Vulnerability Walkthrough: 7zip CVE-2016-2334 HFS+ Code Execution Vulnerability
This blog post was authored by Marcin Noga of Cisco Talos. Introduction In 2016 Talos released an advisory for CVE-2016-2334, which was a remote code execution vulnerability affecting certain versions of 7zip, a popular compression utility. In this blog post we will walk throug
Threat Round Up for Nov 10 - Nov 17
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between November 10 and November 17. As with previous round-ups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highl
Microsoft Patch Tuesday - November 2017
Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 53 new vulnerabilities with 19 of them rated critical, 31 of them rated important and 3 of th
Vulnerability Spotlight: Multiple Vulnerabilities in Foscam C1 Indoor HD Cameras
These vulnerabilities were discovered by Claudio Bozzato of Cisco Talos. Executive Summary The Foscam C1 Indoor HD Camera is a network-based camera that is marketed for use in a variety of applications, including use as a home security monitoring device. Talos recently identifi
Poisoning the Well: Banking Trojan Targets Google Search Results
This blog post was authored by Edmund Brumaghin, Earl Carter and Emmanuel Tacheau. Summary It has become common for users to use Google to find information that they do not know. In a quick Google search you can find practically anything you need to know. Links returned by
Spoofed SEC Emails Distribute Evolved DNSMessenger
This post was authored by Edmund Brumaghin, Colin Grady, with contributions from Dave Maynor and @Simpo13. Executive Summary Cisco Talos previously published research into a targeted attack that leveraged an interesting infection process using DNS TXT records to create a bidir
FIN7 Group Uses JavaScript and Stealer DLL Variant in New Attacks
This post was authored by Michael Gorelik and Josh Reynolds Executive Summary Throughout this blog post we will be detailing a newly discovered RTF document family that is being leveraged by the FIN7 group (also known as the Carbanak gang) which is a financially-motivated grou
CCleaner Command and Control Causes Concern
Introduction Talos recently published a technical analysis of a backdoor which was included with version 5.33 of the CCleaner application. During our investigation we were provided an archive containing files that were stored on the C2 server. Initially, we had concerns about th
CCleanup: A Vast Number of Machines at Risk
Update 9/18: CCleaner Cloud version 1.07.3191 is also reported to be affected Update 9/19: This issue was discovered and reported by both Morphisec and Cisco in separate in-field cases and reported separately to Avast. Update 9/19: There has been some confusion on how the DGA do