Articles about talos

Mickey Mouse

Disney-branded internet filter had Mickey Mouse security

A Disney-branded home internet filtering device might keep bad content out, but it was an open door to bad actors until earlier this month. That's what Cisco Talos's William Largent found when he took a look at "Circle with Disney", a Circle Media parental control device on which the entertainment giant slapped its brand. …
Homer Simpson

CCleaner targeted top tech companies in attempt to lift IP

Cisco's security limb Talos has probed the malware-laden CCleaner utility that Avast so kindly gave to the world and has concluded its purpose was to create secondary attacks that attempted to penetrate top technology companies. Talos also thinks the malware may have succeeded in delivering a payload to some of those firms …
Simon Sharwood, 21 Sep 2017

Microsoft won't patch Edge browser content security bypass

Which of Google, Apple and Microsoft think a content security bypass doesn't warrant a browser patch? Thanks to Cisco Talos security bod Nicolai Grødum, who found the cross-site scripting bug that affects older Chrome and Safari plus current versions of Edge, we know the answer is "Microsoft". Grødum posted news of Microsoft' …

Apache Struts 2 needs patching, without delay. It's under attack now

Infosec researchers have found a “dire” zero-day in Apache Struts 2, and it's under active attack. If you're a sysadmin using the Jakarta-based file upload Multipart parser under Apache Struts 2, Nick Biasini of Cisco's Talos advises applying the latest upgrade immediately. CVE-2017-5638 is documented at Rapid7's Metasploit …
plasters cover arm. photo by shutterstock

Talos opens box, three Aerospike vulns fly out

Aerospike NoSQL server DBAs, make sure you've rolled out version 3.11.1.1, because the vulnerabilities it fixes have been made public. Cisco Talos made the three-vuln disclosure after the fix landed, including one denial-of-service and two code execution bugs – all easy to trigger by sending crafted packets. In the DoS bug, …
Rotten apple. Pic: Shutterstock (http://www.shutterstock.com/pic-29447929/stock-photo-a-rotten-apple-on-a-white-background.html)

Wavering about Apple's latest security fix? Don't, says Talos

Here's another reason to press “install” on Apple's latest OS X and iOS security patches: a slew of image-handling vulnerabilities. Now that Apple's released the patched versions, Cisco's Talos researchers have gone public with the details of their contribution to the fixes. The most serious of the bugs is in TIFF image …
Melted chocolate clock by Emily McCracken, CC2.0 license

Time for a patch: six vulns fixed in NTP daemon

Cisco has turned over a bunch of Network Time Protocol daemon (ntpd) vulnerabilities to the Linux Foundation's Core Infrastructure Initiative. The vulnerabilities, discovered during its ongoing ntpd evaluation, “allow attackers to craft UDP packets to either cause a denial of service condition or to prevent the correct time …
Teacher

SamSam ransomware shifts from hospitals to schools via JBoss hole

Cisco has warned that the SamSam ransomware that has been plaguing US hospitals is now menacing schools, governments, and other organizations that have not kept their JBoss deployments up to date. According to the networking giant's Talos security team, SamSam exploits a hole in server middleware JBoss to drill its way into …
Iain Thomson, 19 Apr 2016
Scan Doctor Who Tardis PC case

'Malicious time source' can poison Network Time Protocol

Get busy, sysadmins, there's a bunch of network time protocol (NTP) bugs to squash. The bugs were turned up in a code audit by Cisco's Talos business (which can surely feel the coals of hell being heaped upon its head for working in a Back to the Future joke in the bug-branding). Talos has been working on the code base of the …
Cat from Cisco TV ad

Cisco tool IDs malware in the firmware

Cisco's moved on the “SYNful knock” vulnerability with a free tool letting admins test their routers for fudged firmware. The vulnerability emerged in August, when The Borg warned that its ROMMON firmware had been reverse-engineered. That meant a privileged user could flash routers with compromised versions. Within a month, …
Rat

Cisco's RAT-catchers spot sysadmin-targeted phish

File this under “it was bound to happen one day”: Cisco has spotted a targeted phishing attack based on a popular sysadmin automation tool. If someone in the “IT crowd” bunker falls for the phishing attack, Cisco's Talos Group says the payload exploits AutoIT, a scripting admin environment for Windows. Talos explains what's …
TALOS-wearing US serviceman

Coming in 2014: Scary super-soldier exoskeleton suits from the US military

The US military is accelerating its program to build a Tactical Assault Light Operator Suit (TALOS) – an exoskeleton-mounted computer system for the soldier of tomorrow. "[The] requirement is a comprehensive family of systems in a combat armor suit where we bring together an exoskeleton with innovative armor, displays for …
Iain Thomson, 31 Dec 2013
arrow pointing up

OCZ unsheathes Talos flash talons

OCZ's Talos flash drive is set to claw into the enterprise hard drive business. The Talos C Series is OCZ's 3.5-inch enterprise flash drive, in contrast to the Vertex, which is a consumer drive. Talos is a 3.5-inch, 2-bit multi-level cell solid state drive (SSD), coming in 230GB, 480GB and 960GB capacities. It can run at 50, …
Chris Mellor, 1 Aug 2011

Create a news alert about talos, or find more stories about talos.

Biting the hand that feeds IT © 1998–2017