Threat Research

April 20, 2016

THREAT RESEARCH

Threat Spotlight: Exploit Kit Goes International Hits 150+ Countries

1 min read

This post authored by Nick Biasini Talos is constantly monitoring the threat landscape and exploit kits are a constantly evolving component of it. An ongoing goal of Talos is to expose and disrupt these kits to protect the average internet user being targeted and compromised. We were able to gain unprecedented insight into Angler exploit […]

April 8, 2016

THREAT RESEARCH

Nuclear Drops Tor Runs and Hides

1 min read

Introduction Exploit kits are constantly compromising users, whether it’s via malvertising or compromised websites, they are interacting with a large amount of users on a daily basis. Talos is continuously monitoring these exploit kits to ensure protection, analyze changes as they occur, and looking for shifts in payloads. Yesterday we observed a new technique  in […]

March 23, 2016

THREAT RESEARCH

SamSam: The Doctor Will See You, After He Pays the Ransom

1 min read

Cisco Talos is currently observing a widespread campaign leveraging the Samas/Samsam/MSIL.B/C ransomware variant. Unlike most ransomware, SamSam is not launched via user focused attack vectors, such as phishing campaigns and exploit kits. This particular family seems to be distributed via compromising servers and using them as a foothold to move laterally through the network to […]

March 22, 2016

THREAT RESEARCH

Vulnerability Spotlight: Apple OS X Graphics Kernel Driver Local Privilege Escalation Vulnerability

1 min read

Piotr Bania of Cisco Talos is credited with the discovery of this vulnerability.   Cisco Talos, in conjunction with Apple’s security advisory issued on Mar 22, is disclosing the discovery of a local vulnerability in the communication functionality of the Apple Intel HD3000 Graphics kernel driver. This vulnerability was initially discovered by the Talos Vulnerability […]

March 1, 2016

THREAT RESEARCH

Angler Attempts to Slip the Hook

1 min read

This post was authored by Nick Biasini with contributions from Joel Esler and Melissa Taylor Talos has discussed at length the sophistication of the Angler exploit kit. One thing that always makes Angler stand apart is the speed with which they develop and implement new techniques. Whether its domain shadowing, 302 cushioning, encrypted payloads, or […]

February 10, 2016

SECURITY

DNSChanger Outbreak Linked to Adware Install Base

4 min read

[Ed. note: This post was authored by Veronica Valeros, Ross Gibb, Eric Hulse, and Martin Rehak] Late last autumn, the detector described in one...

February 9, 2016

THREAT RESEARCH

Bedep Lurking in Angler’s Shadows

1 min read

This post is authored by Nick Biasini. In October 2015, Talos released our detailed investigation of the Angler Exploit Kit which outlined the infrastructure and monetary impact of an exploit kit campaign delivering ransomware. During the investigation we found that two thirds of Angler’s payloads were some variation of ransomware and noted one of the […]

February 8, 2016

THREAT RESEARCH

The Internet of Things Is Not Always So Comforting

1 min read

Over the past few years, the Internet of Things (IoT) has emerged as reality with the advent of smart refrigerators, smart HVAC systems, smart TVs, and more. Embedding internet-enabled devices into everything presents new opportunities in connecting these systems to each other, making them “smarter,” and making our lives more convenient than ever before. Despite […]

January 27, 2016

THREAT RESEARCH

Bypassing MiniUPnP Stack Smashing Protection

1 min read

This post was authored by Aleksandar Nikolic, Warren Mercer, and Jaeson Schultz. Summary MiniUPnP is commonly used to allow two devices which are behind NAT firewalls to communicate with each other by opening connections in each of the firewalls, commonly known as “hole punching”. Various software implementations of this technique enable various peer-to-peer software applications, […]