CCleaner Command and Control Causes Concern
Introduction Talos recently published a technical analysis of a backdoor which was included with version 5.33 of the CCleaner application. During our investigation we were provided an archive containing files that were stored on the C2 server. Initially, we had concerns about th
Attack on Critical Infrastructure Leverages Template Injection
Executive Summary Attackers are continually trying to find new ways to target users with malware sent via email. Talos has identified an email-based attack targeting the energy sector, including nuclear power, that puts a new spin on the classic word document attachment phish. T
Vulnerability Spotlight: Information Disclosure Vulnerability in Lexmark Perceptive Document Filters
Discovered by Marcin 'Icewall' Noga of Cisco Talos. Talos are today releasing a new vulnerability discovered within the Lexmark Perceptive Document Filters library. TALOS-2017-0302 allows for information disclosure using specifically crafted files. Overview The vulner
Threat Spotlight: Sundown Matures
This post authored by Nick Biasini with contributions from Edmund Brumaghin and Alex Chiu The last time Talos discussed Sundown it was an exploit kit in transition. Several of the large exploit kits had left the landscape and a couple of strong contenders remain. Sundown was one
Cisco Coverage for Smart Install Client Protocol Abuse
Summary Talos has become aware of active scanning against customer infrastructure with the intent of finding Cisco Smart Install clients. Cisco Smart Install is one component of the Cisco Smart Operations solution that facilitates the management of LAN switches. Research has ind
Vulnerability Spotlight: Multiple Vulnerabilities in the Aerospike NoSQL Database Server
Vulnerabilities discovered by Talos Talos is releasing multiple vulnerabilities discovered in the Aerospike Database Server. These vulnerabilities range from Denial of Service to potential remote code execution. This software is used by various companies that require a high perf
Vulnerability Spotlight: Exploiting the Aerospike Database Server
Vulnerabilities discovered by Talos Talos is disclosing multiple vulnerabilities discovered in the Aerospike Database Server. These vulnerabilities range from memory disclosure to potential remote code execution. This software is used by various companies that require a high per
Shadow Brokers Malware Coverage
The Shadow Brokers released what appears to be a series of windows rootkit components in a farewell message. The malware released included many Windows malware files that supposedly all trigger as either “equationdrug.generic” or “equationdrug.k” by the Kaspersky security produc
Vulnerabiity Spotlight: Tarantool Denial of Service Vulnerabilities
Vulnerabilities discovered by Talos Talos is disclosing two denial of service vulnerabilities (CVE-2016-9036 & CVE-2016-9037) in Tarantool. Tarantool is an open-source lua-based application server. While primarily functioning as an application server, it is also capable of p