Korean MalDoc Drops Evil New Years Presents
This blog was authored by Warren Mercer and Paul Rascagneres. Executive Summary Talos has investigated a targeted malware campaign against South Korean users. The campaign was active between November 2016 and January 2017, targeting a limited number of people. The infection ve
Vulnerability Spotlight: Multiple Vulnerabilities in the Aerospike NoSQL Database Server
Vulnerabilities discovered by Talos Talos is releasing multiple vulnerabilities discovered in the Aerospike Database Server. These vulnerabilities range from Denial of Service to potential remote code execution. This software is used by various companies that require a high perf
Cisco Coverage for 'Magic Hound'
'Magic Hound' is the code name used to reference a seemingly limited series of malware distribution campaigns that were observed targeting organizations in Saudi Arabia as well as organizations with business interests in Saudi Arabia. Similar to other malware distribution
Vulnerability Spotlight: Apple Garage Band Out of Bounds Write Vulnerability
Discovered by Tyler Bohan of Cisco Talos Overview Talos is disclosing TALOS-2016-0262 (CVE-2017-2372) and TALOS-2017-0275 (CVE-2017-2374), an out of bounds write vulnerability in Apple GarageBand. GarageBand is a music creation program, allowing users to create and edit music
Cisco Coverage for 'Ticketbleed'
Vulnerability Details A vulnerability (CVE-2016-9244) was recently disclosed affecting various F5 products due to the way in which the products handle Session IDs when the non-default Session Tickets option is enabled. By manipulating the Session IDs provided to affected products
Go RAT, Go! AthenaGo points “TorWords” Portugal
This post was authored by Edmund Brumaghin with contributions from Angel Villegas Summary Talos is constantly monitoring the threat landscape in an effort to identify changes in the way attackers are attempting to target organizations around the world. We identified a unique m
When A Pony Walks Out Of A Pub
This blog was authored by Warren Mercer and Paul Rascagneres. Talos has observed a small email campaign leveraging the use of Microsoft Publisher files. These .pub files are normally used for the publishing of documents such as newsletters, allowing users to create such document
Vulnerability Spotlight - McAfee ePolicy Orchestrator DataChannel Blind SQL Injection Vulnerability
Talos is today disclosing TALOS-2016-0229 / CVE-2016-8027. This is an exploitable blind SQL injection vulnerability exists within McAfee's ePolicy Orchestrator 5.3.0 that is accessible without user authentication. A specially crafted HTTP POST can allow an attacker to alter a
EyePyramid: An Archaeological Journey
This post authored by Mariano Graziano and Paul Rascagneres Summary The last few days a malware sample named EyePyramid has received considerable attention, especially in Italy. The Italian police have arrested two suspects and also published a preliminary report of the investi