Cisco Talos Blog

August 31, 2017 11:05

Back to Basics: Worm Defense in the Ransomware Age

This post was authored by Edmund Brumaghin "Those who cannot remember the past are condemned to repeat it." - George Santayana The Prequel In March 2017, Microsoft released a security update for various versions of Windows, which addressed a remote code execution vu

July 17, 2017 10:35

Memcached - A Story of Failed Patching & Vulnerable Servers

This blog authored by Aleksandar Nikolich and David Maynor with contributions from Nick Biasini Memcached - Not secure, Not Patched Fast Enough Recently high profile vulnerabilities in systems were used to unleash several global ransomware attacks that greatly impacted organiza

July 7, 2017 12:30

Threat Round-up for June 30 - July 07

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between June 30 and July 07. As with previous round-ups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting

June 22, 2017 13:37

Vulnerability Spotlight: Multiple Vulnerabilities in InsideSecure MatrixSSL

These vulnerabilities were discovered by Aleksandar Nikolic of Cisco Talos Overview MatrixSSL is a TLS/SSL stack offered in the form of a Software Development Kit (SDK) that is geared towards application in Internet of Things (IOT) devices and other embedded systems. It feature

May 12, 2017 09:58

Jaff Ransomware: Player 2 Has Entered The Game

This post was written by Nick Biasini, Edmund Brumaghin and Warren Mercer with contributions from Colin Grady Summary Talos is constantly monitoring the email threat landscape and tracking both new threats as well as changes to existing threats. We recently observed several la

April 27, 2017 10:45

Vulnerability Spotlight: Multiple Vulnerabilities in Zabbix

These vulnerabilities were discovered by Lilith Wyatt of Cisco ASIG Summary Zabbix is an enterprise monitoring solution that is designed to give organizations the ability to monitor the health and status of various systems within their networks, including: network services, ser

March 20, 2017 17:18

Necurs Diversifies Its Portfolio

The post was authored by Sean Baird, Edmund Brumaghin and Earl Carter, with contributions from Jaeson Schultz. Executive Summary   The Necurs botnet is the largest spam botnet in the world. Over the past year it has been used primarily for the distribution of Locky ransomware

March 2, 2017 12:11

Covert Channels and Poor Decisions: The Tale of DNSMessenger

This post was authored by Edmund Brumaghin and Colin Grady Executive Summary The Domain Name System (DNS) is one of the most commonly used Internet application protocols on corporate networks. It is responsible for providing name resolution so that network resources can be acc

February 9, 2017 20:04

Cisco Coverage for 'Ticketbleed'

Vulnerability Details A vulnerability (CVE-2016-9244) was recently disclosed affecting various F5 products due to the way in which the products handle Session IDs when the non-default Session Tickets option is enabled. By manipulating the Session IDs provided to affected products