The MeDoc Connection
Summary The Nyetya attack was a destructive ransomware variant that affected many organizations inside of Ukraine and multinational corporations with operations in Ukraine. In cooperation with Cisco Advanced Services Incident Response, Talos identified several key aspects of the
MBRFilter - Can't Touch This!
Update: 10/20/2016 - MBRFilter has been intentionally made difficult to remove to prevent malware from simply disabling or removing this protection during the infection process. Test thoroughly before deploying within production environments. Summary Ransomware has become incr
Microsoft Update Tuesday October 2013: Another IE 0-day release
This month's Microsoft Tuesday Update brings us 8 bulletins for a total of 26 CVEs. Four of these bulletins are marked as critical, while the rest are marked as important. First, let's take a look at the 4 critical bulletins: The most important update this month is a cu
Microsoft Update Tuesday August 2013: More font issues, some interesting DoSes
It's a pretty standard month for Update Tuesday this time around. There's a total of 8 bulletins, covering 23 CVE issues. This bulletin addresses the final 2 issues reported during CanSecWest's Pwn2Own. As usual, there's the requisite IE bulletin (MS13-059), whic
Microsoft Update Tuesday: July 2013: an issue of TrueType fonts
This month's Update Tuesday looks pretty interesting. As usual, there's quite a few CVEs covered and most of them are once again in IE: there's a total of 7 bulletins, covering 34 CVE issues. However, one CVE is shared between 3 bulletins. MS13-052 covers the .NET fr
Microsoft Update Tuesday, June 2013: mostly about Internet Explorer
Another month brings us another Update Tuesday. This month is pretty light with respect to the updates that Microsoft is releasing. They're releasing a total of 5 bulletins, covering 23 CVEs. First and foremost are the critical updates for Internet Explorer (MS13-047). They
Microsoft Update Tuesday: Update for IE8 0-day and More
Today is Update Tuesday and Microsoft is releasing updates for 33 CVEs across 10 bulletins. We'll be discussing some of the highlights here. One of the most important updates (MS13-038) that is being released is for the recent 0-day in Internet Explorer, which was used in a
25 years of vulnerabilities: 1988-2012, the report
We here at the VRT are all about backing up opinions with facts, and there are a lot of opinions about the nature of the vulnerability landscape out there. That in mind, we decided recently to study the numbers, and put conventional wisdom to the test. At a high level, the numbe
25 years of vulnerabilities: 1988-2012
While the answers to some of these questions are predictable, others are surprising. We will be presenting the answers to these questions in a talk at RSA Conference San Francisco 2013. If you're attending RSA and are interested in the answers to these questions, please join