Cisco Talos

May 25, 2017


Samba Vulnerability: Dancing Its Way to a Network Near You

Overview Today, a new vulnerability affecting the widely used Samba software was released. Samba is the SMB/CIFS protocol commonly used in *NIX operating systems. CVE-2017-7494 has the potential to impact many systems around the world. This vulnerability could allow a user to upload a shared library to a writeable share on a vulnerable Samba server […]

January 27, 2017


Matryoshka Doll Reconnaissance Framework

This post authored by David Maynor & Paul Rascagneres with the contribution of Alex McDonnell and Matthew Molyett Overview Talos has identified a malicious Microsoft Word document with several unusual features and an advanced workflow, performing reconnaissance on the targeted system to avoid sandbox detection and virtual analysis, as well as exploitation from a non-embedded […]

January 20, 2017


Vulnerability Spotlight: Adobe Acrobat Reader DC jpeg Decoder Vulnerability

Discovered by Aleksandar Nikolic of Cisco Talos Overview Talos is disclosing TALOS-2016-0259 / CVE-2017-2791 an uninitialized memory vulnerability in Adobe Acrobat Reader DC. Adobe Acrobat Reader is one of the largest and well known PDF readers available today. This particular vulnerability is associated with the JPEG Decoder functionality embedded in the application. A specially crafted […]

January 18, 2017


Without Necurs, Locky Struggles

This post authored by Nick Biasini with contributions from Jaeson Schultz Locky has been a devastating force for the last year in the spam and ransomware landscape. The Locky variant of ransomware has been responsible for huge amounts of spam messages being sent on a daily basis. The main driver behind this traffic is the […]

November 28, 2016


Cerber Spam: Tor All the Things!

This post authored by Nick Biasini and Edmund Brumaghin with contributions from Sean Baird and Andrew Windsor. Executive Summary Talos is continuously analyzing email based malware always looking at how adversaries change and the new techniques that are being added on an almost constant basis. Recently we noticed some novel ways that adversaries are leveraging […]

November 22, 2016


Fareit Spam: Rocking Out to a New File Type

This post authored by Nick Biasini Talos is constantly monitoring the threat landscape including the email threat landscape. Lately this landscape has been dominated with Locky distribution. During a recent Locky vacation Talos noticed an interesting shift in file types being used to distribute another well known malware family, Fareit. We’ve discussed Fareit before, it’s […]

November 2, 2016


Vulnerability Spotlight: Windows 10 Remote Denial of Service

Talos is releasing an advisory for a remote denial of service attack vulnerability in Microsoft Windows 10 AHCACHE.SYS. An attacker can craft a malicious portable executable file, which if accessed causes AHCACHE.SYS to attempt to access out of scope memory. This triggers a bugcheck in the Windows kernel causing the system to crash, denying service […]

September 1, 2016


Talos ShadowGate Take Down: Global Malvertising Campaign Thwarted

Yet another example of how organizations work together to stop threats affecting users around the globe.

July 7, 2016


Connecting the Dots Reveals Crimeware Shake-up

This Post Authored by Nick Biasini For a couple of weeks in June the threat landscape was changed. Several high profile threats fell off the landscape, causing a shake-up that hadn’t been seen before.  For a period of three weeks the internet was safer, if only for a short time. Still to date the Angler […]