How the new Talos IR Cyber Range can prepare your employees for a cyber attack
By Gerard Johansen, Charles Iszard and Luke DuCharme. With the surge of ransomware attacks, information leaks and other cyber attacks in the headlines, most companies and organizations are aware that their employees need to be trained on how to stay safe online. But the real cha
Threat Source newsletter (Nov. 14, 2019)
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. It was all about the bugs this week. Patch Tuesday was especially busy for us, including our usual recap of all the
Custom dropper hide and seek
Hunting for LoLBins
By Vanja Svajcer. Introduction Attackers' trends tend to come and go. But one popular technique we're seeing at this time is the use of living-off-the-land binaries — or "LoLBins". LoLBins are used by different actors combined with fileless malware and legiti
Vulnerability Spotlight: Command injection bug in Exhibitor UI
Logan Sanderson of Cisco ASIG discovered this vulnerability. Exhibitor Web UI contains an exploitable command injection vulnerability in its Config editor. Exhibitor is a ZooKeeper supervisory process. Exhibitor's Web UI does not have any form of authentication, and prior to
Vulnerability Spotlight: Denial-of-service vulnerability in Intel IGC64 graphics driver
Piotr Bania of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Intel’s IGC64.dll graphics driver contains a denial-of-service vulnerability. An attacker could exploit this bug by supplying a malformed pixel shader if the graphics driver is operating inside a VMwa
Microsoft Patch Tuesday — Nov. 2019: Vulnerability disclosures and Snort coverage
By Jon Munshaw. Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday discloses 75 vulnerabilities, 13 of which are considered "critical," with the rest being deemed "impo
Vulnerability Spotlight: Remote code execution vulnerability in Microsoft Media Foundation
Marcin Noga of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Microsoft Media Foundation’s framework contains a remote code execution vulnerability that exists due to a use-after-free condition. This specific bug lies in Media Foundation's MPEG4 DLL. An atta
Vulnerability Spotlight: Remote code execution vulnerability in Microsoft Excel
Marcin “Icewall” Noga of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered a remote code execution vulnerability in Microsoft Excel. Microsoft disclosed this bug as part of their monthly security update Tuesday. This vulnerability ex