Back to Basics: Worm Defense in the Ransomware Age
This post was authored by Edmund Brumaghin "Those who cannot remember the past are condemned to repeat it." - George Santayana The Prequel In March 2017, Microsoft released a security update for various versions of Windows, which addressed a remote code execution vu
Memcached - A Story of Failed Patching & Vulnerable Servers
This blog authored by Aleksandar Nikolich and David Maynor with contributions from Nick Biasini Memcached - Not secure, Not Patched Fast Enough Recently high profile vulnerabilities in systems were used to unleash several global ransomware attacks that greatly impacted organiza
Threat Round-up for June 30 - July 07
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between June 30 and July 07. As with previous round-ups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting
Vulnerability Spotlight: Multiple Vulnerabilities in InsideSecure MatrixSSL
These vulnerabilities were discovered by Aleksandar Nikolic of Cisco Talos Overview MatrixSSL is a TLS/SSL stack offered in the form of a Software Development Kit (SDK) that is geared towards application in Internet of Things (IOT) devices and other embedded systems. It feature
Jaff Ransomware: Player 2 Has Entered The Game
This post was written by Nick Biasini, Edmund Brumaghin and Warren Mercer with contributions from Colin Grady Summary Talos is constantly monitoring the email threat landscape and tracking both new threats as well as changes to existing threats. We recently observed several la
Vulnerability Spotlight: Multiple Vulnerabilities in Zabbix
These vulnerabilities were discovered by Lilith Wyatt of Cisco ASIG Summary Zabbix is an enterprise monitoring solution that is designed to give organizations the ability to monitor the health and status of various systems within their networks, including: network services, ser
Necurs Diversifies Its Portfolio
The post was authored by Sean Baird, Edmund Brumaghin and Earl Carter, with contributions from Jaeson Schultz. Executive Summary The Necurs botnet is the largest spam botnet in the world. Over the past year it has been used primarily for the distribution of Locky ransomware
Covert Channels and Poor Decisions: The Tale of DNSMessenger
This post was authored by Edmund Brumaghin and Colin Grady Executive Summary The Domain Name System (DNS) is one of the most commonly used Internet application protocols on corporate networks. It is responsible for providing name resolution so that network resources can be acc
Cisco Coverage for 'Ticketbleed'
Vulnerability Details A vulnerability (CVE-2016-9244) was recently disclosed affecting various F5 products due to the way in which the products handle Session IDs when the non-default Session Tickets option is enabled. By manipulating the Session IDs provided to affected products