2017-2419). An attacker may be able to exploit the vulnerabilities and bypass the Content Security […]
New Ransomware Variant “Nyetya” Compromises Systems Worldwide
1 min read
Note: This blog post discusses active research by Talos into a new threat. This information should be considered preliminary and will be updated as research continues. For the most current info, please read our full blog on TalosIntelligence.com. Since the SamSam attacks that targeted US healthcare entities in March 2016, Talos has been concerned about […]