Sundown EK: You Better Take Care
This post was authored by Nick Biasini Over the last six months the exploit kit landscape has seen some major changes. These changes began with Nuclear ceasing operations in April/May and arrests in Russia coinciding with the end of Angler in June. Recently, Neutrino has been a
Vulnerability Spotlight: Iceni Argus Buffer Overflows
Vulnerabilities discovered by Marcin 'Icewall' Noga of Cisco Talos. Talos has identified two stack-based buffer overflows (TALOS-2016-0200 & TALOS-2016-0202) in the Iceni Argus pdf content extraction software. This software is used to convert a pdf document into vari
Vulnerability Spotlight: LibTIFF Issues Lead To Code Execution
These Vulnerabilities were discovered by Tyler Bohan of Cisco Talos. Talos is releasing multiple vulnerabilities (TALOS-2016-0187, TALOS-2016-0190 & TALOS-2016-0205) in the LibTIFF library . One vulnerability (TALOS-2016-0187) is an exploitable heap based buffer overflow tha
Pumpkin Spiced Locky
This post was authored by Warren Mercer & Edmund Brumaghin Summary We had .locky, we had .odin and then we had .zepto but today we hit rock bottom and we now have Locky using .shit as their encrypted file extension. In today's latest wave of spam, Talos has observed
MBRFilter - Can't Touch This!
Update: 10/20/2016 - MBRFilter has been intentionally made difficult to remove to prevent malware from simply disabling or removing this protection during the infection process. Test thoroughly before deploying within production environments. Summary Ransomware has become incr
Vulnerability Spotlight: Hopper Disassembler ELF Section Header Size Code Execution
Vulnerability Discovered by Tyler Bohan and Cory Duplantis of Cisco Talos Talos has identified an exploitable out-of-bounds write vulnerability in the ELF Section Header parsing functionality of Hopper (TALOS-2016-0222/CVE-2016-8390). Hopper is a reverse engineering tool for mac
Vulnerability Spotlight: Foxit PDF Reader JBIG2 Parser Information Disclosure
Vulnerability discovered by Aleksandar Nikolic of Talos. Talos has identified an information disclosure vulnerability in Foxit PDF Reader (TALOS-2016-0201/CVE-2016-8334). A wrongly bounded call to `memcpy`, while parsing jbig2 segments within a PDF file, can be triggered in Foxi
LockyDump - All Your Configs Are Belong To Us
This post was authored by Warren Mercer and Matthew Molyett Summary Locky has continued to evolve since its inception in February 2016. This has made it difficult to track at times due to changes in the way in which it's distributed as well as various characteristics of the
Microsoft Patch Tuesday - October 2016
Patch Tuesday has once again arrived! Microsoft's monthly release of security bulletins to address vulnerabilities provides fixes for 37 newly disclosed security flaws. Today's release sees a total of 10 bulletins with five of the bulletins rated critical and address vuln