Bedep Lurking in Angler's Shadows
This post is authored by Nick Biasini. In October 2015, Talos released our detailed investigation of the Angler Exploit Kit which outlined the infrastructure and monetary impact of an exploit kit campaign delivering ransomware. During the investigation we found that two thirds o
The Internet of Things Is Not Always So Comforting
This post is authored by Alex Chiu. Over the past few years, the Internet of Things (IoT) has emerged as reality with the advent of smart refrigerators, smart HVAC systems, smart TVs, and more. Embedding internet-enabled devices into everything presents new opportunities in conn
Microsoft Patch Tuesday - January 2016
The first Patch Tuesday of 2016 has arrived. Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release is relatively light with nine bulletins addressing 25 vulnerabilities. Six b
Microsoft Patch Tuesday - December 2015
Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release sees a total of 12 bulletins released which address 71 vulnerabilities. Eight bulletins are rated "Critical" th
Microsoft Patch Tuesday - November 2015
Microsoft's Patch Tuesday has arrived. Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release contains 12 bulletins addressing 53 vulnerabilities. Four bulletins are rated
Reverse Social Engineering Tech Support Scammers
This post is authored by Jaime Filson and Dave Liebenberg. Background A mosaic made up of 1-800 tech support scam websites The amount of fraudulent actors masquerading as legitimate tech support has been on the rise since 2008. According to David Finn, executive director a
Cisco Identifies Multiple Vulnerabilities in Network Time Protocol daemon (ntpd)
Cisco is committed to improving the overall security of the products and services our customers rely on. As part of this commitment, Cisco assesses the security of software components used in our products. Open source software plays a key role in many Cisco products and as a resu
Microsoft Patch Tuesday - October 2015
Microsoft's Patch Tuesday has arrived. Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release is fairly light with a total of 6 bulletins released addressing 33 vulnerabili
Threat Spotlight: Rombertik - Gazing Past the Smoke, Mirrors, and Trap Doors
This post was authored by Ben Baker and Alex Chiu. Executive Summary Threat actors and security researchers are constantly looking for ways to better detect and evade each other. As researchers have become more adept and efficient at malware analysis, malware authors have mad