Articles
Vulnerability Spotlight: Information Disclosure Vulnerability in Lexmark Perceptive Document Filters
1 min read
Discovered by Marcin ‘Icewall’ Noga of Cisco Talos. Talos are today releasing a new vulnerability discovered within the Lexmark Perceptive Document Filters library. TALOS-2017-0302 allows for information disclosure using specifically crafted files. Overview The vulnerability is present in the Lexmark Document filter parsing engine which is used across a wide range of services such as […]
Cisco Coverage for Shadow Brokers 2017-04-14 Information Release
1 min read
On Friday, April 14, the actor group identifying itself as the Shadow Brokers released new information containing exploits for vulnerabilities that affect various versions of Microsoft Windows as well as applications such as Lotus Domino. Additionally, the release included previously unknown tools, including an exploitation framework identified as “FUZZBUNCH.” Preliminary analysis of the information suggested […]
Threat Round-up for Apr 7 – Apr 14
1 min read
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between April 7 and April 14. As with previous round-ups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavior characteristics, indicators of compromise, and how our customers are automatically […]
Cisco Coverage for CVE-2017-0199
1 min read
Over the past week, information regarding a serious zero-day vulnerability (CVE-2017-0199) in Microsoft Office was publically disclosed. Since learning of this flaw, Talos has been actively investigating the issue. Preliminary reports indicated that this vulnerability was actively being exploited in the wild and used to compromise hosts with Dridex, a well-known banking trojan. On Tuesday, […]
Microsoft Patch Tuesday – April 2017
1 min read
Today we bring you April’s Microsoft Patch Tuesday information for vulnerabilities in Outlook, Edge, Internet Explorer, Hyper-V, .NET, and Scripting Engine.
From Box to Backdoor: Discovering Just How Insecure an ICS Device is in Only 2 Weeks
1 min read
Inspired by "From LOW to PWNED," we decided to take a look at one Industrial Control System (ICS) wireless access point and see just how many vulnerabilities we could find in two weeks.
Threat Round-up for Mar 31 – Apr 7
1 min read
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between March 31 and April 7. As with previous round-ups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavior characteristics, indicators of compromise, and how our customers are automatically […]
Hacking the Belkin E Series OmniView 2-Port KVM Switch
1 min read
Author: Ian Payton, Security Advisory EMEAR Introduction Too frequently security professionals only consider software vulnerabilities when considering the risks of connecting devices to their networks and systems. When it comes to considering potential risks of connected devices and the Internet of Things, not only must security professionals consider potential vulnerabilities in the software and firmware […]
Introducing ROKRAT
1 min read
This blog was authored by Warren Mercer and Paul Rascagneres with contributions from Matthew Molyett. Executive Summary A few weeks ago, Talos published research on a Korean MalDoc. As we previously discussed this actor is quick to cover their tracks and very quickly cleaned up their compromised hosts. We believe the compromised infrastructure was live […]