CCleanup: A Vast Number of Machines at Risk
Update 9/18: CCleaner Cloud version 1.07.3191 is also reported to be affected Update 9/19: This issue was discovered and reported by both Morphisec and Cisco in separate in-field cases and reported separately to Avast. Update 9/19: There has been some confusion on how the DGA do
Delphi Used To Score Against Palestine
This blog was authored by Paul Rascagneres and Warren Mercer with contributions from Emmanuel Tacheau, Vanja Svajcer and Martin Lee. Executive Summary Talos continuously monitors malicious emails campaigns. We identified one specific spear phishing campaign launched against tar
Vulnerability Spotlight: Pharos Vulnerabilities
Discovered by Tyler Bohan of Cisco Talos. Talos would also like to thank NYU Osiris Lab for helping out with these vulnerabilities. Pharos PopUp Printer is printing software that is widely used to manage multiple connections to a single printing point. Services that run with roo
Vulnerability Deep Dive - Ichitaro Office Excel File Code Execution Vulnerability
This vulnerability was discovered by Cory Duplantis and another member of Cisco Talos Overview Vulnerabilities in word processing and office productivity suites are useful targets for exploitation by threat actors. Users frequently encounter file types used by these software s
Vulnerability Spotlight: Multiple Ichitaro Office Vulnerabilities
These vulnerabilities were discovered by Cory Duplantis and another member of Cisco Talos Talos has discovered three vulnerabilities within the Ichitaro Office suite. Ichitaro is published by JustSystems and is considered one of the more popular word processors used within Japan
When A Pony Walks Out Of A Pub
This blog was authored by Warren Mercer and Paul Rascagneres. Talos has observed a small email campaign leveraging the use of Microsoft Publisher files. These .pub files are normally used for the publishing of documents such as newsletters, allowing users to create such document
Vulnerability Spotlight - McAfee ePolicy Orchestrator DataChannel Blind SQL Injection Vulnerability
Talos is today disclosing TALOS-2016-0229 / CVE-2016-8027. This is an exploitable blind SQL injection vulnerability exists within McAfee's ePolicy Orchestrator 5.3.0 that is accessible without user authentication. A specially crafted HTTP POST can allow an attacker to alter a
Vulnerability Spotlight - LibBPG Image Decoding Code Execution
Discovered by Cisco Talos Overview Talos is disclosing TALOS-2016-0223 / CVE-2016-8710. An exploitable heap write out of bounds vulnerability exists in the decoding of BPG images in libbpg library. A crafted BPG image decoded by libbpg can cause an integer underflow vulnerabi
Vulnerability Spotlight: Iceni Argus Buffer Overflows
Vulnerabilities discovered by Marcin 'Icewall' Noga of Cisco Talos. Talos has identified two stack-based buffer overflows (TALOS-2016-0200 & TALOS-2016-0202) in the Iceni Argus pdf content extraction software. This software is used to convert a pdf document into vari