Although there was a decrease in BEC engagements from last quarter, it was still a major threat for the second quarter in a row. This article has been indexed from Cisco Talos Blog Read the original article: IR Trends: Ransomware…
Category: Cisco Talos Blog
A (somewhat) complete timeline of Talos’ history
Relive some of the major cybersecurity incidents and events that have shaped Talos over the past 10 years. This article has been indexed from Cisco Talos Blog Read the original article: A (somewhat) complete timeline of Talos’ history
It’s best to just assume you’ve been involved in a data breach somehow
Telecommunications provider AT&T disclosed earlier this month that adversaries stole a cache of data that contained the phone numbers and call records of “nearly all” of its customers. This article has been indexed from Cisco Talos Blog Read the original…
Checking in on the state of cybersecurity and the Olympics
Even if a threat actor isn’t successful in some widespread breach that makes international headlines, even smaller-scale threats and actors are just hoping to cause chaos. This article has been indexed from Cisco Talos Blog Read the original article: Checking…
Impact of data breaches is fueling scam campaigns
Data breaches have become one of the most crucial threats to organizations across the globe, and they’ve only become more prevalent and serious over time. A data breach occurs when unauthorized individuals gain access to sensitive, protected or confidential…
15 vulnerabilities discovered in software development kit for wireless routers
Talos researchers discovered these vulnerabilities in the Jungle SDK while researching other vulnerabilities in the LevelOne WBR-6013 wireless router. This article has been indexed from Cisco Talos Blog Read the original article: 15 vulnerabilities discovered in software development kit for…
Hidden between the tags: Insights into spammers’ evasion techniques in HTML Smuggling
Talos is releasing a new list of CyberChef recipes that enable faster and easier reversal of encoded JavaScript code contained in the observed HTML attachments. This article has been indexed from Cisco Talos Blog Read the original article: Hidden between…
Inside the ransomware playbook: Analyzing attack chains and mapping common TTPs
Based on a comprehensive review of more than a dozen prominent ransomware groups, we identified several commonalities in TTPs, along with several notable differences and outliers. This article has been indexed from Cisco Talos Blog Read the original article: Inside…
Largest Patch Tuesday in 3 months includes 5 critical vulnerabilities
This is the largest Patch Tuesday since April, when Microsoft patched 150 vulnerabilities. This article has been indexed from Cisco Talos Blog Read the original article: Largest Patch Tuesday in 3 months includes 5 critical vulnerabilities
How do cryptocurrency drainer phishing scams work?
In recent months, a surge in cryptodrainer phishing attacks has been observed, targeting cryptocurrency holders with sophisticated schemes aimed at tricking them into divulging their valuable credentials. This article has been indexed from Cisco Talos Blog Read the original article:…
We’re not talking about cryptocurrency as much as we used to, but there are still plenty of scammers out there
A report in March found that 72% of cryptocurrency projects had died since 2020, with crypto trading platform FTX’s downfall taking out many of them in one fell swoop. This article has been indexed from Cisco Talos Blog Read the…
Snowflake isn’t an outlier, it’s the canary in the coal mine
By Nick Biasini with contributions from Kendall McKay and Guilherme Venere Headlines continue to roll in about the many implications and follow-on attacks originating from leaked and/or stolen credentials for the Snowflake cloud data platform. Adversaries obtained stolen login credentials…
Multiple vulnerabilities in TP-Link Omada system could lead to root access
Affected devices could include wireless access points, routers, switches and VPNs. This article has been indexed from Cisco Talos Blog Read the original article: Multiple vulnerabilities in TP-Link Omada system could lead to root access
SneakyChef espionage group targets government agencies with SugarGh0st and more infection techniques
Cisco Talos recently discovered an ongoing campaign from SneakyChef, a newly discovered threat actor using SugarGh0st malware, as early as August 2023. This article has been indexed from Cisco Talos Blog Read the original article: SneakyChef espionage group targets government…
Unveiling SpiceRAT: SneakyChef’s latest tool targeting EMEA and Asia
Cisco Talos discovered a new remote access trojan (RAT) dubbed SpiceRAT, used by the threat actor SneakyChef in a recent campaign targeting government agencies in EMEA and Asia. This article has been indexed from Cisco Talos Blog Read the original…
Tabletop exercises are headed to the next frontier: Space
More on the recent Snowflake breach, MFA bypass techniques and more. This article has been indexed from Cisco Talos Blog Read the original article: Tabletop exercises are headed to the next frontier: Space
How are attackers trying to bypass MFA?
Exploring trends on how attackers are trying to manipulate and bypass MFA, as well as when/how attackers will try their ‘push-spray’ MFA attacks This article has been indexed from Cisco Talos Blog Read the original article: How are attackers trying…
Exploring malicious Windows drivers (Part 2): the I/O system, IRPs, stack locations, IOCTLs and more
As the second entry in our “Exploring malicious Windows drivers” series, we will continue where the first left off: Discussing the I/O system and IRPs. This article has been indexed from Cisco Talos Blog Read the original article: Exploring malicious…
How we can separate botnets from the malware operations that rely on them
A botnet is a network of computers or other internet-connected devices that are infected by malware and controlled by a single threat actor or group. This article has been indexed from Cisco Talos Blog Read the original article: How we…
Operation Celestial Force employs mobile and desktop malware to target Indian entities
Cisco Talos is disclosing a new malware campaign called “Operation Celestial Force” running since at least 2018. It is still active today, employing the use of GravityRAT, an Android-based malware, along with a Windows-based malware loader we track as “HeavyLift.”…
Only one critical issue disclosed as part of Microsoft Patch Tuesday
The lone critical security issue is a remote code execution vulnerability due to a use-after-free issue in the HTTP handling function of Microsoft Message Queuing. This article has been indexed from Cisco Talos Blog Read the original article: Only one…
The sliding doors of misinformation that come with AI-generated search results
AI’s integration into search engines could change the way many of us interact with the internet. This article has been indexed from Cisco Talos Blog Read the original article: The sliding doors of misinformation that come with AI-generated search results
DarkGate switches up its tactics with new payload, email templates
This post was authored by Kalpesh Mantri. Cisco Talos is actively tracking a recent increase in activity from malicious email campaigns containing a suspicious Microsoft Excel attachment that, when opened, infected the victim's system with the DarkGate malware. These campaigns,…
New banking trojan “CarnavalHeist” targets Brazil with overlay attacks
Since February 2024, Cisco Talos has been observing an active campaign targeting Brazilian users with a new banking trojan called “CarnavalHeist.” Many of the observed tactics, techniques and procedures (TTPs) are common among other banking trojans coming out of Brazil.…
Attackers are impersonating a road toll payment processor across the U.S. in phishing attacks
Drivers from New York to Georgia and Pennsylvania have received these types of texts with equally convincing phishing text messages and lure pages. This article has been indexed from Cisco Talos Blog Read the original article: Attackers are impersonating a…
LilacSquid: The stealthy trilogy of PurpleInk, InkBox and InkLoader
By Anna Bennett, Nicole Hoffman, Asheer Malhotra, Sean Taylor and Brandon White. Cisco Talos is disclosing a new suspected data theft campaign, active since at least 2021, we attribute to an advanced persistent threat actor (APT) we’re calling “LilacSquid.” LilacSquid’s…
Out-of-bounds reads in Adobe Acrobat; Foxit PDF Reader contains vulnerability that could lead to SYSTEM-level privileges
Acrobat, one of the most popular PDF readers currently available, contains two out-of-bounds read vulnerabilities that could lead to the exposure of sensitive contents of arbitrary memory in the application. This article has been indexed from Cisco Talos Blog Read…
New Generative AI category added to Talos reputation services
Generative AI applies to any site “whose primary purpose is to use artificial intelligence models to generate output in the form of text, audio, video or images based on user-supplied prompts.” This article has been indexed from Cisco Talos Blog…
Apple and Google are taking steps to curb the abuse of location-tracking devices — but what about others?
Since the advent of products like the Tile and Apple AirTag, both used to keep track of easily lost items like wallets, keys and purses, bad actors and criminals have found ways to abuse them. These adversaries can range from…
From trust to trickery: Brand impersonation over the email attack vector
Cisco recently developed and released a new feature to detect brand impersonation in emails when adversaries pretend to be a legitimate corporation. This article has been indexed from Cisco Talos Blog Read the original article: From trust to trickery: Brand…
Rounding up some of the major headlines from RSA
Here’s a rundown of some things you may have missed if you weren’t able to stay on top of the things coming out of the conference. This article has been indexed from Cisco Talos Blog Read the original article: Rounding…
Talos releases new macOS open-source fuzzer
Compared to fuzzing for software vulnerabilities on Linux, where most of the code is open-source, targeting anything on macOS presents a few difficulties. This article has been indexed from Cisco Talos Blog Read the original article: Talos releases new macOS…
Only one critical vulnerability included in May’s Microsoft Patch Tuesday; One other zero-day in DWN Core
The lone critical security issue is CVE-2024-30044, a remote code execution vulnerability in SharePoint Server. This article has been indexed from Cisco Talos Blog Read the original article: Only one critical vulnerability included in May’s Microsoft Patch Tuesday; One other…
Talos joins CISA to counter cyber threats against non-profits, activists and other at-risk communities
Commercial spyware tools can threaten democratic values by enabling governments to conduct covert surveillance on citizens, undermining privacy rights and freedom of expression. This article has been indexed from Cisco Talos Blog Read the original article: Talos joins CISA to…
A new alert system from CISA seems to be effective — now we just need companies to sign up
Under a pilot program, CISA has sent out more than 2,000 alerts to registered organizations regarding the existence of any unpatched vulnerabilities in CISA’s KEV catalog. This article has been indexed from Cisco Talos Blog Read the original article: A…
Talos discloses multiple zero-day vulnerabilities, two of which could lead to code execution
Two vulnerabilities in this group — one in the Tinyroxy HTTP proxy daemon and another in the stb_vorbis.c file library — could lead to arbitrary code execution, earning both issues a CVSS score of 9.8 out of 10. This article…
What can we learn from the passwords used in brute-force attacks?
There are some classics on this list — the ever-present “Password” password, Passw0rd (with a zero, not an “O”) and “123456.” This article has been indexed from Cisco Talos Blog Read the original article: What can we learn from the…
Vulnerabilities in employee management system could lead to remote code execution, login credential theft
Talos also recently helped to responsibly disclose and patch other vulnerabilities in the Foxit PDF Reader and two open-source libraries that support the processing and handling of DICOM files. This article has been indexed from Cisco Talos Blog Read the…
Cisco Talos at RSAC 2024
With RSAC just a week away, Cisco Talos is gearing up for another year of heading to San Francisco to share in some of the latest major cybersecurity announcements, research and news. This article has been indexed from Cisco Talos…
James Nutland studies what makes threat actors tick, growing our understanding of the current APT landscape
Nutland says he goes into every engagement or new project with a completely open mind and a blank slate — using his background investigating terror operations to find out as much as he can about a particular adversary’s operation. This…
The private sector probably isn’t coming to save the NVD
Plus, new details emerge on the Scattered Spider cybercrime network and ArcaneDoor. This article has been indexed from Cisco Talos Blog Read the original article: The private sector probably isn’t coming to save the NVD
Talos IR trends: BEC attacks surge, while weaknesses in MFA persist
Within BEC attacks, adversaries will send phishing emails appearing to be from a known or reputable source making a valid request, such as updating payroll direct deposit information. This article has been indexed from Cisco Talos Blog Read the original…
ArcaneDoor – New espionage-focused campaign found targeting perimeter network devices
ArcaneDoor is a campaign that is the latest example of state-sponsored actors targeting perimeter network devices from multiple vendors. Coveted by these actors, perimeter network devices are the perfect intrusion point for espionage-focused campaigns. This article has been indexed from…
Suspected CoralRaider continues to expand victimology using three information stealers
By Joey Chen, Chetan Raghuprasad and Alex Karkins. Cisco Talos discovered a new ongoing campaign since at least February 2024, operated by a threat actor distributing three famous infostealer malware, including Cryptbot, LummaC2 and Rhadamanthys. Talos also discovered a new…
What’s the deal with the massive backlog of vulnerabilities at the NVD?
Given the state of the NVD and vulnerability management, we felt it was worth looking at the current state of the NVD, how we got to this point, what it means for security teams, and where we go from here.…
Could the Brazilian Supreme Court finally hold people accountable for sharing disinformation?
At most, someone who intentionally or repeatedly shares information on their social platform that’s misleading or downright false may have their account blocked, suspended or deleted. This article has been indexed from Cisco Talos Blog Read the original article: Could…
OfflRouter virus causes Ukrainian users to upload confidential documents to VirusTotal
During a threat-hunting exercise, Cisco Talos discovered documents with potentially confidential information originating from Ukraine. The documents contained malicious VBA code, indicating they may be used as lures to infect organizations. This article has been indexed from Cisco Talos Blog…
Large-scale brute-force activity targeting VPNs, SSH services with commonly used login credentials
Cisco Talos would like to acknowledge Brandon White of Cisco Talos and Phillip Schafer, Mike Moran, and Becca Lynch of the Duo Security Research team for their research that led to identification of these attacks. Cisco Talos is actively monitoring…
The internet is already scary enough without April Fool’s jokes
The security community is still reflecting on the “What If” of the XZ backdoor. This article has been indexed from Cisco Talos Blog Read the original article: The internet is already scary enough without April Fool’s jokes
Vulnerability in some TP-Link routers could lead to factory reset
There are also two out-of-bounds write vulnerabilities in the AMD Radeon user mode driver for DirectX 11. This article has been indexed from Cisco Talos Blog Read the original article: Vulnerability in some TP-Link routers could lead to factory reset
April’s Patch Tuesday includes 150 vulnerabilities, 60 which could lead to remote code execution
Starry Addax targets human rights defenders in North Africa with new malware
There are plenty of ways to improve cybersecurity that don’t involve making workers return to a physical office
An April 2023 study from Kent State University found that remote workers are more likely to be vigilant of security threats and take actions to ward them off than their in-office counterparts. This article has been indexed from Cisco Talos…
CoralRaider targets victims’ data and social media accounts
Cisco Talos discovered a new threat actor we’re calling “CoralRaider” that we believe is of Vietnamese origin and financially motivated. CoralRaider has been operating since at least 2023, targeting victims in several Asian and Southeast Asian countries. This article has…
Adversaries are leveraging remote access tools now more than ever — here’s how to stop them
While there are many legitimate uses for this software, adversaries are also finding ways to use them for command and control in their campaigns. This article has been indexed from Cisco Talos Blog Read the original article: Adversaries are leveraging…
Enter the substitute teacher
Welcome to this week’s threat source newsletter with Jon out, you’ve got me as your substitute teacher. I’m taking you back to those halcyon days of youth and that moment when you found out that you had a sub that…
“Pig butchering” is an evolution of a social engineering tactic we’ve seen for years
In the case of pig butchering scams, it’s not really anything that can be solved by a cybersecurity solution or sold in a package. This article has been indexed from Cisco Talos Blog Read the original article: “Pig butchering” is…
New details on TinyTurla’s post-compromise activity reveal full kill chain
We now have new information on the entire kill chain this actor uses, including the tactics, techniques and procedures (TTPs) utilized to steal valuable information from their victims and propagate through their infected enterprises. This article has been indexed from…
Netgear wireless router open to code execution after buffer overflow vulnerability
There is also a newly disclosed vulnerability in a graphics driver for some NVIDIA GPUs that could lead to a memory leak. This article has been indexed from Cisco Talos Blog Read the original article: Netgear wireless router open to…
Dissecting a complex vulnerability and achieving arbitrary code execution in Ichitaro Word
Research conducted by Cisco Talos last year has uncovered multiple vulnerabilities that were rated as low-severity despite their ability to allow for full arbitrary code execution. This article examines the exploitation process step-by-step. This article has been indexed from Cisco…
The LockBit story: Why the ransomware affiliate model can turn takedowns into disruptions
Talos explores the recent law enforcement takedown of LockBit, a prolific ransomware group that claimed to resume their operations 7 days later. This article has been indexed from Cisco Talos Blog Read the original article: The LockBit story: Why the ransomware…
Not everything has to be a massive, global cyber attack
There are a few reasons why we’re so ready to jump to the “it’s a cyber attack!” This article has been indexed from Cisco Talos Blog Read the original article: Not everything has to be a massive, global cyber attack
Threat actors leverage document publishing sites for ongoing credential and session token theft
Talos IR has responded to several recent incidents in which threat actors used legitimate digital document publishing sites such as Publuu and Marq to host phishing documents as part of ongoing credential and session harvesting attacks. This article has been…
Another Patch Tuesday with no zero-days, only two critical vulnerabilities disclosed by Microsoft
March’s Patch Tuesday is relatively light, containing 60 vulnerabilities — only two labeled “critical.” This article has been indexed from Cisco Talos Blog Read the original article: Another Patch Tuesday with no zero-days, only two critical vulnerabilities disclosed by Microsoft
You’re going to start seeing more tax-related spam, but remember, that doesn’t actually mean there’s more spam
It’s important to be vigilant about tax-related scams any time these deadlines roll around, regardless of what country you’re in, but it’s not like you need to be particularly more skeptical in March and April. This article has been indexed…
The 3 most common post-compromise tactics on network infrastructure
We discuss three of the most common post-compromise tactics that Talos has observed in our threat telemetry and Cisco Talos Incident Response (Talos IR) engagements. These include modifying the device’s firmware, uploading customized/weaponized firmware, and bypassing security measures. This article…
Badgerboard: A PLC backplane network visibility module
Analysis of the traffic between networked devices has always been of interest since devices could even communicate with one another. As the complexity of networks grew, the more useful dedicated traffic analysis tools became. Major advancements have been made over…
GhostSec’s joint ransomware operation and evolution of their arsenal
Cisco Talos observed a surge in GhostSec, a hacking group’s malicious activities since this past year. GhostSec has evolved with a new GhostLocker 2.0 ransomware, a Golang variant of the GhostLocker ransomware. This article has been indexed from Cisco Talos…
Heather Couk is here to keep your spirits up during a cyber emergency, even if it takes the “Rocky” music
. The bulk of her career was with a manufacturing company working as a security and email administrator, but she uses her criminal justice degree daily now with Talos IR helping to track down bad actors or helping customers understand…
Why Apple added protection against quantum computing when quantum computing doesn’t even exist yet
Apple’s newest encryption technology, called PQ3, now secures iMessages with end-to-end encryption that is quantum-resistant. This article has been indexed from Cisco Talos Blog Read the original article: Why Apple added protection against quantum computing when quantum computing doesn’t even…
Multiple vulnerabilities in Adobe Acrobat Reader could lead to remote code execution
Other potential code execution vulnerabilities are also present in Weston Embedded µC/HTTP-server, a web server component in Weston Embedded’s in-house operating system and an open-source library that processes several types of potentially sensitive medical tests. This article has been indexed…
Stop running security in passive mode
As we begin a new year, we wanted to address one of the biggest issues we consistently see in our investigations: passive security. Incident response engagements are an important part of our work and the intelligence-gathering process and their associated…
TimbreStealer campaign targets Mexican users with financial lures
Talos has observed a phishing spam campaign targeting potential victims in Mexico, luring users to download a new obfuscated information stealer we’re calling TimbreStealer, which has been active since at least November 2023. This article has been indexed from Cisco…
TikTok’s latest actions to combat misinformation shows it’s not just a U.S. problem
Fake news, disinformation, misinformation – whatever label you want to put on it – will not just go away if one election in the U.S. goes one way or the other. This article has been indexed from Cisco Talos Blog…
TinyTurla-NG in-depth tooling and command and control analysis
Cisco Talos, in cooperation with CERT.NGO, has discovered new malicious components used by the Turla APT. New findings from Talos illustrate the inner workings of the command and control (C2) scripts deployed on the compromised WordPress servers utilized in the…
How CVSS 4.0 changes (or doesn’t) the way we see vulnerability severity
While distilling risk down to a simple numerical score is helpful for many in the security space, it is also an imperfect system that can often leave out important context. This article has been indexed from Cisco Talos Blog Read…
Astaroth, Mekotio & Ousaban abusing Google Cloud Run in LATAM-focused malware campaigns
Google Cloud Run is currently being abused in high-volume malware distribution campaigns, spreading several banking trojans such as Astaroth (aka Guildma), Mekotio and Ousaban to targets across Latin America and Europe. The volume of emails associated with these campaigns has…
Why the toothbrush DDoS story fooled us all
There was about a 24-hour period where many news outlets reported on a reported DDoS attack that involved a botnet made up of thousands of internet-connected toothbrushes. This article has been indexed from Cisco Talos Blog Read the original article:…
TinyTurla Next Generation – Turla APT spies on Polish NGOs
Cisco Talos has identified a new backdoor authored and operated by the Turla APT group, a Russian cyber espionage threat group. This new backdoor we’re calling “TinyTurla-NG” (TTNG) is similar to Turla’s previously disclosed implant, TinyTurla, in coding style and…
How are attackers using QR codes in phishing emails and lure documents?
QR code attacks are particularly dangerous because they move the attack vector off a protected computer and onto the target’s personal mobile device, which usually has fewer security protections in place and ultimately has the sensitive information that attackers are…
First Microsoft Patch Tuesday zero-day of 2024 disclosed as part of group of 75 vulnerabilities
Although considered of moderate risk, one of the vulnerabilities is being actively exploited in the wild — CVE-2024-21351, a security feature bypass vulnerability in Windows SmartScreen. This article has been indexed from Cisco Talos Blog Read the original article: First…
Spyware isn’t going anywhere, and neither are its tactics
For their part, the U.S. did roll out new restrictions on the visas of any foreign individuals who misuse commercial spyware. This article has been indexed from Cisco Talos Blog Read the original article: Spyware isn’t going anywhere, and neither…
New Zardoor backdoor used in long-term cyber espionage operation targeting an Islamic organization
Talos discovered a new, stealthy espionage campaign that has likely persisted since at least March 2021. The observed activity affects an Islamic non-profit organization using backdoors for a previously unreported malware family we have named “Zardoor.” This article has been…
New Zardoor backdoor used in long-term cyber espionage operation targeting Islamic organization
Talos discovered a new, stealthy espionage campaign that has likely persisted since at least March 2021. The observed activity affects an Islamic non-profit organization using backdoors for a previously unreported malware family we have named “Zardoor.” This article has been…
How are user credentials stolen and used by threat actors?
You’ve probably heard the phrase, “Attackers don’t hack anyone these days. They log on.” In this blog, we describe the various tools and techniques bad actors are using to steal credentials so they can ‘log on’ with valid account details,…
The many ways electric cars are vulnerable to hacks, and whether that matters in a real-world
Researchers recently discovered 49 zero-day vulnerabilities, including a two-vulnerability exploit chain in Tesla cars that could allow an attacker to take over the onboard infotainment system. This article has been indexed from Cisco Talos Blog Read the original article: The…
OAS Engine Deep Dive: Abusing low-impact vulnerabilities to escalate privileges
Open Automation Software recently released patches for multiple vulnerabilities in their OAS Engine. Cisco Talos publicly disclosed these issues after working with Open Automation Software to ensure that patches were available for users. Now that a fix has been released…
Why is the cost of cyber insurance rising?
Cyber insurance premiums are expected to rise this year after leveling out in 2023. This article has been indexed from Cisco Talos Blog Read the original article: Why is the cost of cyber insurance rising?
Significant increase in ransomware activity found in Talos IR engagements, while education remains one of the most-targeted sectors
Talos IR observed operations involving Play, Cactus, BlackSuit and NoEscape ransomware for the first time this quarter. This article has been indexed from Cisco Talos Blog Read the original article: Significant increase in ransomware activity found in Talos IR engagements,…
What to do with that fancy new internet-connected device you got as a holiday gift
There are many examples of WiFi-enabled home cameras, assistants and doorbells vulnerable to a wide range of security issues. This article has been indexed from Cisco Talos Blog Read the original article: What to do with that fancy new internet-connected…
Exploring malicious Windows drivers (Part 1): Introduction to the kernel and drivers
Exploring malicious Windows drivers (Part 1): Introduction to the kernel and drivers Drivers have long been of interest to threat actors, whether they are exploiting vulnerable drivers or creating malicious ones. Malicious drivers are difficult to detect and successfully leveraging…
Microsoft starts off new year with relatively light Patch Tuesday, no zero-days
One of the critical vulnerabilities patched Tuesday is CVE-2024-20674, a security bypass vulnerability in the Windows Kerberos authentication protocol. This article has been indexed from Cisco Talos Blog Read the original article: Microsoft starts off new year with relatively light…
New decryptor for Babuk Tortilla ransomware variant released
Cisco Talos obtained executable code capable of decrypting files affected by the Babuk Tortilla ransomware variant, allowing Talos to extract and share the private decryption key used by the threat actor. This article has been indexed from Cisco Talos Blog…
Video series discussing the major threat actor trends from 2023
In this video series, Talos’ Director of Threat Intelligence and Interdiction Matt Olney and Head of Outreach Nick Biasini share their insights on the most significant cybersecurity threats from the past year. This article has been indexed from Cisco Talos…
Intellexa and Cytrox: From fixer-upper to Intel Agency-grade spyware
Talos revealed that rebooting an iOS or Android device may not remove the Predator spyware produced by Intellexa. Intellexa knows if their customers intend to perform surveillance operations on foreign soil. This article has been indexed from Cisco Talos Blog…
Year in Malware 2023: Recapping the major cybersecurity stories of the past year
Relive Talos’ top stories from the past year as we recap the top malware and other threats that came our way. This article has been indexed from Cisco Talos Blog Read the original article: Year in Malware 2023: Recapping the…
A personal Year in Review to round out 2023
Everyone’s New Year’s Resolution should be to stop using passwords altogether. This article has been indexed from Cisco Talos Blog Read the original article: A personal Year in Review to round out 2023
Recommendations that defenders can use from Talos’ Year in Review Report
The 2023 Talos Year in Review is full of insights on how the threat landscape has evolved. But what does that mean for defenders? This blog contains recommendations on how to gain more visibility across your network. This article has…
Microsoft releases lightest Patch Tuesday in three years, no zero-days disclosed
The company’s regular set of advisories has included a vulnerability that’s been actively exploited in the wild in 10 months this year. This article has been indexed from Cisco Talos Blog Read the original article: Microsoft releases lightest Patch Tuesday…
Operation Blacksmith: Lazarus targets organizations worldwide using novel Telegram-based malware written in DLang
By Jung soo An, Asheer Malhotra and Vitor Ventura. Cisco Talos recently discovered a new campaign conducted by the Lazarus Group we’re calling “Operation Blacksmith,” employing at least three new DLang-based malware families, two of which are remote access trojans…