Cisco Talos Blog

September 20, 2017 17:57

CCleaner Command and Control Causes Concern

Introduction Talos recently published a technical analysis of a backdoor which was included with version 5.33 of the CCleaner application. During our investigation we were provided an archive containing files that were stored on the C2 server. Initially, we had concerns about th

July 7, 2017 16:34

Attack on Critical Infrastructure Leverages Template Injection

Executive Summary Attackers are continually trying to find new ways to target users with malware sent via email. Talos has identified an email-based attack targeting the energy sector, including nuclear power, that puts a new spin on the classic word document attachment phish. T

April 18, 2017 16:11

Vulnerability Spotlight: Information Disclosure Vulnerability in Lexmark Perceptive Document Filters

Discovered by Marcin 'Icewall' Noga of Cisco Talos. Talos are today releasing a new vulnerability discovered within the Lexmark Perceptive Document Filters library. TALOS-2017-0302 allows for information disclosure using specifically crafted files. Overview The vulner

March 31, 2017 08:40

Threat Spotlight: Sundown Matures

This post authored by Nick Biasini with contributions from Edmund Brumaghin and Alex Chiu The last time Talos discussed Sundown it was an exploit kit in transition. Several of the large exploit kits had left the landscape and a couple of strong contenders remain. Sundown was one

February 27, 2017 16:42

Cisco Coverage for Smart Install Client Protocol Abuse

Summary Talos has become aware of active scanning against customer infrastructure with the intent of finding Cisco Smart Install clients. Cisco Smart Install is one component of the Cisco Smart Operations solution that facilitates the management of LAN switches. Research has ind

February 21, 2017 11:22

Vulnerability Spotlight: Multiple Vulnerabilities in the Aerospike NoSQL Database Server

Vulnerabilities discovered by Talos Talos is releasing multiple vulnerabilities discovered in the Aerospike Database Server. These vulnerabilities range from Denial of Service to potential remote code execution. This software is used by various companies that require a high perf

January 12, 2017 15:01

Vulnerability Spotlight: Exploiting the Aerospike Database Server

Vulnerabilities discovered by Talos Talos is disclosing multiple vulnerabilities discovered in the Aerospike Database Server. These vulnerabilities range from memory disclosure to potential remote code execution. This software is used by various companies that require a high per

January 12, 2017 12:33

Shadow Brokers Malware Coverage

The Shadow Brokers released what appears to be a series of windows rootkit components in a farewell message. The malware released included many Windows malware files that supposedly all trigger as either “equationdrug.generic” or “equationdrug.k”  by the Kaspersky security produc

December 20, 2016 14:27

Vulnerabiity Spotlight: Tarantool Denial of Service Vulnerabilities

Vulnerabilities discovered by Talos Talos is disclosing two denial of service vulnerabilities (CVE-2016-9036 & CVE-2016-9037) in Tarantool. Tarantool is an open-source lua-based application server. While primarily functioning as an application server, it is also capable of p