Cisco Talos Blog

September 13, 2021 10:12

Vulnerability Spotlight: Code execution vulnerability in Nitro Pro PDF

A Cisco Talos team member discovered these vulnerabilities. Cisco Talos recently discovered a vulnerability in the Nitro Pro PDF reader that could allow an attacker to execute code in the context of the application. Nitro Pro PDF is part of Nitro Software’s Productivity Suite.

September 7, 2021 11:56

Vulnerability Spotlight: Heap buffer overflow vulnerability in Ribbonsoft dxflib library

Lilith >_> of Cisco Talos discovered this vulnerability. Cisco Talos recently discovered an exploitable heap-based buffer overflow vulnerability in Ribbonsoft’s dxflib library that could lead to code execution. The dxflib library is a C++ library utilized by digital desig

August 19, 2021 07:58

Malicious Campaign Targets Latin America: The seller, The operator and a curious link

By Asheer Malhotra and Vitor Ventura, with contributions from Vanja Svajcer. * Cisco Talos has observed a new malware campaign delivering commodity RATs, including njRAT and AsyncRAT. * The campaign targets travel and hospitality organizations in Latin America. * Techniques

August 17, 2021 08:01

Neurevt trojan takes aim at Mexican users

By Chetan Raghuprasad, with contributions from Vanja Svajcer. News summary * Cisco Talos discovered a new version of the Neurevt trojan with spyware and backdoor capabilities in June 2021 using Cisco Secure Endpoint product telemetry. * This version of Neurevt appears to tar

August 13, 2021 14:23

Vulnerability Spotlight: Memory corruption vulnerability in Daemon Tools Pro

Piotr Bania of Cisco Talos discovered this vulnerability. Cisco Talos recently discovered a memory corruption vulnerability in Disc Soft Ltd.'s Daemon Tools Pro. Daemon Tools Pro is a professional emulation software that works with disc images and virtual drives. It allows

August 13, 2021 13:12

Threat Roundup for August 6 to August 13

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Aug. 6 and Aug. 13. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting ke

August 13, 2021 10:43

Vulnerability Spotlight: Multiple integer overflow vulnerabilities in GPAC Project on Advanced Content

A Cisco Talos team member discovered these vulnerabilities. Cisco Talos recently discovered multiple integer overflow vulnerabilities in the GPAC Project on Advanced Content that could lead to memory corruption. The GPAC Project on Advanced Content is an open-source cross-platf

August 12, 2021 18:33

Vice Society leverages PrintNightmare in ransomware attacks

Executive Summary Another threat actor is actively exploiting the so-called PrintNightmarevulnerability (CVE-2021-1675 / CVE-2021-34527) in Windows' print spooler service to spread laterally across a victim's network as part of a recent ransomware attack, according to Ci

August 12, 2021 08:00

Signed MSI files, Raccoon and Amadey are used for installing ServHelper RAT

By Vanja Svajcer. News summary * Group TA505 has been active for at least seven years, making wide-ranging connections with other threat actors involved in ransomware, stealing credit card numbers and exfiltrating data. One of the common tools in TA505's arsenal is ServH