Cisco Talos Blog

August 7, 2012 15:47

Stupid CSS Tricks

As has been well-demonstrated by the Blackhole Exploit Kit's "Loading, Please Wait..." page, people browsing the web are most likely to allow a malicious page to complete whatever action it is attempting to execute when they see no signs of strange activity on that

July 30, 2012 15:25

Phishing Games

It's no surprise that, as the 2012 London Olympic games approach, cybercriminals are using the event as bait for a variety of scams. Sure, there are plenty of 419 scams revolving around the games - but we'll assume that none of the readers of this blog are dumb enough to

July 17, 2012 16:30

The Power of Open Source Intelligence

Last week, an email came into the main VRT email account, entitled "New Malicious Javascript." The note inside was from Mr. Brett C., a Sourcefire customer who'd stumbled across an interesting chunk of heavily obfuscated JavaScript that was the first page in a chain

July 9, 2012 14:51

CVE-2012-1723: New Java Attack Added to Blackhole

Word began to emerge last week of the addition of a new vulnerability to the Blackhole Exploit Kit. The bug in question - CVE-2012-1723 - is a complex Java issue, which thankfully has patches available from Oracle already. Of course, just because a patch is available doesn't

June 21, 2012 16:18

Microsoft In-The-Wild Coverage - CVE-2012-1889 and CVE-2012-1875

As a security professional, there's very little I hate more than Microsoft vulnerabilities announced after patches are sent out each Microsoft Tuesday. Not only do they mean that folks like me have to scramble to address them - since invariably bugs released outside the stand

June 19, 2012 11:39

Compromised WordPress Blogs: A Phisher's Paradise

One of the ongoing trends in the phishing attacks the VRT monitors is the use of poorly secured WordPress blogs as staging points for exploit kits. Every time I hover over a link in the latest "UPS Tracking" or "Airline Ticket Confirmation" email, I'm look

June 12, 2012 11:23

MySQL Authentication Brute Force Attack

Before you read this, go and make sure your MySQL servers are patched and up-to-date. This is serious, nasty 0-day, and while there is some mitigation in terms of impacted platforms, the newest MySQL bug is so trivial to exploit that it's worth a couple of minutes just to che

June 11, 2012 13:59

Web Shell Poses As A GIF

One of the most actively scanned-for vulnerabilities on the Internet these days is the TimThumb remote file include, an attack released in August of 2011 that targets the popular WordPress module. People scan for it so heavily because doing so is cheap and easy, from a bandwidth

May 29, 2012 14:38

Flame Malware, Targeted Attacks, and You

It seems no good holiday goes by without some quality new malware being dropped, and this year's Memorial Day was no exception. Announced in posts by Kaspersky, Symantec, the Iranian National CERT and the Budapest University of Technology and Economics, a targeted piece of ma