HackDig : Dig high-quality web security articles for hacker

Talos Team discovered serious issues in Aerospike Database Server

Security experts from Cisco Talos discovered several flaws in the Aerospike Database Server, a high-performance, and open source NoSQL database. Security experts from Cisco Talos have discovered several vulnerabilities in the Aerospike Database Server, a high-performance, and open source NoSQL database. It is used by several major brands for high-performance
Publish At:2017-01-15 11:55 | Read:3567 | Comments:0 | Tags:Breaking News Hacking Aerospike Database database Talos

How to recover files encrypted by all Teslacrypt Ransomware variants

Experts from Cisco Talos team have improved their decryptor tool to allow the recovery of files encrypted by all the Teslacrypt Ransomware variants In May, criminals behind the TeslaCrypt ransomware leaked online the master encryption key that allowed security experts to develop a decryption tool for the last variant of the threat. “In surprising end to Tesl
Publish At:2016-06-12 01:45 | Read:4490 | Comments:0 | Tags:Breaking News Cyber Crime Malware Cybercrime extortion malwa

Microsoft Patch Tuesday – March 2016

Patch Tuesday for March 2016 has arrived. Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release contains 13 bulletins addressing 44 vulnerabilities. Five bulletins are rated critical and address vulnerabilities in Edge, Graphic Fonts, Internet Explorer, W
Publish At:2016-03-09 08:15 | Read:3015 | Comments:0 | Tags:Threat Research internet explorer Microsoft office patch tue

Bedep Lurking in Angler’s Shadows

This post is authored by Nick Biasini.In October 2015, Talos released our detailed investigation of the Angler Exploit Kit which outlined the infrastructure and monetary impact of an exploit kit campaign delivering ransomware. During the investigation we found that two thirds of Angler’s payloads were some variation of ransomware and noted one of the o
Publish At:2016-02-09 17:00 | Read:2976 | Comments:0 | Tags:Threat Research 0-day Adobe Flash angler Bedep Talos Threat

The Internet of Things Is Not Always So Comforting

Over the past few years, the Internet of Things (IoT) has emerged as reality with the advent of smart refrigerators, smart HVAC systems, smart TVs, and more. Embedding internet-enabled devices into everything presents new opportunities in connecting these systems to each other, making them “smarter,” and making our lives more convenient than ever
Publish At:2016-02-08 22:55 | Read:3147 | Comments:0 | Tags:Threat Research 0-day IoT Talos Trane vulnerability Vulnerab

Vulnerability Spotlight: Libgraphite Font Processing Vulnerabilities

Vulnerabilities Discovered by Yves Younan of Cisco Talos.Talos is releasing an advisory for four vulnerabilities that have been found within the Libgraphite library, which is used for font processing in Linux, Firefox, OpenOffice, and other major applications. The most severe vulnerability results from an out-of-bounds read which the attacker can use to achi
Publish At:2016-02-05 22:35 | Read:3018 | Comments:0 | Tags:Threat Research Talos Vulnerability Research Vulnerability

Bypassing MiniUPnP Stack Smashing Protection

This post was authored by Aleksandar Nikolic, Warren Mercer, and Jaeson Schultz.SummaryMiniUPnP is commonly used to allow two devices which are behind NAT firewalls to communicate with each other by opening connections in each of the firewalls, commonly known as “hole punching”. Various software implementations of this technique enable various peer-to-peer s
Publish At:2016-01-27 21:35 | Read:2806 | Comments:0 | Tags:Threat Research miniupnp Talos Vulnerability Research

The Value of Collaboration in Weakening Attackers

Today’s attackers deploy complex and clever threats that are difficult to combat with just one method of defense. In some cases, defenders must go beyond tools for detecting attacks and devise a different approach for obstructing our adversaries’ ability to operate.As detailed in the Cisco 2016 Annual Security Report, recent collaborative efforts between Cis
Publish At:2016-01-21 02:50 | Read:3367 | Comments:0 | Tags:Security 2016 Annual Security Report 2016 ASR angler SSHPsyc

Microsoft Patch Tuesday – January 2016

The first Patch Tuesday of 2016 has arrived. Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release is relatively light with nine bulletins addressing 25 vulnerabilities. Six bulletins are rated critical and address vulnerabilities in Edge, Internet Explor
Publish At:2016-01-12 19:55 | Read:3241 | Comments:0 | Tags:Threat Research ASLR bypass Microsoft patch tuesday remote c

Rigging compromise – RIG Exploit Kit

This Post was Authored by Nick Biasini, with contributions by Joel EslerExploit Kits are one of the biggest threats that affects users, both inside and outside the enterprise, as it indiscriminately compromises simply by visiting a web site, delivering a malicious payload. One of the challenges with exploit kits is at any given time there are numerous kits a
Publish At:2016-01-07 13:20 | Read:3383 | Comments:0 | Tags:Threat Research RIG EK Talos exploit

Microsoft Patch Tuesday – December 2015

Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release sees a total of 12 bulletins released which address 71 vulnerabilities. Eight bulletins are rated “Critical” this month and address vulnerabilities in Graphics Component, Edge, Internet Exp
Publish At:2015-12-09 04:05 | Read:2419 | Comments:0 | Tags:Threat Research 0-day ms tuesday patch tuesday Talos

Microsoft Patch Tuesday – November 2015

Microsoft’s Patch Tuesday has arrived. Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release contains 12 bulletins addressing 53 vulnerabilities. Four bulletins are rated critical and address vulnerabilities in Edge, Internet Explorer, Windows Journ
Publish At:2015-11-11 07:40 | Read:2602 | Comments:0 | Tags:Threat Research Microsoft patch tuesday Snort Talos

Support Scams: Talos Takes Note

Support Scams: Talos Takes Note Posted by David Harley on November 6, 2015.Threat Intelligence Service Talos, which describes itself as ‘the primary member of the Cisco’s Collective Security Intelligence (CSI) ecosystem’, has turned its attention to tech support scams
Publish At:2015-11-08 02:05 | Read:3365 | Comments:0 | Tags:David Harley Talos TeamViewer Virus Bulletin

Reverse Social Engineering Tech Support Scammers

This post is authored by Jaime Filson and Dave Liebenberg.BackgroundA mosaic made up of 1-800 tech support scam websitesThe amount of fraudulent actors masquerading as legitimate tech support has been on the rise since 2008. According to David Finn, executive director at the Microsoft Cybercrime Center, tech support scammers have made nearly $1.5 billion off
Publish At:2015-11-06 01:40 | Read:2992 | Comments:0 | Tags:Threat Research Apple fraud mac scam social engineering Talo

Cisco Identifies Multiple Vulnerabilities in Network Time Protocol daemon (ntpd)

Cisco is committed to improving the overall security of the products and services our customers rely on. As part of this commitment, Cisco assesses the security of software components used in our products. Open source software plays a key role in many Cisco products and as a result, ensuring the security of open source software components is vital, especiall
Publish At:2015-10-22 01:30 | Read:2408 | Comments:0 | Tags:Threat Research ASIG NTP Talos time Vulnerability Research

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud