Threat Spotlight: Mighty Morphin Malware Purveyors: Locky Returns Via Necurs
Throughout the majority of 2016, Locky was the dominant ransomware in the threat landscape. It was an early pioneer when it came to using scripting formats Windows hosts would natively handle, like .js, .wsf, and .hta. These scripting formats acted as a vehicle to deliver the pay
Vulnerability Spotlight: ARM Mbedtls x509 ECDSA invalid public key Code Execution Vulnerability
Vulnerability Discovered by Aleksandar Nikolic Overview Talos is disclosing TALOS-2017-0274/CVE-2017-2784, a code execution vulnerability in ARM MbedTLS. This vulnerability is specifically related to how MbedTLS handles x509 certificates. MbedTLS is an SSL/TLS implementation
Vulnerability Spotlight: R - PDF LoadEncoding Code Execution Vulnerability
Vulnerability Discovered by Cory Duplantis of Cisco Talos Overview Talos is disclosing TALOS-2016-0227 / CVE-2016-8714 which is a buffer overflow vulnerability in the LoadEncoding functionality of the R programming language version 3.3.0. The R programming language is commonly
Content-Type: Malicious - New Apache Struts2 0-day Under Attack
UPDATE: It was recently disclosed that in addition to Content-Type being vulnerable, both Content-Disposition and Content-Length can be manipulated to trigger this particular vulnerability. No new CVE was listed, however details of the vulnerability and remediation are available
Vulnerability Spotlight: Adobe Acrobat Reader DC jpeg Decoder Vulnerability
Discovered by Aleksandar Nikolic of Cisco Talos Overview Talos is disclosing TALOS-2016-0259 / CVE-2017-2971 an uninitialized memory vulnerability in Adobe Acrobat Reader DC. Adobe Acrobat Reader is one of the largest and well known PDF readers available today. This particul
Without Necurs, Locky Struggles
This post authored by Nick Biasini with contributions from Jaeson Schultz Locky has been a devastating force for the last year in the spam and ransomware landscape. The Locky variant of ransomware has been responsible for huge amounts of spam messages being sent on a daily basis
Microsoft Patch Tuesday - December 2016
The final patch Tuesday of 2016 has arrived. Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month's release contains 12 bulletins addressing 48 vulnerabilities. Six bulletins are r
Vulnerability Spotlight: Joyent SmartOS
Vulnerability discovered by Tyler Bohan Overview Talos is disclosing a series of vulnerabilities in Joyent SmartOS, specifically in the Hyprlofs filesystem. SmartOS is an open source hypervisor that is based on a branch of Opensolaris. Hyperlofs is a SmartOS in-memory filesyst
Cerber Spam: Tor All the Things!
This post authored by Nick Biasini and Edmund Brumaghin with contributions from Sean Baird and Andrew Windsor. Executive Summary Talos is continuously analyzing email based malware always looking at how adversaries change and the new techniques that are being added on an almo