Cisco Talos Blog

April 2, 2020 11:04

AZORult brings friends to the party

By Vanja Svajcer. NEWS SUMMARY * We are used to ransomware attacks and big game hunting making the headlines, but there is an undercurrent of other attack types that allow attackers to monetize their efforts in a less intrusive way. * Here, we discuss a multi-pronged cyber

February 18, 2020 11:01

Building a bypass with MSBuild

By Vanja Svajcer. NEWS SUMMARY * Living-off-the-land binaries (LoLBins) continue to pose a risk to security defenders. * We analyze the usage of the Microsoft Build Engine by attackers and red team personnel. * These threats demonstrate techniques T1127 (Trusted Developer

November 13, 2019 11:00

Hunting for LoLBins

By Vanja Svajcer. Introduction Attackers' trends tend to come and go. But one popular technique we're seeing at this time is the use of living-off-the-land binaries — or "LoLBins". LoLBins are used by different actors combined with fileless malware and legiti

August 27, 2019 11:01

China Chopper still active 9 years later

By Paul Rascagneres and Vanja Svajcer. Introduction Threats will commonly fade away over time as they're discovered, reported on, and detected. But China Chopper has found a way to stay relevant, active and effective nine years after its initial discovery. China Chopper is

May 30, 2019 10:19

10 years of virtual dynamite: A high-level retrospective of ATM malware

ATM malware has evolved to include a number of different families and different actors behind them, ranging from criminal groups to actors affiliated with nation states.

October 26, 2018 12:16

Vulnerability Spotlight: Talos-2018-0694 - MKVToolNix mkvinfo read_one_element Code Execution Vulnerability

Piotr Bania, Cory Duplantis and Martin Zeiser of Cisco Talos discovered this vulnerability. Overview Today, Cisco Talos is disclosing a vulnerability that we identified in the MKVToolNix mkvinfo utility that parses the Matroska file format video files (.mkv files). MKVToolNix

October 18, 2018 10:48

Vulnerability Spotlight: Live Networks LIVE555 streaming media RTSPServer code execution vulnerability

These vulnerabilities were discovered by Lilith Wyatt of Cisco Talos. Cisco Talos is disclosing a code execution vulnerability that has been identified in Live Networks LIVE555 streaming media RTSPServer. LIVE555 Streaming Media is a set of open-source C++ libraries developed b