Articles
Threat Spotlight: Angler Lurking in the Domain Shadows
10 min read
This post was authored by Nick Biasini and edited by Joel Esler Overview Over the last several months Talos researchers have been monitoring a massive exploit kit campaign that is utilizing hijacked registrant accounts to create large amounts of subdomains for both initial redirection and exploitation. This campaign has been largely attributed to Angler Exploit […]
Talos is Hiring
1 min read
If you’re an experienced malware reverse engineer, exploit developer, response specialist, intel analyst, or looking to start your career in security, Talos might be the place for you. We have a number of positions open in Columbia, Maryland; Austin, Texas; San Jose, California; and San Francisco, California. If you are open to relocation to one […]
Malicious PNGs: What You See Is Not All You Get!
3 min read
This post was authored by Earl Carter and Nick Randolph. Threat actors are continually evolving their techniques. One of the latest Graftor variants is delivering a Malware DLL via a PNG file delivery mechanism. Graftor basically indicates some type of trojan hiding in a piece of software. Hiding executables and DLLs in PNG files is […]
Equation Coverage
1 min read
Cisco Talos is aware of the public discourse surrounding the malware family dubbed “The Equation Family”. As of February 17th the following rules (33543 – 33546 MALWARE-CNC Win.Trojan.Equation) were released to detect the Equation Family traffic. These rules may be found in the Cisco FireSIGHT Management Console (Defense Center), or in the Subscriber Ruleset on […]
Tax Time: Let the Phishing Begin
3 min read
This post was authored by Earl Carter and Craig Williams. With the April 15th US tax deadline only about 2 months away, a new wave of tax related phishing is underway. In this latest spear-phishing campaign, attackers are attempting to gain access to your system so that they can steal your banking and other online […]
Bad Browser Plug-ins Gone Wild: Malvertising, Data Exfiltration, and Malware, Oh my!
4 min read
This post was authored by Fred Concklin, William Largent, Martin Rehak, Michal Svoboda, and Veronica Valeros. During an average day of surfing the web via computer, smartphones, and tablets, we...
Microsoft Patch Tuesday for February 2015: 56 vulnerabilities fixed
3 min read
Microsoft’s Patch Tuesday for February 2015 has arrived. This month’s round of security updates is large with Microsoft releasing 9 bulletins addressing 56 CVEs. 3 of the bulletins are rated critical and address vulnerabilities within Internet Explorer, Windows, and Group Policy. The remaining 6 bulletins are rated important and address vulnerabilities in Office, Windows, Group […]
Cryptowall 3.0: Back to the Basics
6 min read
This post was authored by Andrea Allievi & Earl Carter Ransomware continues to impact a large number of organizations and the malware continues to evolve. In January, we examined Cryptowall 2.0 and highlighted new features incorporated into the dropper and Cryptowall binary. When Cryptowall 3.0 appeared, we were interested in seeing what new functionality was […]
Angler Exploit Kit – New Variants
2 min read
This post was authored by Nick Biasini On January 27th, Talos researchers began observing a new Angler Exploit Kit (EK) campaign using new variants associated with (CVE-2015-0311). Based on our telemetry data the campaign lasted from January 26th until January 30th with the majority of the events occurring on January 28th & 29th.
1