Clik here to view.
Registration for the 2019 Talos Threat Research Summit is now open
The Talos Threat Research Summit is officially back.Registration is open now for the second year of our conference by defenders, for defenders. Tickets sold out quickly last year for our inaugural...
View ArticleClik here to view.
Threat Source (April 4)
Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week.If you haven’t yet, there’s still time to register for this year’s Talos...
View ArticleClik here to view.
Hiding in Plain Sight
This blog was written by Jon Munshaw and Jaeson Schultz.Cisco Talos is continually working to ensure that our threat intelligence not only accounts for the latest threats but also new versions of old...
View ArticleClik here to view.
Beers with Talos Ep. #50: Operating under the cover of… nothing
Beers with Talos (BWT) Podcast Ep. No. 50 is now available. Download this episode and subscribe to Beers with Talos:If iTunes and Google Play aren't your thing, click here.Recorded March 29, 2019 -...
View ArticleClik here to view.
Threat Roundup for March 29 to April 5
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between March 29 and April 05. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead,...
View ArticleClik here to view.
Microsoft Patch Tuesday — April 2019: Vulnerability disclosures and Snort...
Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 74 vulnerabilities, 16 of which are rated...
View ArticleClik here to view.
Gustuff banking botnet targets Australia
Vitor Ventura authored this post.Executive summaryCisco Talos has uncovered a new Android-based campaign targeting Australian financial institutions. As the investigation progressed, Talos came to...
View ArticleClik here to view.
Vulnerability Spotlight: Adobe Acrobat Reader remote code execution
Aleksandar Nikolic of Cisco Talos discovered these vulnerabilities.Executive summaryThere is a remote code execution vulnerability in Adobe Acrobat Reader that could occur if a user were to open a...
View ArticleClik here to view.
Sextortion profits decline despite higher volume, new techniques
Post authored by Nick Biasini and Jaeson Schultz.Sextortion spammers continue blasting away at high volume. The success they experienced with several high-profile campaigns last year has led these...
View ArticleClik here to view.
Threat Source (April 11)
Newsletter compiled by Jonathan Munshaw.Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week.If you haven’t yet, there’s still...
View ArticleClik here to view.
Threat Roundup for April 5 to April 12
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between April 05 and April 12. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead,...
View ArticleClik here to view.
Vulnerability Spotlight: Multiple vulnerabilities in Shimo VPN's helper tool
Discovered by Tyler Bohan of Cisco Talos.OverviewCisco Talos is disclosing a series of vulnerabilities found in the Shimo VPN Helper Tool. Shimo VPN is a popular VPN client for MacOS that can be used...
View ArticleClik here to view.
Vulnerability Spotlight: Denial of service in VMWare Workstation 15
Piotr Bania of Cisco Talos discovered this vulnerability.Executive summaryVMware Workstation 15 contains an exploitable denial-of-service vulnerability. Workstation allows users to run multiple...
View ArticleClik here to view.
New HawkEye Reborn Variant Emerges Following Ownership Change
Edmund Brumaghin and Holger Unterbrink authored this blog post.Executive summaryMalware designed to steal sensitive information has been a threat to organizations around the world for a long time. The...
View ArticleClik here to view.
DNS Hijacking Abuses Trust In Core Internet Service
Authors: Danny Adamitis, David Maynor, Warren Mercer, Matthew Olney and Paul Rascagneres.PrefaceThis blog post discusses the technical details of a state-sponsored attack manipulating DNS systems....
View ArticleClik here to view.
Beers with Talos Ep. #51: Sea Turtles yeeting packets
Beers with Talos (BWT) Podcast Ep. No. 51 is now available. Download this episode and subscribe to Beers with Talos:If iTunes and Google Play aren't your thing, click here.Recorded April 12, 2019 —...
View ArticleClik here to view.
Threat Source (April 18): New attacks distribute Formbook, LokiBot
Newsletter compiled by Jonathan Munshaw.Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week.If you haven’t yet, there’s still...
View ArticleClik here to view.
Threat Roundup for April 12 to April 19
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between April 12 and April 19. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead,...
View ArticleClik here to view.
DNSpionage brings out the Karkoff
Warren Mercer and Paul Rascagneres authored this post.Update 4/24: The C2 section below now includes details around the XOR element of the C2 communication system.Executive summaryIn November 2018,...
View ArticleClik here to view.
Vulnerability Spotlight: Symantec Endpoint Protection kernel memory...
Marcin Noga of Cisco Talos discovered this vulnerability.OverviewCisco Talos is disclosing an information leak vulnerability in the ccSetx86.sys kernel driver of Symantec Endpoint Protection Small...
View Article