WastedLocker Goes "Big-Game Hunting" in 2020
By Ben Baker, Edmund Brumaghin, JJ Cummings and Arnaud Zobec. Threat summary * After initially compromising corporate networks, the attacker behind WastedLocker performs privilege escalation and lateral movement prior to activating ransomware and demanding ransom payment. *
Threat Source newsletter for July 2, 2020
Good afternoon, Talos readers. Our latest research you should catch up on is the Valak malware. This information-stealer sneaks its way onto victim machines by hijacking legitimate email threads. The threat actors send their phishing emails and attachments in email threads, hop
Vulnerability Spotlight: Google Chrome PDFium memory corruption vulnerability
Aleksandar Nikolic of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. The PDF renderer inside Google Chrome, known as PDFium, contains a memory corruption vulnerability that could be exploited by an adversary. PDFium is open-source software that is utilized in th
Beers with Talos Ep. #86: It’s just an exploit popularity contest...
If iTunes and Google Play aren't your thing, click here. By Mitch Neff. Recorded June 5, 2020 Prod. Note: The team decided to hold back on releasing a few episodes for a period of time, acknowledging that there are voices people need to hear more than ours discussing issues
Vulnerability Spotlight: Information disclosure vulnerability in Mozilla Firefox
Cisco Talos recently discovered an information disclosure vulnerability in Mozilla Firefox. An attacker can exploit this bug by tricking a user into visiting a specially crafted web page through the browser. If successful, the adversary could use leaked memory to bypass ASLR an
Vulnerability Spotlight: Remote code execution vulnerabilities in LEADTOOLS 20
Cisco Talos recently discovered a remote code execution vulnerability in the LEADTOOLS line of imaging toolkits. LEADTOOLS is a collection of toolkits designed to perform a variety of functions aimed at integrating documents, multimedia and imaging technologies into applications.
Threat Spotlight: Valak Slithers Its Way Into Manufacturing and Transportation Networks
By Nick Biasini, Edmund Brumaghin and Mariano Graziano. Threat summary * Attackers are actively distributing the Valak malware family around the globe, with enterprises, in particular, being targeted. * These campaigns make use of existing email threads from compromised acco
PROMETHIUM extends global reach with StrongPity3 APT
By Warren Mercer, Paul Rascagneres and Vitor Ventura. News summary * The threat actor behind StrongPity is not deterred despite being exposed multiple times over the past four years. * They continue to expand their victimology and attack seemingly non related countries. *
Beers with Talos Ep. #85: The In-Between, Vol. 5
If iTunes and Google Play aren't your thing, click here. Recorded May 29, 2020 Prod. Note: Things are a hot mess right now and the team thinks that there are voices you have needed to hear more than ours, so we held back on releasing a few episodes. We are releasing those n