What's new arround internet
Last one

Src Date (GMT) Titre Description Tags Stories Notes
2022-03-31 11:00:00 Threat Source newsletter (March 31, 2022) - Is "Fortnite" a Metaverse? (lien direct) By Jon Munshaw.  Welcome to this week's edition of the Threat Source newsletter.  By now, anyone on the internet has pondered the question: “Is a hot dog a sandwich?” (My two cents: Yes, absolutely.)  Now as we move into the new internet age and onto Web 3.0 and NFTs instead of... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat
2022-03-24 11:00:00 Threat Source newsletter (March 24, 2022) - Channelling productive worry to help Ukraine (lien direct)   By Jon Munshaw.  Welcome to this week's edition of the Threat Source newsletter.  The war in Ukraine has involved misinformation since before Russia's ground forces invaded the country. So, it's not really a shock that we've reached the stage of information warfare where deepfake... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat
2022-03-17 11:00:00 Threat Source newsletter (March 17, 2022) - Channelling productive worry to help Ukraine (lien direct) By Jon Munshaw.  Welcome to this week's edition of the Threat Source newsletter. Cisco Talos continues to be heads-down working on the current Ukraine situation. This is incredibly difficult for everyone across the globe, especially for those directly affected. But that doesn't mean those of... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat
2022-03-16 06:03:11 Preparing for denial-of-service attacks with Talos Incident Response (lien direct) By Yuri Kramarz.  Over the years, several extorsion-style and politically motivated denial-of-service attacks increased and still pose a threat to businesses and organizations of any size that can find themselves in the crosshairs of various malicious campaigns.   A detailed... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat
2022-03-14 05:01:25 Threat Advisory: Opportunistic cyber criminals take advantage of Ukraine invasion (lien direct) By Edmund Brumaghin, with contributions from Jonathan Byrne, Perceo Lemos and Vasileios Koutsoumpogeras. Executive Summary Since the beginning of the war in Ukraine, we have observed threat actors using email lures with themes related to the conflict, including humanitarian assistance and various... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat
2022-03-10 11:00:00 Talos Threat Source newsletter (March 10, 2022) - Fake social media posts spread in wake of Ukraine invasion (lien direct) By Jon Munshaw.  Welcome to this week's edition of the Threat Source newsletter - complete with a new format and feel.   First off, it goes without saying, but we're all heartbroken by the crisis happening in Ukraine. Our hearts are with the people of Ukraine, our employees and their... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat
2022-03-01 16:36:24 Crowd-sourced attacks present new risk of crisis escalation (lien direct) Authored by Matt OlneyExecutive SummaryAn unpredictable and largely unknown set of actors present a threat to organizations, despite their sometimes unsophisticated techniques. Customers who are typically focused on top-tier, state-sponsored attacks should remain aware of these highly motivated... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat
2022-02-24 13:03:04 Current executive guidance for ongoing cyberattacks in Ukraine (lien direct) Cyber threat activity against Ukraine, and around the world, has long been a central focus of our work. We continue to monitor the Ukraine-Russia situation by enacting a comprehensive, Talos-wide effort to provide support to our partners and customers. These actions include issuing new Cisco... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat
2022-02-09 05:06:14 What\'s with the shared VBA code between Transparent Tribe and other threat actors? (lien direct) By Vanja Svajcer and Vitor Ventura. Recently, we've been researching several threat actors operating in South Asia: Transparent Tribe, SideCopy, etc., that deploy a range of remote access trojans (RATs). After a hunting session in our malware sample repositories and VirusTotal while looking into... [[ This is only the beginning! Please visit the blog for the complete entry ]] Malware Threat APT 36
2022-01-27 08:12:08 (Déjà vu) Beers with Talos, Ep. #115: Everybody\'s measured by quarters - even threat actors (lien direct) Beers with Talos (BWT) Podcast episode No. 115 is now available. Download this episode and subscribe to Beers with Talos: Apple Podcasts  Google Podcasts  Spotify  StitcherRecorded Jan. 14, 2022. If iTunes and Google Play aren't your thing, click here. We wanted... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat ★★★★
2021-12-27 06:00:00 2021: Looking back on the year in malware and cyber attacks, from SolarWinds to Log4j (lien direct) By Jon Munshaw. It seems like we were just recovering from the aftermath of the massive SolarWinds campaign a month or two ago. And now suddenly, it's been a year since one of the largest cyber attacks in history and moving onto another threat that could last for years.  That just seemed to be... [[ This is only the beginning! Please visit the blog for the complete entry ]] Malware Threat
2021-11-22 05:01:13 Back from the dead: Emotet re-emerges, begins rebuilding to wrap up 2021 (lien direct) Executive summary Emotet has been one of the most widely distributed threats over the past several years. It has typically been observed being distributed via malicious spam email campaigns, and often leads to additional malware infections as it provides threat actors with an initial foothold in an... [[ This is only the beginning! Please visit the blog for the complete entry ]] Spam Malware Threat Guideline
2021-11-17 06:26:34 Talos\' tips for staying safe while shopping online this holiday season (lien direct) By Jon Munshaw.  Attackers will resort to all tactics to trick users into downloading malware, handing over credit card data or completing compromising their machine.  No topic is off-limits, and threat actors have resorted to using everything from PlayStation 5 sales, to COVID-19 cures... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat
2021-10-28 05:00:00 Quarterly Report: Incident Response trends from Q3 2021 (lien direct) Ransomware again dominated the threat landscape, while BEC grew  By David Liebenberg and Caitlin Huey.  Once again, ransomware was the most dominant threat observed in Cisco Talos Incident Response (CTIR) engagements this quarter.   CTIR helped resolve several significant... [[ This is only the beginning! Please visit the blog for the complete entry ]] Ransomware Threat
2021-10-19 17:01:51 Malicious campaign uses a barrage of commodity RATs to target Afghanistan and India (lien direct) Cisco Talos recently discovered a threat actor using political and government-themed malicious domains to target entities in India and Afghanistan.These attacks use dcRAT and QuasarRAT for Windows delivered via malicious documents exploiting CVE-2017-11882 - a memory corruption vulnerability in... [[ This is only the beginning! Please visit the blog for the complete entry ]] Vulnerability Threat
2021-10-06 05:04:20 Threat hunting in large datasets by clustering security events (lien direct) By Tiago Pereira. Security tools can produce very large amounts of data that even the most sophisticated organizations may struggle to manage. Big data processing tools, such as spark, can be a powerful tool in the arsenal of security teams.This post walks through threat hunting on large datasets... [[ This is only the beginning! Please visit the blog for the complete entry ]] Tool Threat
2021-09-23 11:00:00 Threat Source newsletter (Sept. 23, 2021) (lien direct) Newsletter compiled by Jon Munshaw.Good afternoon, Talos readers.   The Russian APT Turla is one of the most notorious threat actors out there today. And they aren't stopping, recently adding a new backdoor to their arsenal that serves as a "last chance" to retain a foothold on victim... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat ★★★
2021-08-26 11:00:00 Threat Source newsletter (Aug. 26, 2021) (lien direct) Newsletter compiled by Jon Munshaw.Good afternoon, Talos readers.   We have RATs on RATs on RATs over the past few weeks. And last week, we found a few more heading to Latin America to target users and try to steal their login credentials. The threat actor in this case has some compelling... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat
2021-08-12 15:35:12 Vice Society Leverages PrintNightmare In Ransomware Attacks (lien direct) By Edmund Brumaghin, Joe Marshall, and Arnaud Zobec. Executive Summary Another threat actor is actively exploiting the so-called PrintNightmare vulnerability (CVE-2021-1675 / CVE-2021-34527) in Windows' print spooler service to spread laterally across a victim's network as part of a recent... [[ This is only the beginning! Please visit the blog for the complete entry ]] Ransomware Vulnerability Threat
2021-08-12 11:00:02 Threat Source newsletter (Aug. 12, 2021) (lien direct)   Newsletter compiled by Jon Munshaw.Good afternoon, Talos readers.   No, that's not Ratatouille. It's ServHelper, who is much more dangerous (albeit just as cute) as the cartoon chef. We have a new blog post out today detailing this RAT, run by the threat actor Group TA505, that is... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat
2021-08-12 05:01:54 Signed MSI files, Raccoon and Amadey are used for installing ServHelper RAT (lien direct) By Vanja Svajcer. News summaryGroup TA505 has been active for at least seven years, making wide-ranging connections with other threat actors involved in ransomware, stealing credit card numbers and exfiltrating data. One of the common tools in TA505's arsenal is ServHelper. In mid-June, Cisco Talos... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat
2021-08-11 05:00:00 Talos Incident Response quarterly threat report - The top malware families and TTPs used in Q2 2021 (lien direct) By David Liebenberg and Caitlin Huey.  Last quarter, ransomware was not the most dominant threat for the first time since we began compiling these reports. We theorized that this was due to a huge uptick in Microsoft Exchange exploitation, which temporarily became a primary focus for Cisco... [[ This is only the beginning! Please visit the blog for the complete entry ]] Ransomware Malware Threat
2021-08-06 10:50:05 Talos Takes Ep: #63: Shield your eyes from the Solarmarker (lien direct) By Jon Munshaw. The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. Andrew Windsor has been following the Solarmarker threat for months. But it really started to catch his eye when he... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat
2021-06-22 04:56:28 Attackers in Executive Clothing - BEC continues to separate orgs from their money (lien direct) By Nick Biasini. In today's world of threat research, the focus tends to be on the overtly malicious practice of distributing and installing malware on end systems. But this is far from the complete picture of what threats organizations face. One of the most, if not the most, costly is something... [[ This is only the beginning! Please visit the blog for the complete entry ]] Malware Threat
2021-06-10 05:00:00 Quarterly Report: Incident Response trends from Spring 2021 (lien direct) By David Liebenberg and Caitlin Huey.  While the security community made a great effort to warn users of the exploitation of several Microsoft Exchange Server zero-day vulnerabilities, it was still the biggest threat Cisco Talos Incident Response (CTIR) saw this past quarter. These... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat
2021-06-07 05:02:43 Intelligence-driven disruption of ransomware campaigns (lien direct) By Neil Jenkins and Matthew Olney. Note: Our guest co-author, Neil Jenkins, is the Chief Analytic Officer at the Cyber Threat Alliance. He leads the CTA's analytic efforts, focusing on the development of threat profiles, adversary playbooks and other analysis using the threat intelligence in the... [[ This is only the beginning! Please visit the blog for the complete entry ]] Ransomware Threat Guideline
2021-05-26 05:36:08 Elizabethan England has nothing on modern-day Russia (lien direct) This post was authored by Warren Mercer and Vitor Ventura The threat landscape is changing. Organizations need to defend against an ever-evolving tranche of threat actors. For a long time, the lines that distinguish state-sponsored and crimeware groups were well-defined. We believe this is... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat
2021-05-19 06:51:02 Talos is hiring for several positions - Join our world-class security organization (lien direct) Cisco Talos continues to build an elite threat intelligence and research group, and we are looking for driven, innovative and diverse security enthusiasts to join us.  We are currently hiring for several positions, including multiple security engineer roles and a senior vulnerability... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat
2021-04-16 07:53:10 Talos Takes Ep. #49: LodaRAT keeps growing....and growing (lien direct) By Jon Munshaw. The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. Chris Neal from Talos Outreach has followed LodaRAT for years now. It's gone from a fairly small threat to a full-on... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat
2021-04-12 06:32:04 Recording: Analyzing Android Malware - From triage to reverse-engineering (lien direct) It's easy to get wrapped up worry about large-scale ransomware attacks on the threat landscape. These are the types of attacks that make headlines and strike fear into the hearts of CISOs everywhere. But if you want to defend the truly prolific and widespread threats that target some of the devices... [[ This is only the beginning! Please visit the blog for the complete entry ]] Ransomware Malware Threat
2021-04-02 07:00:00 Talos Takes Ep. #47: Looking back at the Masslogger trojan (lien direct) By Jon Munshaw. The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. We return to our usual formatting this week to discuss the Masslogger trojan. We covered this threat earlier this year... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat ★★★★
2021-03-11 11:00:00 Threat Source newsletter (March 11, 2021) - Featuring new SolarWinds roundtable (lien direct) Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers.   We have a special edition of the Threat Source newsletter to bring you this week, because we're premiering a new video for you right now!  Below, you'll find a full roundtable we put together discussing the SolarWinds supply chain attack. We brought together Talos researchers from several parts of our organization, including incident responders, global threat intelligence researchers and our Outreach team. We... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat
2021-03-09 16:52:02 Hafnium Update: Continued Microsoft Exchange Server Exploitation (lien direct) It's been a week since Microsoft first disclosed several zero-day vulnerabilities in Exchange Server - and the scope has only grown since then. In its disclosure, Microsoft stated that a new threat actor known as Hafnium was exploiting these vulnerabilities to steal emails. Since Microsoft's initial disclosure, Cisco Talos has seen shifts in the tactics, techniques, and procedures (TTPs) associated with this activity. The majority of the activity continues to follow the guidance that was... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat
2021-03-04 11:00:00 Threat Source newsletter (March 4, 2021) (lien direct) Newsletter compiled by Jon Munshaw. Of course, we will start things off talking about the Microsoft Exchange Server zero-day vulnerabilities disclosed earlier this week. Microsoft said in a statement that a threat actor is exploiting these vulnerabilities in the wild to steal users' emails, understandably causing a lot of panic in the security community.  Thankfully, patches are already available for the product, so updated asap. We also have a ton of coverage across Cisco Secure products... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat
2021-03-04 08:06:10 Threat Advisory: HAFNIUM and Microsoft Exchange zero-day (lien direct) Microsoft released patches for four vulnerabilities in Exchange Server on March 2, disclosing that these vulnerabilities were being exploited by a previously unknown threat actor, referred to as HAFNIUM. The vulnerabilities in question - CVE-2021-26855, CVE-2021-26857, CVE-2021-26858 and CVE-2021-27065 - affect Microsoft Exchange Server 2019, 2016, 2013 and the out-of-support Microsoft Exchange Server 2010. The patches for these vulnerabilities should be applied as soon as possible. Microsoft... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat
2021-02-25 11:00:14 Threat Source newsletter (Feb. 25, 2021) (lien direct) Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers.   We all think of APTs as these wide-reaching, silent threat groups who are backed by a nation-state. But our recent research into Gamaredon shows that not all APTs are created equal.  We've spotted this actor carrying out several different attacks across the globe, many of which are mainly just interested in stealing information. And what they do with that information is still up for debate.  Upcoming public... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat
2021-02-23 04:59:42 Gamaredon - When nation states don\'t pay all the bills (lien direct) By Warren Mercer and Vitor Ventura. Gamaredon is a threat actor, active since at least 2013, that has long been associated with pro-Russian activities in several reports throughout the years. It is extremely aggressive and is usually not associated with high-visibility campaigns, Cisco Talos sees it is incredibly active and we believe the group is on par with some of the most prolific crimeware gangs.It has been considered an APT for a long time, however, its characteristics don't match the... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat
2021-02-11 11:00:05 Threat Source newsletter (Feb. 11, 2021) (lien direct) Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers.   We have an update on LodaRAT, a trojan we've been following for years. This threat has a new version targeting Android devices, looking to infect devices and steal user's credentials and monitor things like their phone calls and messages.   Patch Tuesday was also this week, which was relatively quiet in terms of the volume of vulnerabilities. We have our full Microsoft blog post as usual, and also a Snort... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat
2021-02-04 11:00:06 Threat Source newsletter (Feb. 4, 2021) (lien direct) Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers.   We are excited to finally share this LockBit research paper with you all after months of work. Some of our researchers spoke to a ransomware operator, which provided us insight into a threat actor's day-to-day goals and tactics.  The paper includes information on how the attacker chooses its targets and why it's easier for the attacker to operate in some countries than others.  Upcoming public engagements... [[ This is only the beginning! Please visit the blog for the complete entry ]] Ransomware Threat
2021-02-02 07:08:45 Interview with a LockBit ransomware operator (lien direct) By Azim Khodjibaev, Dymtro Korzhevin and Kendall McKay. Ransomware is still highly prevalent in our current threat landscape - it's one of the top threats Cisco Talos Incident Response responds to. One such ransomware family we encounter is called LockBit, a ransomware-as-a-service (RaaS) platform that's known for its automation and the speed at which it attacks its victims. At Cisco Talos, we strive to understand the malware utilized in ransomware, the infrastructure leveraged... [[ This is only the beginning! Please visit the blog for the complete entry ]] Ransomware Malware Threat
2021-01-26 08:45:36 Nation State Campaign Targets Talos Researchers (lien direct) Google's Threat Analysis Group published a blog Monday evening warning of an ongoing campaign attempting to compromise security researchers. Google TAG's blog outlines the attacker's motivations and various TTPs used in these attacks.  We can confirm that multiple Cisco Talos researchers received messages that appear to be linked to this campaign. As you can see below our researchers did not engage to the point where the malicious files were provided. As security researchers it is... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat ★★★
2021-01-14 11:00:03 Threat Source newsletter (Jan. 14, 2021) (lien direct) Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers.   Microsoft released its monthly security update this week, disclosing 83 vulnerabilities across its suite of products to kickoff 2021. Our blog post has the most important vulnerabilities you need to know about, along with our released Snort rules to keep your network protected.  TalosIntelligence.com users will also want to check out the list of our new Content and Threat Categories that will provide you with... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat
2021-01-11 08:08:49 Changes to Cisco Talos\' Content and Threat Category lists (lien direct) Cisco Talos is happy to announce the upcoming changes to our Content and Threat Category lists. Our goal is to provide you with sufficient intelligence details to allow you to make informed decisions to protect your network without disrupting your organization's productivity. These changes will give you additional details needed to make more informed decisions for your network. Beginning Jan. 21, customers using Cisco platforms that receive Talos Intelligence will see updates to our Content... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat
2021-01-07 10:52:13 Threat Source newsletter (Jan. 7, 2021) (lien direct)    Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers and welcome to the first Threat Source newsletter of 2021.  We hit the ground running already this year with a new Beers with Talos episode. It was recorded back in 2020, but the lessons regarding ransomware attacks and how actors choose their targets are still very much relevant.   On the written word front, we have a full, technical breakdown of a recent Lokibot strain we've seen in the wild. Check... [[ This is only the beginning! Please visit the blog for the complete entry ]] Ransomware Threat
2020-12-17 11:00:02 Threat Source newsletter (Dec. 17, 2020) (lien direct)   Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers.   This will be our last Threat Source newsletter of the year. We'll be on a few-week break for the holidays until Jan. 7.  Of course, all anyone wants to talk about this week is the SolarWinds supply chain attack. There are still many outstanding questions yet to be answered. But everything Cisco Talos knows about this incident and our coverage can be found here. And our pre-existing coverage keeps... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat
2020-12-11 12:41:37 (Déjà vu) Threat Roundup for December 4 to December 11 (lien direct) Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Dec. 4 and Dec. 11. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat
2020-12-10 11:00:00 Threat Source newsletter (Dec. 10, 2020) (lien direct)  Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. Cyber security firm FireEye recently disclosed an incident that was reported to have resulted in the inadvertent disclosure of various internally developed offensive security tools (OSTs) that were used across FireEye red-team engagements. We know this is going to be top-of-mind for many users, so for more, check out all our coverage that covers these vulnerabilities here. We also have new Snort rules out, which you can... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat
2020-12-09 06:32:50 Quarterly Report: Incident Response trends from Fall 2020 (lien direct) By David Liebenberg and Caitlin Huey.  For the sixth quarter in a row, Cisco Talos Incident Response (CTIR) observed ransomware dominating the threat landscape. However, for the first quarter since we began compiling these reports, no engagements that were closed out involved the ransomware Ryuk (though there were engagements that were kicked off this quarter involving Ryuk, but have yet to close). The top ransomware families observed were Maze and Sodinokibi, though barely more than any... [[ This is only the beginning! Please visit the blog for the complete entry ]] Ransomware Threat
2020-12-03 11:00:03 Threat Source newsletter (Dec. 3, 2020) (lien direct) Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers.  While ransomware has made all the headlines this year, that doesn't mean cryptocurrency miners are going anywhere. We recently discovered a new actor we're calling “Xanthe” that's mining Monero on targets' machines. The main payload, in this case, is a variant of the XMRig Monero-mining program that is protected with a shared object developed to hide the presence of the miner's process from various tools for process... [[ This is only the beginning! Please visit the blog for the complete entry ]] Ransomware Threat
2020-11-20 14:19:18 (Déjà vu) Threat Roundup for November 13 to November 20 (lien direct) Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Nov. 13 and Nov. 20. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat
Last update at: 2024-07-22 11:08:14
See our sources.
My email:

To see everything: Our RSS (filtrered) Twitter