Cisco Talos Blog

July 3, 2018 06:00

Smoking Guns - Smoke Loader learned new tricks

Smoke Loader is primarily used as a downloader to drop and execute additional malware like ransomware or cryptocurrency miners.

June 14, 2018 10:54

Vulnerability Spotlight: TALOS-2018-0523-24 - Multiple Vulnerabilities in Pixars Renderman application

Vulnerabilities discovered by Tyler Bohan from Talos Overview Talos is disclosing two denial-of-service vulnerabilities in Pixar’s Renderman application. Renderman is a rendering application used in animation and film production. It is widely used for advanced rendering and sha

June 13, 2018 11:14

Vulnerability Spotlight: TALOS-2018-0545 - Microsoft wimgapi LoadIntegrityInfo Code Execution Vulnerability

Vulnerabilities discovered by Marcin Noga from Talos Overview Talos is disclosing a remote code execution vulnerability in the Microsoft wimgapi library. The wimgapi DLL is used in the Microsoft Windows operating system to perform operations on Windows Imaging Format (WIM)

June 5, 2018 00:53

Vulnerability Spotlight: TALOS-2018-0535 - Ocularis Recorder VMS_VA Denial of Service Vulnerability

Vulnerabilities discovered by Carlos Pacho from Talos Overview Talos is disclosing a denial-of-service vulnerability in the Ocularis Recorder. Ocularis is a video management software (VMS) platform used in a variety of settings, from convenience stores, to city-wide deployments

April 12, 2018 15:10

Vulnerability Spotlight: TALOS-2018-0529-531 - Multiple Vulnerabilities in NASA CFITSIO library

Talos is disclosing three remote code execution vulnerabilities in the NASA CFITSIO library. CFITSIO is a library of C and Fortran subroutines for reading and writing data files in the Flexible Image Transport System (FITS) data format. FITS is a standard format endorsed by both

March 6, 2018 10:59

Gozi ISFB Remains Active in 2018, Leverages "Dark Cloud" Botnet For Distribution

This blog post was authored by Edmund Brumaghin and Holger Unterbrink, with contributions from Adam Weller. Executive Summary Gozi ISFB is a well-known and widely distributed banking trojan, and has been in the threat landscape for the past several years. Banking trojans are

December 8, 2017 08:40

Vulnerability Spotlight: TALOS-2017-0393 / CVE-2017-2886 - ACDSee Ultimate 10 Remote Code Execution Vulnerability

An memory corruption vulnerability exists in the .PSD parsing functionality of ACD Systems International Inc. ACDSee Ultimate 10. An attacker can build a specially crafted PSD file that uses this bug to trigger a memory corruption. A byte value is taken directly from the .PSD fil