Checkrain fake iOS jailbreak leads to click fraud
By Warren Mercer and Paul Rascagneres. Introduction Attackers are capitalizing on the recent discovery of a new vulnerability that exists across legacy iOS hardware. Cisco Talos recently discovered a malicious actor using a fake website that claims to give iPhone users the abil
Open Document format creates twist in maldoc landscape
By Warren Mercer and Paul Rascagneres. Introduction Cisco Talos recently observed attackers changing the file formats they use in an attempt to thwart common antivirus engines. This can happen across other file formats, but today, we are showing a change of approach for an acto
How Tortoiseshell created a fake veteran hiring website to host malware
By Warren Mercer and Paul Rascagneres with contributions from Jungsoo An. Introduction Cisco Talos recently discovered a threat actor attempting to take advantage of Americans who may be seeking a job, especially military veterans. The actor, previously identified by Symantec a
DNSpionage brings out the Karkoff
Update 4/24: The C2 section below now includes details around the XOR element of the C2 communication system. Executive summary In November 2018, Cisco Talos discovered an attack campaign, called DNSpionage, in which threat actors created a new remote administrative tool that
DNSpionage Campaign Targets Middle East
Update 2018-11-27 15:30:00 EDT: A Russian-language document has been removed. Subsequent analysis leads us to believe it is unrelated to this investigation Executive Summary Cisco Talos recently discovered a new campaign targeting Lebanon and the United Arab Emirates (UAE) aff
Vulnerability in the Intel Unified Shader compiler for the Intel Graphics Accelerator
Malicious MDM: Let's Hide This App
This blog post is authored byWarren Mercer and Paul Rascagneres with contributions from Nick Biasini Summary Since our initial discovery of a malicious mobile device management (MDM) platform that was loading fake applications onto smartphones, we have gained greater insight in
Advanced Mobile Malware Campaign in India uses Malicious MDM
Summary Cisco Talos has identified a highly targeted campaign against 13 iPhones which appears to be focused on India. The attacker deployed an open-source mobile device management (MDM) system to control enrolled devices. At this time, we don't know how the attacker managed
Vulnerability Spotlight: Multiple Antenna House Vulnerabilities
Discovered by Marcin Noga of Cisco Talos Overview Cisco Talos has identified six vulnerabilities in the Antenna House Office Server Document Converter (OSDC). These vulnerabilities can be used to remotely execute code on a vulnerable system. Antenna House Office Server Documen