IEC 104 Protocol Detection Rules
IEC 60870-5-104 Protocol Detection Rules Cisco Talos has released 33 Snort rules which are used to analyze/inspect IEC 60870-5-104 network traffic. These rules will help Industrial Control Systems/Supervisory Control and Data Acquisition (ICS/SCADA) asset owners to allow the iden
Vulnerabiity Spotlight: Tarantool Denial of Service Vulnerabilities
Vulnerabilities discovered by Talos Talos is disclosing two denial of service vulnerabilities (CVE-2016-9036 & CVE-2016-9037) in Tarantool. Tarantool is an open-source lua-based application server. While primarily functioning as an application server, it is also capable of p
In the Eye of the Hailstorm
This blog post was authored by Jakob Dohrmann, David Rodriguez, and Jaeson Schultz. The Cisco Talos and Umbrella research teams are deploying a distributed hailstorm detection system which brings together machine learning, stream processing of DNS requests and the curated Talos
Vulnerability Spotlight: Local Denial of Service Bug in NVIDIA Windows Kernel Mode Drivers Fixed
Bugs are inevitable in complex systems and software. Operating systems and device drivers are prime examples where layers of abstraction help hide complexity and allow hardware and software to communicate. Thus, when bugs are identified that could compromise, disrupt, or bring sy
Microsoft Patch Tuesday - December 2016
The final patch Tuesday of 2016 has arrived. Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month's release contains 12 bulletins addressing 48 vulnerabilities. Six bulletins are r
Vulnerability Spotlight: Joyent SmartOS
Vulnerability discovered by Tyler Bohan Overview Talos is disclosing a series of vulnerabilities in Joyent SmartOS, specifically in the Hyprlofs filesystem. SmartOS is an open source hypervisor that is based on a branch of Opensolaris. Hyperlofs is a SmartOS in-memory filesyst
Floki Bot Strikes, Talos and Flashpoint Respond
This blog post was authored by Ben Baker, Edmund Brumaghin, Mariano Graziano, and Jonas Zaddach Executive Summary Floki Bot is a new malware variant that has recently been offered for sale on various darknet markets. It is based on the same codebase that was used by the infamo
Vulnerability Spotlight: ImageMagick Convert Tiff Out of Bounds Write
Vulnerability discovered by Tyler Bohan Overview Talos is disclosing TALOS-2016-0216 / CVE-2016-8707, an out of bounds write vulnerability in ImageMagick. ImageMagick is a photo editing software program that allows users to edit and manipulate various types of image files. This
