On Conveying Doubt
This post was authored by Matt Olney. Typically, Talos has the luxury of time when conducting research. We can carefully draft a report that clearly lays out the evidence and leads the reader to a clear understanding of our well supported findings. A great deal of time is spent
Threat Round-up for July 28 - August 4
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between July 28 and August 04. As with previous round-ups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlightin
Vulnerability Spotlight: Kakadu SDK Vulnerabilities
Vulnerabilities discovered by Aleksandar Nikolic and Tyler Bohan of Cisco Talos. Today, Talos is disclosing multiple vulnerabilities that have been identified in the Kakadu JPEG 2000 SDK. The vulnerabilities manifest in a way that could be exploited if a user opens a specificall
Taking the FIRST look at Crypt0l0cker
This post is authored by Matthew Molyett. Executive Summary In March, Talos reported on the details of Crypt0l0cker based on an extensive analysis I carried out on the sample binaries. Binaries -- plural -- because, as noted in the original blog, the Crypt0l0cker payload levera
Vulnerability Spotlight: EZB Systems UltraISO ISO Parsing Code Execution Vulnerability
Discovered by Piotr Bania of Cisco Talos. Today, Talos is releasing details of a new vulnerability discovered within the EZB Systems UltraISO ISO disk image creator software. TALOS-2017-0342 (CVE-2017-2840) may allow an attacker to execute arbitrary code remotely on the vulnerab
Vulnerability Spotlight: FreeRDP Multiple Vulnerabilities
Vulnerabilities discovered by Tyler Bohan of Talos Overview Talos has discovered multiple vulnerabilities in the FreeRDP product. FreeRDP is a free implementation of the Remote Desktop Protocol (RDP) originally developed by Microsoft. RDP allows users to connect remotely to s
Threat Round-up for July 14 - July 21
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between July 14 and July 21. As with previous round-ups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting
Vulnerability Spotlight: Multiple Vulnerabilities in CorelDRAW X8
Today, Talos is disclosing several vulnerabilities that have been identified in CorelDRAW X8. CorelDRAW X8 is graphics suite used for manipulating raster and vector images and is a common alternative to Adobe Creative Cloud. Several of the vulnerabilities being disclosed today s
Vulnerabilities in ProcessMaker, WebFOCUS, and OpenFire Identified and Patched
Today, Talos is disclosing several vulnerabilities that have been identified by Portcullis in various software products. All four vulnerabilities have been responsibly disclosed to each respective developer in order ensure they are addressed. In order better protect our customers