Matryoshka Doll Reconnaissance Framework
This post authored by David Maynor & Paul Rascagneres with the contribution of Alex McDonnell and Matthew Molyett Overview Talos has identified a malicious Microsoft Word document with several unusual features and an advanced workflow, performing reconnaissance on the ta
Vulnerability Spotlight - LibBPG Image Decoding Code Execution
Discovered by Cisco Talos Overview Talos is disclosing TALOS-2016-0223 / CVE-2016-8710. An exploitable heap write out of bounds vulnerability exists in the decoding of BPG images in libbpg library. A crafted BPG image decoded by libbpg can cause an integer underflow vulnerabi
Vulnerability Spotlight: Adobe Acrobat Reader DC jpeg Decoder Vulnerability
Discovered by Aleksandar Nikolic of Cisco Talos Overview Talos is disclosing TALOS-2016-0259 / CVE-2017-2971 an uninitialized memory vulnerability in Adobe Acrobat Reader DC. Adobe Acrobat Reader is one of the largest and well known PDF readers available today. This particul
Without Necurs, Locky Struggles
This post authored by Nick Biasini with contributions from Jaeson Schultz Locky has been a devastating force for the last year in the spam and ransomware landscape. The Locky variant of ransomware has been responsible for huge amounts of spam messages being sent on a daily basis
Vulnerability Spotlight: Multiple Code Execution Vulnerabilities in Oracle Outside In Technology
These vulnerabilities were discovered by Aleksandar Nikolic of Cisco Talos. Summary Oracle's Outside In Technology (OIT) is a set of SDKs that software developers can use to perform various actions against a large number of different file formats. According to the OIT web
Vulnerability Spotlight: Exploiting the Aerospike Database Server
Vulnerabilities discovered by Talos Talos is disclosing multiple vulnerabilities discovered in the Aerospike Database Server. These vulnerabilities range from memory disclosure to potential remote code execution. This software is used by various companies that require a high per
Shadow Brokers Malware Coverage
The Shadow Brokers released what appears to be a series of windows rootkit components in a farewell message. The malware released included many Windows malware files that supposedly all trigger as either “equationdrug.generic” or “equationdrug.k” by the Kaspersky security produc
Microsoft Patch Tuesday - January 2017
Happy New Year to our readers! Today marks the first Patch Tuesday of 2017 with Microsoft releasing their monthly set of bulletins designed to address security vulnerabilities. This month's release is relatively light with 4 bulletins addressing 3 vulnerabilities. Two bulleti
Cisco Coverage for 'GRIZZLY STEPPE'
Over the past several weeks, there have been ongoing discussions regarding cyber attacks that have occurred against several political, governmental, and private sector entities in the United States. These discussions have revolved around allegations that these cyber attacks were