Today we analyze an SMB worm that uses GMAIL for C&C checkins and drops a backdoor on infected machines.

a new 'security' feature in macOS 10.13, is trivial to bypass

Finding, exploiting and leveraging vulnerabilities in Apple's Call Relay protocol to build a spy program. CVE: 2016-4635, 2016-4721, 2016-4722, 2016-7577

Deserialization of untrusted user data caused a remote code execution vulnerability in Apache Struts. This post explained how QL, lgtm's query language, was used to find this vulnerability.

3 points and 2 comments so far on reddit

Since I’ve been asked if this is possible - well…you can do Dll Injection using C# but the injected Dll must be written in a language that doesn’t depend on a CLR (C/C++ would be a good option here, but...

A blog from the world class Intelligence Group, Talos, Cisco's Intelligence Group

MITRE ATT&CK Matrix flattened and mapped by category to threat actor groups and software examples of each attack.

WIP

Linux
Windows
CmdStager
ARCH_CMD
check

I’ve recently noticed a spike in questions from our customers -- and specifically security analysts -- about App Transport Security (ATS), or

In one of our previous posts, we noted that a popular tool – Responder – uses Basic Authentication prompts to harvest user credentials when they accidentally enter invalid domains in we…

August is always full of security awareness in the wake of DefCon, BlackHat USA and t...

CloudFlare can be subverted, exposing the real IP addresses of cloud targets. You can use CFire to identify misconfigurations in your cloud architecture.

A blog from the world class Intelligence Group, Talos, Cisco's Intelligence Group