Threat Spotlight: Holiday Greetings from Pro PoS – Is your payment card data someone else’s Christmas present?
The post was authored by Ben Baker and Earl Carter. Payment cards without an EMV chip have reached their end-of-life. Point of Sale (PoS) malware, such as PoSeidon, has continued to threaten businesses. The news is continually filled with stories of payment card data being stole
Threat Spotlight: CryptoWall 4 - The Evolution Continues
This post is authored byAndrea Allievi and Holger Unterbrink with contributions from Warren Mercer. Executive Summary Over the past year, Talos has devoted a significant amount of time to better understanding how ransomware operates, its relation to other malware, and its ec
Microsoft Patch Tuesday - December 2015
Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release sees a total of 12 bulletins released which address 71 vulnerabilities. Eight bulletins are rated "Critical" th
Holiday Shopping Threat Avoidance
Executive Summary The holidays are upon us and the shopping season is kicking into high gear. This year, an estimated 270 million consumers will shop online and, for the first time, more than half of them will use mobile devices to check off their holiday shopping lists. With co
Microsoft Patch Tuesday - November 2015
Microsoft's Patch Tuesday has arrived. Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release contains 12 bulletins addressing 53 vulnerabilities. Four bulletins are rated
Reverse Social Engineering Tech Support Scammers
This post is authored by Jaime Filson and Dave Liebenberg. Background A mosaic made up of 1-800 tech support scam websites The amount of fraudulent actors masquerading as legitimate tech support has been on the rise since 2008. According to David Finn, executive director a
Domains of the Living Dead
According to the Centers for Disease Control and Prevention (CDC), “If you’re ready for a zombie apocalypse, then you’re ready for any emergency.” While events haven’t yet risen to the level of “zombie apocalypse”, computer attackers are continuing to use their voodoo to zombify
Cisco Identifies Multiple Vulnerabilities in Network Time Protocol daemon (ntpd)
Cisco is committed to improving the overall security of the products and services our customers rely on. As part of this commitment, Cisco assesses the security of software components used in our products. Open source software plays a key role in many Cisco products and as a resu
Dangerous Clipboard: Analysis of the MS15-072 Patch
This post was authored by Marcin Noga with contributions from Jaeson Schultz. Have you ever thought about how security researchers take a patch that has been released, and then reverse it to find the underlying security issue? Well, back In July Microsoft released security bulle