Vulnerability Spotlight: Power Software PowerISO ISO Code Execution Vulnerabilities

/in /von

By Talos Group These vulnerabilities were discovered by Piotr Bania of Cisco Talos. Today, Talos is releasing details of a new vulnerability discovered within the Power Software PowerISO disk imaging software. TALOS-2017-0318 and TALOS-2017-0324 may allow an attacker to execute arbitrary code remotely on the vulnerable system when a specially crafted ISO image is opened and parsed by […]

Source:: Cisco Security Notice

Vulnerability Spotlight: AntennaHouse DMC Library Arbitrary Code Execution Flaws

/in /von

By Talos Group These vulnerabilities were discovered by Marcin ‘Icewall‘ Noga of Talos. Today, Talos is disclosing several vulnerabilities that have been identified in the AntennaHouse DMC library which is used in various products for web-based document searching and rendering. These vulnerabilities manifest as a failure to correctly parse Microsoft Office documents and could be exploited to achieve […]

Source:: Cisco Security Notice

Vulnerability Spotlight: AntennaHouse DMC Library Arbitrary Code Execution Flaws

/in /von

By Talos Group These vulnerabilities were discovered by Marcin ‘Icewall‘ Noga of Talos. Today, Talos is disclosing several vulnerabilities that have been identified in the AntennaHouse DMC library which is used in various products for web-based document searching and rendering. These vulnerabilities manifest as a failure to correctly parse Microsoft Office documents and could be exploited to achieve […]

Source:: Cisco Security Notice

Gmail Worm Requiring You To Give It A Push And Apparently You All Are Really Helpful

/in /von

By Talos Group This post authored Sean Baird and Nick Biasini Attackers are always looking for creative ways to send large amount of spam to victims. A short-lived, but widespread Google Drive themed phishing campaign has affected a large number of users across a variety of verticals. This campaign would be bcc’d to a target while being sent […]

Source:: Cisco Security Notice

Gmail Worm Requiring You To Give It A Push And Apparently You All Are Really Helpful

/in /von

By Talos Group This post authored Sean Baird and Nick Biasini Attackers are always looking for creative ways to send large amount of spam to victims. A short-lived, but widespread Google Drive themed phishing campaign has affected a large number of users across a variety of verticals. This campaign would be bcc’d to a target while being sent […]

Source:: Cisco Security Notice

KONNI: A Malware Under The Radar For Years

/in /von

By Talos Group Over the past 3 years, Talos has been monitoring the KONNI Remote Administration Tool, which we has not been described elsewhere. During this time it has managed to avoid scrutiny by the security community. The most recent version of the malware allows the operator to steal files, keystrokes, perform screenshots, and execute arbitrary code on […]

Source:: Cisco Security Notice

KONNI: A Malware Under The Radar For Years

/in /von

By Talos Group Over the past 3 years, Talos has been monitoring the KONNI Remote Administration Tool, which we has not been described elsewhere. During this time it has managed to avoid scrutiny by the security community. The most recent version of the malware allows the operator to steal files, keystrokes, perform screenshots, and execute arbitrary code on […]

Source:: Cisco Security Notice

Threat Round-up for Apr 21 – Apr 28

/in /von

By Talos Group Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between April 21 and April 28. As with previous round-ups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavior characteristics, indicators of compromise, and how our customers are automatically […]

Source:: Cisco Security Notice

Threat Round-up for Apr 21 – Apr 28

/in /von

By Talos Group Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between April 21 and April 28. As with previous round-ups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavior characteristics, indicators of compromise, and how our customers are automatically […]

Source:: Cisco Security Notice

Respecting Customer Privacy is Not an Option

/in /von

By Greg Rasner There was recent news of a multi-billion dollar start-up that utilized an actual customer’s network environment for sales demonstrations. To make matters worse, the practice went on for years, without the customer’s (which happened to be a medical facility) permission or knowledge (which had the potential of violating The Health Insurance Portability and Accountability Act […]

Source:: Cisco Security Notice