Cisco Talos

September 7, 2017

THREAT RESEARCH

Another Apache Struts Vulnerability Under Active Exploitation

This post authored by Nick Biasini with contributions from Alex Chiu. Earlier this week, a critical vulnerability in Apache Struts was publically disclosed in a security advisory. This new vulnerability, identified as CVE-2017-9805, manifests due to the way the REST plugin uses XStreamHandler with an instance of XStream for deserialization without any type filtering. As […]

August 30, 2017

THREAT RESEARCH

Vulnerability Spotlight: Multiple Gdk-Pixbuf Vulnerabilities

Today, Talos is disclosing the discovery of two remote code execution vulnerabilities which have been identified in the Gdk-Pixbuf Toolkit. This toolkit used in multiple desktop applications including Chromium, Firefox, GNOME thumbnailer, VLC and others. Exploiting this vulnerability allows an attacker to gain full control over the victim’s machine. If an attacker builds a specially […]

August 28, 2017

THREAT RESEARCH

Vulnerability Spotlight: Lexmark Perceptive Document Filters Code Execution Bugs

Overview Talos is disclosing a pair of code execution vulnerabilities in Lexmark Perceptive Document Filters. Perceptive Document Filters are a series of libraries that are used to parse massive amounts of different types of file formats for multiple purposes. Talos has previously discussed in detail these filters and how they operate. The software update to […]

August 4, 2017

THREAT RESEARCH

Vulnerability Spotlight: Kakadu SDK Vulnerabilities

Vulnerabilities discovered by Aleksandar Nikolic and Tyler Bohan of Cisco Talos. Today, Talos is disclosing multiple vulnerabilities that have been identified in the Kakadu JPEG 2000 SDK. The vulnerabilities manifest in a way that could be exploited if a user opens a specifically crafted JPEG 2000 file. Talos has coordinated with Kakadu to ensure relevant […]

June 29, 2017

GOVERNMENT

Unpacking the New Ransomware Attack

WannaCry was not the start nor the end of the ransomware wave. Get the details on the newest threat.

June 19, 2017

THREAT RESEARCH

Vulnerability Spotlight: Multiple Foscam C1 Vulnerabilities Come in to Focus

Executive Summary The Foscam C1 is a webcam that is marketed for use in a variety of applications including home security monitoring. As an indoor webcam, it is designed to be set up inside of a building and features the ability to be accessed remotely via a web interface or from within a mobile application. […]

June 14, 2017

THREAT RESEARCH

Deep dive in Lexmark Perceptive Document Filters Exploitation

This post authored by Marcin Noga with contributions from Nick Biasini Introduction Talos discovers and releases software vulnerabilities on a regular basis. We don’t always publish a deep technical analysis of how the vulnerability was discovered or its potential impact. This blog will cover these technical aspects including discovery and exploitation. Before we deep dive into […]

May 25, 2017

THREAT RESEARCH

Samba Vulnerability: Dancing Its Way to a Network Near You

Overview Today, a new vulnerability affecting the widely used Samba software was released. Samba is the SMB/CIFS protocol commonly used in *NIX operating systems. CVE-2017-7494 has the potential to impact many systems around the world. This vulnerability could allow a user to upload a shared library to a writeable share on a vulnerable Samba server […]

January 27, 2017

THREAT RESEARCH

Matryoshka Doll Reconnaissance Framework

This post authored by David Maynor & Paul Rascagneres with the contribution of Alex McDonnell and Matthew Molyett Overview Talos has identified a malicious Microsoft Word document with several unusual features and an advanced workflow, performing reconnaissance on the targeted system to avoid sandbox detection and virtual analysis, as well as exploitation from a non-embedded […]