Cisco Talos Blog

November 30, 2017 10:00

Vulnerability Walkthrough: 7zip CVE-2016-2334 HFS+ Code Execution Vulnerability

This blog post was authored by Marcin Noga of Cisco Talos. Introduction In 2016 Talos released an advisory for CVE-2016-2334, which was a remote code execution vulnerability affecting certain versions of 7zip, a popular compression utility. In this blog post we will walk throug

November 17, 2017 11:07

Threat Round Up for Nov 10 - Nov 17

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between November 10 and November 17. As with previous round-ups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highl

November 14, 2017 14:54

Microsoft Patch Tuesday - November 2017

Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 53 new vulnerabilities with 19 of them rated critical, 31 of them rated important and 3 of th

November 13, 2017 10:43

Vulnerability Spotlight: Multiple Vulnerabilities in Foscam C1 Indoor HD Cameras

These vulnerabilities were discovered by Claudio Bozzato of Cisco Talos. Executive Summary The Foscam C1 Indoor HD Camera is a network-based camera that is marketed for use in a variety of applications, including use as a home security monitoring device. Talos recently identifi

November 2, 2017 11:55

Poisoning the Well: Banking Trojan Targets Google Search Results

This blog post was authored by Edmund Brumaghin, Earl Carter and Emmanuel Tacheau.   Summary It has become common for users to use Google to find information that they do not know. In a quick Google search you can find practically anything you need to know. Links returned by

October 11, 2017 12:11

Spoofed SEC Emails Distribute Evolved DNSMessenger

This post was authored by Edmund Brumaghin, Colin Grady, with contributions from Dave Maynor and @Simpo13. Executive Summary Cisco Talos previously published research into a targeted attack that leveraged an interesting infection process using DNS TXT records to create a bidir

September 27, 2017 13:38

FIN7 Group Uses JavaScript and Stealer DLL Variant in New Attacks

This post was authored by Michael Gorelik and Josh Reynolds Executive Summary Throughout this blog post we will be detailing a newly discovered RTF document family that is being leveraged by the FIN7 group (also known as the Carbanak gang) which is a financially-motivated grou

September 20, 2017 17:57

CCleaner Command and Control Causes Concern

Introduction Talos recently published a technical analysis of a backdoor which was included with version 5.33 of the CCleaner application. During our investigation we were provided an archive containing files that were stored on the C2 server. Initially, we had concerns about th

September 18, 2017 03:51

CCleanup: A Vast Number of Machines at Risk

Update 9/18: CCleaner Cloud version 1.07.3191 is also reported to be affected Update 9/19: This issue was discovered and reported by both Morphisec and Cisco in separate in-field cases and reported separately to Avast. Update 9/19: There has been some confusion on how the DGA do