Blog
Recent
- May 2, 2019 April 23, 2019
May 2, 2019 14:00

Threat Source (May 2, 2019)

By Jonathan Munshaw
Threat Source newsletter
May 2, 2019 11:04

Qakbot levels up with new obfuscation techniques

Executive summary Qakbot, also known as Qbot, is a well-documented banking trojan that has been around since 2008. Recent Qakbot campaigns, however, are utilizing an updated persistence mechanism that can make it harder for users to detect and remove the trojan. Qakbot is known

By Ashlee Benge, Nick Randolph
Threat Spotlight
April 30, 2019 14:00

Sodinokibi ransomware exploits WebLogic Server vulnerability

By Pierre Cadieux, Colin Grady, Jaeson Schultz and Matt Valites. Attackers are actively exploiting a recently disclosed vulnerability in Oracle WebLogic to install a new variant of ransomware called "Sodinokibi." Sodinokibi attempts to encrypt data in a user's dire

By Cisco Talos
Threat Advisory
April 30, 2019 10:39

Beers with Talos Ep. #52: I don't trust you because I care

By Mitch Neff
Beers with Talos
April 26, 2019 14:01

Threat Roundup for April 19 to April 26

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between April 19 and April 26. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting

By William Largent
Threat Roundup
April 25, 2019 14:06

Vulnerability Spotlight: Multiple vulnerabilities in Sierra Wireless AirLink ES450

Several exploitable vulnerabilities exist in the Sierra Wireless AirLink ES450, an LTE gateway designed for distributed enterprise, such as retail point-of-sale or industrial control systems. These flaws present a number of attack vectors for a malicious actor, and could allow th

By Carl Hurd, Jared Rittle
Vulnerability Spotlight
April 25, 2019 14:00

Threat Source (April 25)

By Jonathan Munshaw
Threat Source newsletter
April 25, 2019 11:00

JasperLoader Emerges, Targets Italy with Gootkit Banking Trojan

Nick Biasini and Edmund Brumaghin authored this blog post with contributions from Andrew Williams. Introduction to JasperLoader Malware loaders are playing an increasingly important role in malware distribution. They give adversaries the ability to gain an initial foothold on a

By Edmund Brumaghin
April 23, 2019 19:02

Vulnerability Spotlight: Symantec Endpoint Protection kernel memory information disclosure vulnerability

Marcin Noga of Cisco Talos discovered this vulnerability. Overview Cisco Talos is disclosing an information leak vulnerability in the ccSetx86.sys kernel driver of Symantec Endpoint Protection Small Business Edition. The vulnerability exists in the driver’s control message ha

By Jonathan Munshaw
Vulnerability Spotlight