New Research Paper: Prevalence and impact of low-entropy packing schemes in the malware ecosystem
Detection of malware is a constant battle between the technologies designed to detect and prevent malware and the authors creating them. One common technique adversaries leverage is packing binaries. Packing an executable is similar to applying compression or encryption and can i
Vulnerability Spotlight: Multiple vulnerabilities in Moxa AWK-3131A
Jared Rittle and Carl Hurd of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. The Moxa AWK-3131A networking device contains several different vulnerabilities that an attacker could exploit to carry out malicious activities in an industrial environment. The AWK
Threat Roundup for February 14 to February 21
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Feb. 14 and Feb. 21. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting k
Threat Source newsletter (Feb. 20, 2020)
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. We’ve got more ways than ever for you to get Talos content. We continue to grow our YouTube page with the second ent
ObliqueRAT: New RAT hits victims' endpoints via malicious documents
By Asheer Malhotra. * Cisco Talos has observed a malware campaign that utilizes malicious Microsoft Office documents (maldocs) to spread a remote access trojan (RAT) we’re calling “ObliqueRAT.” * These maldocs use malicious macros to deliver the second stage RAT payload. *
Cisco Talos Incident Response "Stories from the Field" #2: When do lawyers get involved?
The second video in our "Stories in the Field" series from Cisco Talos Incident Response is here, with Matt Aubert talking about lawyers. While getting a general counsel involved may seem like an arduous process for many incident response teams, Matt Aubert argues in t
Vulnerability Spotlight: Memory corruption, DoS vulnerabilities in CoTURN
Aleksandar Nikolic of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. CoTURN contains denial-of-service and memory corruption vulnerabilities in the way its web server parses POST requests. CoTURN is a TURN server implementation that can be used as a general- pur
Building a bypass with MSBuild
By Vanja Svajcer. NEWS SUMMARY * Living-off-the-land binaries (LoLBins) continue to pose a risk to security defenders. * We analyze the usage of the Microsoft Build Engine by attackers and red team personnel. * These threats demonstrate techniques T1127 (Trusted Developer
Beers with Talos Ep. #72: Getting to Patch Day - Understanding Vulnerability Risks and Options
Beers with Talos (BWT) Podcast episode No. 72 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Recorded Jan. 31, 2020 When a vulnerability is released, regardless if it has a website and logo