exploits

December 8, 2017

THREAT RESEARCH

Vulnerability Spotlight: TALOS-2017-0393 / CVE-2017-2886 – ACDSee Ultimate 10 Remote Code Execution Vulnerability

Overview Talos has discovered a remote code execution vulnerability in the ACDSee Ultimate 10 application from ACD Systems International Inc. Exploiting this vulnerabilities can potentially allow an attacker to gain full control over the victim’s machine. If an attacker builds a specially crafted .PSD (Photoshop) file and the victim opens it with the ACDSee Ultimate […]

August 14, 2017

THREAT RESEARCH

When combining exploits for added effect goes wrong

Since public disclosure in April 2017, CVE-2017-0199 has been frequently used within malicious Office documents. The vulnerability allows attackers to include Ole2Link objects within RTF documents to launch remote code when HTA applications are opened and parsed by Microsoft Word. In this recent campaign, attackers combined CVE-2017-0199 exploitation with an earlier exploit, CVE-2012-0158, possibly in […]

May 23, 2017

THREAT RESEARCH

Modified Zyklon and plugins from India

Streams of malicious emails Talos inspects every day usually consist of active spamming campaigns for various ransomware families, phishing campaigns and the common malware family suspects such as banking Trojans and bots.. It is however often more interesting to analyze campaigns smaller in volume as they might contain more interesting malware. A few weeks ago […]

August 12, 2014

SECURITY

Cisco 2014 Midyear Security Report: Exploit Kit Creators Vying for ‘Market Leader’ Role

Even in the world of cybercrime, when a top “vendor” drops out of the market, competitors will scurry to fill the void with their own products. As reported in the Cisco 2014 Midyear Security Report, when Paunch—the alleged creator and distributor of the Blackhole exploit kit—was arrested in Russia in late 2013, other malware creators […]

September 23, 2013

SECURITY

Introducing Kvasir

Cisco’s Advanced Services has been performing penetration tests for our customers since the acquisition of the Wheel Group in 1998. We call them Security Posture Assessments, or SPA for short, and I’ve been pen testing for just about as long. I’ll let you in on a little secret about penetration testing: it gets messy! During […]

June 5, 2013

SECURITY

Plesk 0-Day Targets Web Servers

Update 6/6/2013: We’re seeing reports of exploitation of this vulnerability. We can confirm Global Correlation – Network Participation telemetry is seeing multiple exploitation attempts across many customers. Customers who participate in Global Correlation – Inspection have a higher chance of this signature blocking in the default configuration since the sensor will take the reputation of an attacker into account […]

May 1, 2013

SECURITY

Coordinated Attacks Against the U.S. Government and Banking Infrastructure

Prologue On April 10, 2013, a collective of politically motivated hacktivists announced a round of planned attacks called #OPUSA. These attacks, slated to begin May 7, 2013, are to be launched against U.S.-based targets. #OPUSA is a follow-up to #OPISRAEL, which were a series of attacks carried out on April 7 against Israeli-based targets. Our goal here is to […]

April 22, 2013

SECURITY

CVRF: A Penny For Your Thoughts

The Common Vulnerability Reporting Framework (CVRF) is a security automation standard intended to make your life easier by offering a common language to exchange traditional security and vulnerability bulletins, reports, and advisories. You can read more about it on the official ICASI CVRF 1.1 page, in my CVRF 1.1 Missing Manual blog series, or in […]

April 2, 2013

SECURITY

I Can’t Keep Up with All These Cisco Security Advisories: Do I Have to Upgrade?

"A security advisory was just published! Should I hurry and upgrade all my Cisco devices now?" This is a question that I am being asked by customers on a regular basis. In fact, I am also asked why there are so many security vulnerability advisories. To start with the second question: Cisco is committed to protecting customers by sharing critical security-related information in a very transparent way. Even if security vulnerabilities are found internally, the Cisco Product Security Incident Response Team (PSIRT) – which is my team – investigates, drives to resolution, and discloses such vulnerabilities. To quickly answer the first question, don't panic, as you may not have to immediately upgrade your device. However, in this article I will discuss some of the guidelines and best practices for responding to Cisco security vulnerability reports.