Snort Rules

May 22, 2017


Cisco Coverage for Adylkuzz, Uiwix, and EternalRocks

When the WannaCry attack was launched a little over a week ago, it was one of the first large scale attacks leveraging the data that was leaked by the Shadow Brokers. At the time the real concern was how quickly we would begin to see other threats leverage the same vulnerabilities. Over the past couple […]

May 16, 2017


Arbitrary Code Execution Vulnerabilities in MuPDF Identified and Patched

Talos is disclosing the presence of two vulnerabilities in the Artifex MuPDF renderer. MuPDF is a lightweight PDF parsing and rendering library featuring high fidelity graphics, high speed, and compact code size which makes it a fairly popular PDF library for embedding in different projects, especially mobile and web applications. Both of these vulnerabilities, if […]

May 9, 2017


Microsoft Patch Tuesday – May 2017

Today, Microsoft has release their monthly set of security updates designed to address vulnerabilities. This month’s release addresses 56 vulnerabilities with 15 of them rated critical and 41 rated important. Impacted products include .NET, DirectX, Edge, Internet Explorer, Office, Sharepoint, and Windows. In addition to the coverage Talos is providing for the normal monthly Microsoft […]

May 4, 2017


Vulnerability Spotlight: AntennaHouse DMC Library Arbitrary Code Execution Flaws

These vulnerabilities were discovered by Marcin ‘Icewall’ Noga of Talos. Today, Talos is disclosing several vulnerabilities that have been identified in the AntennaHouse DMC library which is used in various products for web-based document searching and rendering. These vulnerabilities manifest as a failure to correctly parse Microsoft Office documents and could be exploited to achieve […]

April 21, 2017


Vulnerability Spotlight: Hard-coded Credential Flaw in Moxa ICS Wireless Access Points Identified and Fixed

Earlier this month, Talos responsibly disclosed a set of vulnerabilities in Moxa ICS wireless access points. While most of the vulnerabilities were addressed in the previous set of advisories, Talos has continued to work with Moxa to ensure all remaining vulnerabilities that Talos identified are patched. Today in coordination with Moxa, Talos is disclosing the […]

April 21, 2017


Threat Round-up for Apr 14 – Apr 21

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between April 14 and April 21. As with previous round-ups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavior characteristics, indicators of compromise, and how our customers are automatically […]

April 15, 2017


Cisco Coverage for Shadow Brokers 2017-04-14 Information Release

On Friday, April 14, the actor group identifying itself as the Shadow Brokers released new information containing exploits for vulnerabilities that affect various versions of Microsoft Windows as well as applications such as Lotus Domino. Additionally, the release included previously unknown tools, including an exploitation framework identified as “FUZZBUNCH.” Preliminary analysis of the information suggested […]

April 10, 2017


From Box to Backdoor: Discovering Just How Insecure an ICS Device is in Only 2 Weeks

Inspired by "From LOW to PWNED," we decided to take a look at one Industrial Control System (ICS) wireless access point and see just how many vulnerabilities we could find in two weeks.

March 27, 2017


Vulnerability Spotlight: Certificate Validation Flaw in Apple macOS and iOS Identified and Patched

Most people don’t give much thought to what happens when you connect to your bank’s website or log in to your email account. For most people, securely connecting to a website seems as simple as checking to make sure the little padlock in the address bar is present. However, in the background there are many […]