What's new arround internet
Last one

Src Date (GMT) Titre Description Tags Stories Notes
2020-11-19 10:51:45 Threat Source newsletter (Nov. 19, 2020) (lien direct) Newsletter compiled by Jon Munshaw.Good afternoon, Talos readers.  In case you hadn't already realized, Snort somehow became a meme this week, so that was fun.  As 2020 (finally...or already...I can't decide which) comes to an end, we're going to start doing a look back at the year that was in malware. And although Emotet has been around long before this year, 2020 was particularly peculiar for the botnet because it went virtually dormant over the summer before coming back over the... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat ★★★★★
2020-11-13 11:24:47 (Déjà vu) Threat Roundup for November 6 to November 13 (lien direct) Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Nov. 6 and Nov. 13. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat
2020-11-12 11:39:02 Threat Source newsletter (Nov. 12, 2020) (lien direct) Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers.  We're back after a few-week hiatus! And to celebrate, we just dropped some new research on the CRAT trojan that's bringing some ransomware friends along with it. This blog post has all the details of this threat along with what you can do to stay protected.  We also had Microsoft Patch Tuesday this week. The company disclosed about 120 vulnerabilities this month that all users should patch now. Our blog post has a... [[ This is only the beginning! Please visit the blog for the complete entry ]] Ransomware Threat
2020-11-06 11:10:55 (Déjà vu) Threat Roundup for October 30 to November 6 (lien direct) Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Oct. 30 and Nov. 6. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat
2020-10-30 14:51:47 Cisco Talos Advisory on Adversaries Targeting the Healthcare and Public Health Sector (lien direct) BackgroundCisco Talos has become aware that an adversary is leveraging Trickbot banking trojan and Ryuk ransomware to target U.S. hospitals and healthcare providers at an increasing rate. Security journalists reported on October 28, 2020 that the adversary was preparing to encrypt systems at “potentially hundreds” of medical centers and hospitals, based on a tip from a researcher who had been monitoring communications for the threat actor. On October 28 and 29, these claims were supported by... [[ This is only the beginning! Please visit the blog for the complete entry ]] Ransomware Threat
2020-10-30 14:48:53 (Déjà vu) Threat Roundup for October 23 to October 30 (lien direct) Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Oct. 23 and Oct. 30. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat
2020-10-23 15:09:36 (Déjà vu) Threat Roundup for October 16 to October 23 (lien direct) Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Oct. 16 and Oct. 23. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat
2020-10-16 13:26:15 (Déjà vu) Threat Roundup for October 9 to October 16 (lien direct) Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Oct. 9 and Oct. 16. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat
2020-10-15 11:00:06 Threat Source newsletter (Oct. 15, 2020) (lien direct) Newsletter compiled by Jon Munshaw.Good afternoon, Talos readers.  In our latest entry into our election security series, we're turning our attention to the professionals who are responsible for securing our elections. After months of research, we've compiled a series of recommendations for local, state and national officials to combat disinformation and secure Americans' faith in the election system.  Patch Tuesday was also this week, which as usual, brought with it a big Snort rule... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat
2020-10-09 12:36:21 (Déjà vu) Threat Roundup for October 2 to October 9 (lien direct) Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Oct. 2 and Oct. 9. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat
2020-10-08 11:00:07 Threat Source newsletter for Oct. 8, 2020 (lien direct)  Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers.  We've been writing and talking about election security a ton lately. And as the U.S. presidential election draws closer, we decided it was time to summarize some things. So, we released this blog post with our formal recommendations for voters and how they can avoid disinformation and other bad actors trying to influence the election.  Our researchers are also following the development of the PoetRAT malware.... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat
2020-10-02 17:40:29 (Déjà vu) Threat Roundup for September 25 to October 2 (lien direct) Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Sept. 25 and Oct. 2. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat
2020-10-01 11:00:07 Threat Source newsletter for Oct. 1, 2020 (lien direct) Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers.  In the past, we've covered what disinformation (otherwise known as “fake news”) is and who spreads it. Now, we're diving into why it works, and why it's so easy for people to spread. Check out our full paper here to gain a lot of insight into the psychology of social media.  On the malware front, we also have an update on LodaRAT. We've seen several new variants of this threat in the wild. Here's what to look out for... [[ This is only the beginning! Please visit the blog for the complete entry ]] Malware Threat
2020-09-29 10:24:54 LodaRAT Update: Alive and Well (lien direct) By Chris Neal. During our continuous monitoring of LodaRAT, Cisco Talos observed changes in the threat that add new functionality. Multiple new versions of LodaRAT have been spotted being used in the wild.These new versions of LodaRAT abandoned their previous obfuscation techniques.Direct interaction with the threat actor was observed during analysis, indicating the actor is actively monitoring infected hosts.What's New? Talos recently identified new versions of LodaRAT, a remote access trojan... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat
2020-09-25 13:23:33 (Déjà vu) Threat Roundup for September 18 to September 25 (lien direct) Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Sept. 18 and Sept. 25. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat
2020-09-24 11:00:07 Threat Source newsletter for Sept. 24, 2020 (lien direct)     Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers.  After months (years?) in beta, an official release candidate is out now for Snort 3. Stay tuned for an officially official release in about a month.  In other Snort rules, we also have a deep dive into our detection and prevention of Cobalt Strike. One of our researchers, Nicholas Mavis, did an amazing job breaking down what goes into writing Snort rules and ClamAV signatures, for those of you who... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat
2020-09-18 13:10:40 (Déjà vu) Threat Roundup for September 11 to September 18 (lien direct) Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Sept. 11 and Sept. 18. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat
2020-09-17 11:00:02 Threat Source newsletter for Sept. 17, 2020 (lien direct)    Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers.  We've got a couple of vulnerabilities you should know about. Monday, we disclosed a bug in Google Chrome's PDFium feature that opens the door for an adversary to execute remote code.  Our researchers also discovered several vulnerabilities in the Nitro Pro PDF Reader. The software contains vulnerabilities that could allow adversaries to exploit a victim machine in multiple ways that would eventually... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat
2020-09-11 12:13:39 (Déjà vu) Threat Roundup for September 4 to September 11 (lien direct) Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Sept. 4 and Sept. 11. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat
2020-09-10 11:00:01 Threat Source newsletter for Sept. 10, 2020 (lien direct)   Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers.  In our continued research on election security, we have a new video roundtable discussion up on our YouTube page. In this Q&A-style format, I ask our researchers questions about the work they've done researching disinformation (aka “fake news”) and how to combat the spread of it.  Microsoft Patch Tuesday was also this week. For our recap of all 120-something vulnerabilities Microsoft discovered, click... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat
2020-09-09 07:30:00 Roundtable video: Disinformation and election security (lien direct) By Jon Munshaw. In our continued coverage of election security, we decided to sit down with four Talos and Cisco researchers to discuss disinformation. As we outlined in our recent research paper, disinformation is one of the cornerstones of threat actors' efforts to disrupt the American election process. In this video, we dive even deeper to discuss things like how legitimate websites can fall victim to disinformation campaigns and what can be done to stop the spread of fake news. You can... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat
2020-09-04 15:17:17 (Déjà vu) Threat Roundup for August 28 to September 4 (lien direct) Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Aug. 28 and Sept. 4. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat
2020-09-03 11:00:09 Threat Source newsletter for Sept. 3, 2020 (lien direct)  Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers.  We recently uncovered a series of email campaigns utilizing links to malicious documents hosted on legitimate file-sharing platforms to spread malware. The campaigns distributed various malware payloads including Gozi ISFB, ZLoader, SmokeLoader and AveMaria, among others. Check out our complete details of the threat and our protections here.  We are also excited to show off our fancy new Talos Email Status... [[ This is only the beginning! Please visit the blog for the complete entry ]] Malware Threat
2020-09-01 08:00:07 Quarterly Report: Incident Response trends in Summer 2020 (lien direct) By David Liebenberg and Caitlin Huey. For the fifth quarter in a row, Cisco Talos Incident Response (CTIR) observed ransomware dominating the threat landscape. Infections involved a wide variety of malware families including Ryuk, Maze, LockBit, and Netwalker, among others.  In a continuation of trends observed in last quarter's report, these ransomware attacks have relied much less on commodity trojans such as Emotet and Trickbot. Interestingly, 66 percent of all ransomware attacks this... [[ This is only the beginning! Please visit the blog for the complete entry ]] Ransomware Malware Threat
2020-08-27 12:44:52 (Déjà vu) Threat Roundup for August 21 to August 27 (lien direct) Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Aug. 21 and Aug. 27. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat
2020-08-27 11:00:08 Threat Source newsletter for Aug. 27, 2020 (lien direct) Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers.  As part of our continued look at election security ahead of the November election, we have another research paper out this week. This time, we're taking a closer look at disinformation campaigns, popularly known as “fake news.” This paper builds on the first “What to expect when you're electing” report by focusing on the infrastructure supporting these complex campaigns.  On the vulnerability side of things, we also... [[ This is only the beginning! Please visit the blog for the complete entry ]] Vulnerability Threat
2020-08-20 11:00:03 Threat Source newsletter for Aug. 20, 2020 (lien direct)  Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers.  Hactivism always seems to cool and noble in the movies. Video games and TV shows have no shortage of their “hacker heroes,” too. But what are the real-world consequences of users who release sensitive information or carry out data breaches in the name of their idea of good?  That's what the newest Beers with Talos episode is all about. The crew also digs deeper into the ethical considerations of hacktivism,... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat
2020-08-14 13:14:03 (Déjà vu) Threat Roundup for August 7 to August 14 (lien direct) Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Aug. 7 and Aug. 14. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat
2020-08-13 11:46:42 Threat Source newsletter for Aug. 13, 2020 (lien direct) Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers.  It's really tough to attribute cyber attacks. We know it. You know it. But why is that, exactly? And why do we want to attribute attacks so badly anyway? In our latest blog post, we look at why attribution is challenging, and what pitfalls private researchers and government agencies alike face.   If you haven't already, you need to update your Microsoft products. Patch Tuesday was this week, and with it came... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat
2020-08-13 09:56:21 Attribution: A Puzzle (lien direct) By Martin Lee, Paul Rascagneres and Vitor Ventura. Introduction The attribution of cyber attacks is hard. It requires collecting diverse intelligence, analyzing it and deciding who is responsible. Rarely does the evidence available to researchers reach a level of proof that would be acceptable in a court of law. Nevertheless, the private sector rises to the challenge to attempt to associate cyber attacks to threat actors using the intelligence available to them. This intelligence takes the... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat
2020-08-07 15:24:37 (Déjà vu) Threat Roundup for July 31 to August 7 (lien direct) Today, Talos is publishing a glimpse into the most prevalent threats we've observed between July 31 and Aug. 7. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat
2020-08-06 11:00:01 Threat Source newsletter for Aug. 6, 2020 (lien direct) Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers.  We spend a lot of time talking about what you should do to keep your data safe, and how other organizations should be prepared for the worst. But what happens if the worst happens to you?  In the latest Beers with Talos episode, we walk you through what to do if you're the one who gets owned - even if it's not your fault at all.  We also have the details out on several vulnerabilities in Microsoft Azure Sphere.... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat
2020-07-31 11:08:08 (Déjà vu) Threat Roundup for July 24 to July 31 (lien direct) Today, Talos is publishing a glimpse into the most prevalent threats we've observed between July 24 and July 31. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat
2020-07-30 11:00:05 Threat Source newsletter for July 30, 2020 (lien direct) Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. Adversaries love to use headlines as part of their spam campaigns. From COVID-19, to Black Lives Matter and even Black Friday every year, the bad guys are wanting to capitalize on current events. Why is this the case, and when do they decide to jump on headlines?  In our latest blog post, we look at this technique and examine the advantages and disadvantages of trying to leverage the biggest news.   Cyber... [[ This is only the beginning! Please visit the blog for the complete entry ]] Spam Threat
2020-07-29 08:21:44 Adversarial use of current events as lures (lien direct) By Nick Biasini. The goal of malicious activity is to compromise the system to install some unauthorized software. Increasingly that goal is tied to one thing: the user. Over the past several years, we as an industry improved exploit mitigation and the value of working exploits has increased accordingly. Together, these changes have had an impact on the threat landscape. We still see large amounts of active exploitation, but enterprises are getting better at defending against them. This has... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat
2020-07-24 14:14:10 (Déjà vu) Threat Roundup for July 17 to July 24 (lien direct) Today, Talos is publishing a glimpse into the most prevalent threats we've observed between July 17 and July 24. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat
2020-07-23 11:00:04 Threat Source newsletter for July 23, 2020 (lien direct) Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. While ransomware attacks continue to hog all the headlines, cryptocurrency miners are still running the background, sapping computing power from unsuspecting victims. We have what we believe is the first documentation of a new botnet we're calling "Prometei" that mines for Monero. Here's why you need to be on the lookout for this botnet and why it could be a sign of worse things to come if you're infected. If you didn't get... [[ This is only the beginning! Please visit the blog for the complete entry ]] Ransomware Threat
2020-07-17 14:26:01 (Déjà vu) Threat Roundup for July 10 to July 17 (lien direct) Today, Talos is publishing a glimpse into the most prevalent threats we've observed between July 10 and July 17. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat
2020-07-16 11:00:05 Threat Source newsletter for July 16, 2020 (lien direct) Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. If you haven't already, we highly recommend you read our in-depth research paper on election security. This paper represents four years of hands-on research, interviews and insight into how things have changed since 2016, and what hurdles remain to secure American elections.  This is just the first release in a series of papers, blog posts and more that we'll be releasing in the leadup to the November general election.... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat Guideline
2020-07-10 10:43:49 Threat Roundup for July 3 to July 10 (lien direct) Today, Talos is publishing a glimpse into the most prevalent threats we've observed between July 3 and July 10. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat
2020-07-02 11:00:02 Threat Source newsletter for July 2, 2020 (lien direct) Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. Our latest research you should catch up on is the Valak malware. This information-stealer sneaks its way onto victim machines by hijacking legitimate email threads. The threat actors send their phishing emails and attachments in email threads, hoping to trick users into thinking they're legitimate. We also have two vulnerability spotlights that alert users to patches you should make now. One is an information leak in Mozilla... [[ This is only the beginning! Please visit the blog for the complete entry ]] Vulnerability Threat
2020-07-01 08:21:25 Threat Spotlight: Valak Slithers Its Way Into Manufacturing and Transportation Networks (lien direct) By Nick Biasini, Edmund Brumaghin and Mariano Graziano. Threat summary Attackers are actively distributing the Valak malware family around the globe, with enterprises, in particular, being targeted.These campaigns make use of existing email threads from compromised accounts to greatly increase success.The additional use of password-protected ZIP files can create a blind spot in security protections.The overwhelming majority of campaigns occurred over the last couple of months and targeted... [[ This is only the beginning! Please visit the blog for the complete entry ]] Malware Threat
2020-06-29 11:54:58 PROMETHIUM extends global reach with StrongPity3 APT (lien direct) By Warren Mercer, Paul Rascagneres and Vitor Ventura. News summaryThe threat actor behind StrongPity is not deterred despite being exposed multiple times over the past four years.They continue to expand their victimology and attack seemingly non related countries.This kind of continuous improvement suggests there is a possibility that this is an exported solution for other actors to use.Executive summaryThe PROMETHIUM threat actor - active since 2012 - has been exposed multiple times over the... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat
Last update at: 2024-07-17 23:08:32
See our sources.
My email:

To see everything: Our RSS (filtrered) Twitter