Threat Round-up for June 30 - July 07
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between June 30 and July 07. As with previous round-ups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting
Vulnerability Spotlight: Multiple Vulnerabilities in InsideSecure MatrixSSL
These vulnerabilities were discovered by Aleksandar Nikolic of Cisco Talos Overview MatrixSSL is a TLS/SSL stack offered in the form of a Software Development Kit (SDK) that is geared towards application in Internet of Things (IOT) devices and other embedded systems. It feature
Jaff Ransomware: Player 2 Has Entered The Game
This post was written by Nick Biasini, Edmund Brumaghin and Warren Mercer with contributions from Colin Grady Summary Talos is constantly monitoring the email threat landscape and tracking both new threats as well as changes to existing threats. We recently observed several la
Vulnerability Spotlight: Multiple Vulnerabilities in Zabbix
These vulnerabilities were discovered by Lilith Wyatt of Cisco ASIG Summary Zabbix is an enterprise monitoring solution that is designed to give organizations the ability to monitor the health and status of various systems within their networks, including: network services, ser
Necurs Diversifies Its Portfolio
The post was authored by Sean Baird, Edmund Brumaghin and Earl Carter, with contributions from Jaeson Schultz. Executive Summary The Necurs botnet is the largest spam botnet in the world. Over the past year it has been used primarily for the distribution of Locky ransomware
Covert Channels and Poor Decisions: The Tale of DNSMessenger
This post was authored by Edmund Brumaghin and Colin Grady Executive Summary The Domain Name System (DNS) is one of the most commonly used Internet application protocols on corporate networks. It is responsible for providing name resolution so that network resources can be acc
Cisco Coverage for 'Ticketbleed'
Vulnerability Details A vulnerability (CVE-2016-9244) was recently disclosed affecting various F5 products due to the way in which the products handle Session IDs when the non-default Session Tickets option is enabled. By manipulating the Session IDs provided to affected products
Go RAT, Go! AthenaGo points “TorWords” Portugal
This post was authored by Edmund Brumaghin with contributions from Angel Villegas Summary Talos is constantly monitoring the threat landscape in an effort to identify changes in the way attackers are attempting to target organizations around the world. We identified a unique m
Vulnerability Spotlight: Multiple Code Execution Vulnerabilities in Oracle Outside In Technology
These vulnerabilities were discovered by Aleksandar Nikolic of Cisco Talos. Summary Oracle's Outside In Technology (OIT) is a set of SDKs that software developers can use to perform various actions against a large number of different file formats. According to the OIT web