Banking Trojan Attempts To Steal Brazillion$
This post was authored by Warren Mercer, Paul Rascagneres and Vanja Svajcer Introduction Banking trojans are among some of the biggest threats to everyday users as they directly impact the user in terms of financial loss. Talos recently observed a new campaign specific to South
FIN7 Group Uses JavaScript and Stealer DLL Variant in New Attacks
This post was authored by Michael Gorelik and Josh Reynolds Executive Summary Throughout this blog post we will be detailing a newly discovered RTF document family that is being leveraged by the FIN7 group (also known as the Carbanak gang) which is a financially-motivated grou
CCleaner Command and Control Causes Concern
Introduction Talos recently published a technical analysis of a backdoor which was included with version 5.33 of the CCleaner application. During our investigation we were provided an archive containing files that were stored on the C2 server. Initially, we had concerns about th
Beers with Talos EP 13:A Vast CCleanup, Strutting Your Stuff, and the Ex$ploit Economy
Beers with Talos (BWT) Podcast Episode 13 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing: www.talosintelligence.com/podcast Beers with Talos is a fast-paced, smart, and humorous podcast focused on sec
CCleanup: A Vast Number of Machines at Risk
Update 9/18: CCleaner Cloud version 1.07.3191 is also reported to be affected Update 9/19: This issue was discovered and reported by both Morphisec and Cisco in separate in-field cases and reported separately to Avast. Update 9/19: There has been some confusion on how the DGA do
Threat Round Up For Sept 8 - Sept 15
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between September 08 and September 15. As with previous round-ups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by hig
Beers with Talos EP12 - IrmaGerd! The Internet Ate Our Podcast!
Beers with Talos (BWT) Podcast Episode 12 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing: www.talosintelligence.com/podcast Beers with Talos is a fast-paced, smart, and humorous podcast focused on sec
Deep Dive in MarkLogic Exploitation Process via Argus PDF Converter
This post authored by Marcin Noga with contributions from William Largent Talos discovers and responsibly discloses software vulnerabilities on a regular basis. Occasionally we publish a deep technical analysis of how the vulnerability was discovered or its potential impact. I
Vulnerability Spotlight: YAML Parsing Remote Code Execution Vulnerabilities in Ansible Vault and Tablib
Vulnerabilities discovered by Cory Duplantis of Talos. Talos is disclosing the presence of remote code execution vulnerabilities in the processing of Yet Another Markup Language (YAML) content in Ansible Vault and Tablib. Attackers can exploit these vulnerabilities through suppl