NavRAT Uses US-North Korea Summit As Decoy For Attacks In South Korea
This blog post is authored by Warren Mercer and Paul Rascagneres with contributions from Jungsoo An. Executive Summary Talos has discovered a new malicious Hangul Word Processor (HWP) document targeting Korean users. If a malicious document is opened, a remote access trojan tha
Vulnerability Spotlight: MySQL Multi-Master Manager Remote Command Injection Vulnerability
Discovered by Matthew Van Gundy of Asig Overview Today, Talos is releasing details of a new vulnerability within MySQL Multi-Master Manager. This is used to perform monitoring, failover and management of MySQL master-master replication configurations. By using MySQL MMM (Mu
Vulnerability Spotlight: Adobe Acrobat Reader DC Document ID Remote Code Execution Vulnerability
Discovered by Aleksandar Nikolic of Cisco Talos Overview Today, Talos is releasing details of a new vulnerability within Adobe Acrobat Reader DC. Adobe Acrobat Reader is the most popular and most feature-rich PDF reader. It has a big user base, is usually a default PDF reader
Olympic Destroyer Takes Aim At Winter Olympics
This blog post is authored by Warren Mercer and Paul Rascagneres. Ben Baker and Matthew Molyett contributed to this post. Update 2/13 08:30 We have updated the information regarding the use of stolen credentials Update 2/12 12:00: We have updated the destructor section with ac
Flash 0-Day In The Wild: Group 123 At The Controls
This blog post is authored by Warren Mercer and Paul Rascagneres. Executive Summary The 1st of February, Adobe published an advisory concerning a Flash vulnerability (CVE-2018-4878). This vulnerability is a use after free that allows Remote Code Execute through a malformed Flas
“Cyber Conflict” Decoy Document Used In Real Cyber Conflict
Update 10/23: CCDCOE released a statement today on their website Introduction Cisco Talos discovered a new malicious campaign from the well known actor Group 74 (aka Tsar Team, Sofacy, APT28, Fancy Bear…). Ironically the decoy document is a deceptive flyer relating to the Cyb
Banking Trojan Attempts To Steal Brazillion$
This post was authored by Warren Mercer, Paul Rascagneres and Vanja Svajcer Introduction Banking trojans are among some of the biggest threats to everyday users as they directly impact the user in terms of financial loss. Talos recently observed a new campaign specific to South
CCleaner Command and Control Causes Concern
Introduction Talos recently published a technical analysis of a backdoor which was included with version 5.33 of the CCleaner application. During our investigation we were provided an archive containing files that were stored on the C2 server. Initially, we had concerns about th