Cisco Blogs

Cisco Threat Research Blog

Threat intelligence for Cisco Products

We detect, analyze, and protect customers from both known and unknown emerging threats

Threat Research

  • Vulnerability Spotlight: FreeRDP Multiple Vulnerabilities

    - July 24, 2017 - 0 Comments

    Talos has discovered multiple vulnerabilities in the FreeRDP product. FreeRDP is a free implementation of the Remote Desktop Protocol (RDP) originally developed by Microsoft. RDP allows users to connect remotely to systems so they can be operated from afar. The open source nature of the FreeRDP library means that it is integrated into many commercial remote desktop protocol applications.


  • Threat Round-up for July 14 – July 21

    - July 21, 2017 - 0 Comments

    Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between July 14 and July 21. As with previous round-ups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavior characteristics, indicators of compromise, and how our customers are automatically protected from these threats.

    As a reminder, the information provided for the following threats in this post is non-exhaustive and current as of date of publication. Detection and coverage for the following threats is subject to updates pending additional threat or vulnerability analysis. For the most current information, please refer to your Firepower Management Center,, or

    Read more »

  • Vulnerability Spotlight: Multiple Vulnerabilities in CorelDRAW X8

    - July 20, 2017 - 0 Comments

    Today, Talos is disclosing several vulnerabilities that have been identified in CorelDRAW X8. CorelDRAW X8 is graphics suite used for manipulating raster and vector images and is a common alternative to Adobe Creative Cloud. Several of the vulnerabilities being disclosed today specifically affect PHOTO-PAINT X8, a raster graphics editor. Talos has responsibly disclosed this vulnerability to Corel. Corel has made a software update that addresses this vulnerability available for download.


  • Vulnerabilities in ProcessMaker, WebFOCUS, and OpenFire Identified and Patched

    - July 19, 2017 - 0 Comments

    Today, Talos is disclosing several vulnerabilities that have been identified by Portcullis in various software products. All four vulnerabilities have been responsibly disclosed to each respective developer in order ensure they are addressed. In order better protect our customers, Talos has also developed Snort rules that detect attempts to exploit these vulnerabilities.

    Vulnerability Details

    TALOS-2017-0313 (CVE-2016-9048) ProcessMaker Enterprise Core Multiple SQL Injection Vulnerabilities

    TALOS-2017-0313 was identified by Jerzy Kramarz of Portcullis.

    TALOS-2017-0313 encompasses multiple SQL injection vulnerabilities in ProcessMarker Enterprise Core These vulnerabilities manifest as a result of improperly sanitizing input received in web requests. An attacker who transmits a specifically crafted web request to an affected server with parameters containing SQL injection attacks could trigger this vulnerability. This could allow exfiltration of the database information, user credentials, and in certain configuration access the underlying operating system.

    Read more »

  • Unravelling .NET with the Help of WinDBG

    - July 19, 2017 - 0 Comments

    This blog was authored by Paul Rascagneres and Warren Mercer.


    .NET is an increasingly important component of the Microsoft ecosystem providing a shared framework for interoperability between different languages and hardware platforms. Many Microsoft tools, such as PowerShell, and other administrative functions rely on the .NET platform for their functionality. Obviously, this makes .NET an enticing language for malware developers too. Hence, malware researchers must also be familiar with the language and have the necessary skills to analyse malicious software that runs on the platform.

    Analysis tools such as ILSpy help researchers decompile code from applications, but cannot be used to automate the analysis of many samples. In this article we will examine how to use WinDBG to analyse .NET applications using the SOS extension provided by Microsoft.

    Read More

  • The Official Talos Guide to BlackHat 2017

    - July 18, 2017 - 3 Comments

    It is once again time for Security Summer Camp – the week in July that many of us descend upon Las Vegas for Black Hat and DEFCON. This is your official guide to what Cisco’s Talos Threat Intelligence team is doing at Black Hat 2017.

    Whether you are looking to catch some great talks, hunting down the best parties, or just trying to avoid LineCon in all it’s forms, here is a quick run-down of where and how you can catch Talos speakers, Cisco events, and some fun stuff from other teams within Cisco as well.  Read on for the full details of what Cisco has in store for this year!