New PXA Stealer targets government and education sectors for sensitive information
4 4
Cisco Talos discovered a new information stealing campaign operated by a Vietnamese-speaking threat actor targeting government and education entities in Europe and Asia.
#cti #ioc #python #Vietnam #stealer #TopStory #pxastealer #coralraider #infostealer #threatintel
20h ago
1 2
In recent investigations, Talos Incident Response has observed the BlackByte ransomware group using techniques that depart from their established tradecraft. Read the full analysis.
on Sep 5
November Patch Tuesday release contains three critical remote code execution vulnerabilities
0 1
The Patch Tuesday for November of 2024 includes 91 vulnerabilities, including two that Microsoft marked as “critical.” The remaining 89 vulnerabilities listed are classified as “important.”
on Wed, 12AM
Unwrapping the emerging Interlock ransomware attack
0 2
Cisco Talos Incident Response (Talos IR) recently observed an attacker conducting big-game hunting and double extortion attacks using the relatively new Interlock ransomware.
on Mon, 8PM
Threat Spotlight: WarmCookie/BadSpace
0 0
WarmCookie is a malware family that emerged in April 2024 and has been distributed via regularly conducted malspam and malvertising campaigns.
on Nov 3
NVIDIA shader out-of-bounds and eleven LevelOne router vulnerabilities
0 0
Cisco Talos' Vulnerability Research team recently discovered five Nvidia out-of-bounds access vulnerabilities in shader processing, as well as eleven LevelOne router vulnerabilities spanning a range of possible exploits. For Snort coverage that can detect the exploitation of these...
on Oct 31
Threat actors use copyright infringement phishing lure to deploy infostealers
0 1
* Cisco Talos has observed an unknown threat actor conducting a phishing campaign targeting Facebook business and advertising account users in Taiwan. * The decoy email and fake PDF filenames are designed to impersonate a company's legal department, attempting to lure the victim into...
on Oct 31
Writing a BugSleep C2 server and detecting its traffic with Snort
0 0
This blog will demonstrate the practice and methodology of reversing BugSleep’s protocol, writing a functional C2 server, and detecting this traffic with Snort.
on Oct 30
How LLMs could help defenders write better and faster detection
0 0
Can LLM tools actually help defenders in the cybersecurity industry write more effective detection content? Read the full research
on Oct 25
Talos IR trends Q3 2024: Identity-based operations loom large
0 0
Credential theft was the main goal in 25% of incidents last quarter, and new ransomware variants made their appearance - read more about the top trends, TTPs, and security weaknesses that facilitated adversary actions.
on Oct 24
Highlighting TA866/Asylum Ambuscade Activity Since 2021
0 0
TA866 (also known as Asylum Ambuscade) is a threat actor that has been conducting intrusion operations since at least 2020.
on Oct 23
Threat actor abuses Gophish to deliver new PowerRAT and DCRAT
0 0
Cisco Talos recently discovered a phishing campaign using an open-source phishing toolkit called Gophish by an unknown threat actor.
on Oct 22
Akira ransomware continues to evolve
0 0
As the Akira ransomware group continues to evolve its operations, Talos has the latest research on the group's attack chain, targeted verticals, and potential future TTPs.
on Oct 21
Protecting major events: An incident response blueprint
0 0
Go behind the scenes with Talos incident responders and learn from what we've seen in the field.
on Oct 18
What I’ve learned in my first 7-ish years in cybersecurity
0 0
Plus, a zero-day vulnerability in Qualcomm chips, exposed health care devices, and the latest on the Salt Typhoon threat actor.
on Oct 17
0 0
Talos also discovered three vulnerabilities in Veertu’s Anka Build, a suite of software designed to test macOS or iOS applications in CI/CD environments.
on Oct 17
UAT-5647 targets Ukrainian and Polish entities with RomCom malware variants
0 0
By Dmytro Korzhevin, Asheer Malhotra, Vanja Svajcer and Vitor Ventura. * Cisco Talos has observed a new wave of attacks active since at least late 2023, from a Russian speaking group we track as “UAT-5647”, against Ukrainian government entities and unknown Polish entities. * UAT-5647 is...
on Oct 17
What NIST’s latest password standards mean, and why the old ones weren’t working
0 0
Rather than setting a regular cadence for changing passwords, users only need to change their passwords if there is evidence of a breach.
on Oct 17
Ghidra data type archive for Windows driver functions
0 0
Cisco Talos is releasing a GDT file on GitHub that contains various definitions for functions and data types.
on Oct 10
Largest Patch Tuesday since July includes two exploited in the wild, three critical vulnerabilities
0 0
The two vulnerabilities that Microsoft reports have been actively exploited in the wild and are publicly known are both rated as only being of “moderate” severity.
on Oct 9
CISA is warning us (again) about the threat to critical infrastructure networks
0 0
Despite what lessons we thought we learned from Colonial Pipeline, none of those lessons have been able to be put into practice.
on Oct 3
Threat actor believed to be spreading new MedusaLocker variant since 2022
0 0
* Cisco Talos has discovered a financially motivated threat actor, active since 2022, recently observed delivering a MedusaLocker ransomware variant. * Intelligence collected by Talos on tools regularly employed by the threat actor allows us to see an estimate of the amount and countries of...
on Oct 3
Are hardware supply chain attacks “cyber attacks?”
0 0
It shouldn’t just be viewed as a cybersecurity issue, because for a hardware supply chain attack, an adversary would likely need to physically infiltrate or tamper with the manufacturing process.
on Sep 26
Simple Mail Transfer Pirates: How threat actors are abusing third-party infrastructure to send spam
0 0
Many spammers have elected to attack web pages and mail servers of legitimate organizations, so they may use these “pirated” resources to send unsolicited email.
on Sep 26
0 0
Talos researchers have disclosed three vulnerabilities in OpenPLC, a popular open-source programmable logic controller.
on Sep 25
Talk of election security is good, but we still need more money to solve the problem
0 0
This year, Congress only allocated $55 million in federal grant dollars to states for security and other election improvements.
on Sep 19
0 0
A June report from CyberSeek found that there are only enough skilled workers to fill 85 percent of cybersecurity jobs in America.
on Sep 13
0 0
CVE-2024-38257 is considered “less likely” to be exploited, though it does not require any user interaction or user privileges.
on Sep 11
DragonRank, a Chinese-speaking SEO manipulator service provider
0 0
Cisco Talos is disclosing a new threat called “DragonRank” that primarily targets countries in Asia and a few in Europe, operating PlugX and BadIIS for search engine optimization (SEO) rank manipulation.
on Sep 11
0 0
September’s monthly round of patches from Microsoft included 79 vulnerabilities, seven of which are considered critical.
on Sep 11
Vulnerability in Tencent WeChat custom browser could lead to remote code execution
0 0
While this issue was disclosed and patched in the V8 engine in June 2023, the WeChat Webview component was not updated, and still remained vulnerable when Talos reported it to the vendor.
on Sep 7
The 2024 Threat Landscape State of Play
0 0
Talos' Nick Biasini discusses the biggest shifts and trends in the threat landscape so far. We also focus on one state sponsored actor that has been particularly active this year, and talk about why defenders need to be paying closer attention to infostealers.
on Sep 6
The best and worst ways to get users to improve their account security
0 0
In my opinion, mandatory enrollment is best enrollment.
on Sep 5
Watch our new documentary, "The Light We Keep: A Project PowerUp Story"
0 0
The Light We Keep documentary tells the story of the consequences of electronic warfare in Ukraine and its effect on power grids across the country.
on Sep 5
0 1
Talos investigates software and operating system vulnerabilities in order to discover them before malicious threat actors do. We provide this information to vendors so that they can create patches and protect their customers as soon as possible.
on Sep 3
Threat actors using MacroPack to deploy Brute Ratel, Havoc and PhantomCore payloads
0 0
Cisco Talos recently discovered several related Microsoft Office documents uploaded to VirusTotal by various actors between May and July 2024 that were all generated by a version of a payload generator framework called “MacroPack.”
on Sep 3
MoonPeak malware from North Korean actors unveils new details on attacker infrastructure
0 1
Cisco Talos has uncovered a new remote access trojan (RAT) family we are calling “MoonPeak.” This a XenoRAT-based malware, which is under active development by a North Korean nexus cluster we are calling “UAT-5394.”
on Aug 31