Vulnerability Walkthrough: 7zip CVE-2016-2334 HFS+ Code Execution Vulnerability
This blog post was authored by Marcin Noga of Cisco Talos. Introduction In 2016 Talos released an advisory for CVE-2016-2334, which was a remote code execution vulnerability affecting certain versions of 7zip, a popular compression utility. In this blog post we will walk throug
ROKRAT Reloaded
This post was authored by Warren Mercer, Paul Rascagneres and with contributions from Jungsoo An. Executive Summary Earlier this year, Talos published 2 articles concerning South Korean threats. The first one was about the use of a malicious HWP document which dropped downloade
Talos Wins The 5th Volatility Plugin Contest With Pyrebox
Talos has won this year's 5th Volatility plugin contest with Pyrebox. Volatility is a well-known open-source framework designed to analyze operating system memory. The framework has existed since 2007. For the previous 5 years they have run a plugin contest to find the most
Beers with Talos EP 17: Greek Gods, Trojans, and the Spice Girls as Spirit Animals
Beers with Talos (BWT) Podcast Episode 17 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing: www.talosintelligence.com/podcast EP17 Show Notes: Matt hijacks the Roundtable to tell us which Spice Girl
This Holiday Season - Buy One IoT Device, Get Free CVEs
As the Internet of Things gains steam and continues to develop, so are adversaries and the threats affecting these systems. Companies throughout the world are busy deploying low cost Internet-connected computing devices (aka the Internet of Things) to solve business problems and
Threat Round Up for Nov 10 - Nov 17
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between November 10 and November 17. As with previous round-ups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highl
Vulnerability Spotlight: Multiple Remote Code Execution Vulnerabilities Within libxls
Vulnerabilities discovered by Marcin Noga of Cisco Talos Talos is releasing seven new vulnerabilities discovered within the libxls library: TALOS-2017-0403, TALOS-2017-0404, TALOS-2017-0426, TALOS-2017-0460, TALOS-2017-0461, TALOS-2017-0462, and TALOS-2017-0463. These vulnerabil
Microsoft Patch Tuesday - November 2017
Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 53 new vulnerabilities with 19 of them rated critical, 31 of them rated important and 3 of th
Vulnerability Spotlight: Multiple Vulnerabilities in Foscam C1 Indoor HD Cameras
These vulnerabilities were discovered by Claudio Bozzato of Cisco Talos. Executive Summary The Foscam C1 Indoor HD Camera is a network-based camera that is marketed for use in a variety of applications, including use as a home security monitoring device. Talos recently identifi