Articles
Ransomware: Past, Present, and Future
1 min read
The rise of ransomware over the past year is an ever growing problem. Business often believe that paying the ransom is the most cost effective way of getting their data back – and this may also be the reality. The problem we face is that every single business that pays to recover their files, is […]
Nuclear Drops Tor Runs and Hides
1 min read
Introduction Exploit kits are constantly compromising users, whether it’s via malvertising or compromised websites, they are interacting with a large amount of users on a daily basis. Talos is continuously monitoring these exploit kits to ensure protection, analyze changes as they occur, and looking for shifts in payloads. Yesterday we observed a new technique in […]
News Flash! Another Adobe Flash Zero-day Vulnerability Spotted in the Wild
1 min read
In today’s threat landscape, Adobe Flash Player unfortunately remains an attractive attack vector for adversaries to exploit and compromise systems. Over the past year, Talos has observed several instances where adversaries have identified zero-day vulnerabilities and exploited them to compromise systems. Talos is aware of reports that CVE-2016-1019, an Adobe Flash 0-day vulnerability, is currently […]
Vulnerability Deep Dive: Exploiting the Apple Graphics Driver and Bypassing KASLR
1 min read
Cisco Talos vulnerability researcher Piotr Bania recently discovered a vulnerability in the Apple Intel HD 3000 Graphics driver, which we blogged about here. In this post we are going to take a deeper dive into this research and look into the details of the vulnerability as well as the KASLR bypass and kernel exploitation that […]
Research Spotlight: Enabling Evil for Pocket Change
1 min read
This post is authored by Tazz. EXECUTIVE SUMMARY At the end of February, one of the researchers on the team received a solicitation email from a domain reseller, which she reviewed the first week of March. The email was from Namecheap offering deeply discounted domains for .88 cents. The timing of the email couldn’t […]
Vulnerability Spotlight: Lhasa Integer Underflow Exploit
1 min read
Talos is disclosing the discovery of vulnerability TALOS-2016-0095 / CVE-2016-2347 in the Lhasa LZH/LHA decompression tool and library. This vulnerability is due to an integer underflow condition. The software verifies that header values are not too large, but does not check for a too small header length. Decompressing a LHA or LZH file containing an […]
SamSam: The Doctor Will See You, After He Pays the Ransom
1 min read
Cisco Talos is currently observing a widespread campaign leveraging the Samas/Samsam/MSIL.B/C ransomware variant. Unlike most ransomware, SamSam is not launched via user focused attack vectors, such as phishing campaigns and exploit kits. This particular family seems to be distributed via compromising servers and using them as a foothold to move laterally through the network to […]
Vulnerability Spotlight: Apple OS X Graphics Kernel Driver Local Privilege Escalation Vulnerability
1 min read
Piotr Bania of Cisco Talos is credited with the discovery of this vulnerability. Cisco Talos, in conjunction with Apple’s security advisory issued on Mar 22, is disclosing the discovery of a local vulnerability in the communication functionality of the Apple Intel HD3000 Graphics kernel driver. This vulnerability was initially discovered by the Talos Vulnerability […]
Teslacrypt 3.0.1 – Tales from the Crypt(o)!
1 min read
This post is authored by Andrea Allievi and Holger Unterbrink Executive Summary Ransomware is malicious software that is designed to hold users’ files (such as photos, documents, and music) for ransom by encrypting their contents and demanding the user pay a fee to decrypt their files. Typically, users are exposed to ransomware via email phishing campaigns and exploit […]