Cisco Talos Blog

February 8, 2017 12:24

Go RAT, Go! AthenaGo points “TorWords” Portugal

This post was authored by Edmund Brumaghin with contributions from Angel Villegas Summary Talos is constantly monitoring the threat landscape in an effort to identify changes in the way attackers are attempting to target organizations around the world. We identified a unique m

January 18, 2017 12:12

Vulnerability Spotlight: Multiple Code Execution Vulnerabilities in Oracle Outside In Technology

These vulnerabilities were discovered by Aleksandar Nikolic of Cisco Talos. Summary   Oracle's Outside In Technology (OIT) is a set of SDKs that software developers can use to perform various actions against a large number of different file formats. According to the OIT web

December 7, 2016 11:02

Floki Bot Strikes, Talos and Flashpoint Respond

This blog post was authored by Ben Baker, Edmund Brumaghin, Mariano Graziano, and Jonas Zaddach Executive Summary Floki Bot is a new malware variant that has recently been offered for sale on various darknet markets. It is based on the same codebase that was used by the infamo

October 24, 2016 14:15

Pumpkin Spiced Locky

This post was authored by Warren Mercer & Edmund Brumaghin Summary   We had .locky, we had .odin and then we had .zepto but today we hit rock bottom and we now have Locky using .shit as their encrypted file extension. In today's latest wave of spam, Talos has observed

October 19, 2016 14:41

MBRFilter - Can't Touch This!

Update: 10/20/2016 - MBRFilter has been intentionally made difficult to remove to prevent malware from simply disabling or removing this protection during the infection process. Test thoroughly before deploying within production environments. Summary Ransomware has become incr

September 29, 2016 11:02

Want Tofsee My Pictures? A Botnet Gets Aggressive

This post was authored by Edmund Brumaghin Summary Tofsee is multi-purpose malware that has been in existence for several years, operating since at least 2013. It features a number of modules that are used to carry out various activities such as sending spam messages, conducti

September 27, 2016 10:26

Threat Spotlight: GozNym

This blog was authored by Ben Baker, Edmund Brumaghin and Jonah Samost. Executive Summary GozNym is the combination of features from two previously identified families of malware, Gozi and Nymaim. Gozi was a widely distributed banking trojan with a known Domain Generation Algo

August 12, 2016 10:38

Vulnerability Spotlight: Rockwell Automation MicroLogix 1400 SNMP Credentials Vulnerability

This vulnerability was discovered by Patrick DeSantis. Description Talos recently discovered a vulnerability in Allen-Bradley Rockwell Automation MicroLogix 1400 Programmable Logic Controllers (PLCs) related to the default configuration that is shipped with devices running affe

August 9, 2016 15:15

Microsoft Patch Tuesday - August 2016

This post was authored by Edmund Brumaghin and Jonah Samost Today is Patch Tuesday for August 2016, and Microsoft has released several security bulletins and associated patches to resolve security issues across their products. This month’s patch release includes 9 bulletins addr