From BlackMatter to BlackCat: Analyzing two attacks from one affiliate
By Tiago Pereira with contributions from Caitlin Huey. BlackCat is a recent and growing ransomware-as-a-service (RaaS) group that targeted several organizations worldwide over the past few months.There...
View ArticleThreat Source newsletter (March 17, 2022) — Channelling productive worry to...
By Jon Munshaw. Welcome to this week’s edition of the Threat Source newsletter. Cisco Talos continues to be heads-down working on the current Ukraine situation. This is incredibly difficult for...
View ArticleThreat Roundup for March 11 to March 18
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between March 11 and March 18. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead,...
View ArticleOn the Radar: Securing Web 3.0, the Metaverse and beyond
By Jaeson Schultz. Internet technology evolves rapidly, and the World Wide Web (WWW or Web) is currently experiencing a transition into what many are calling "Web 3.0". Web 3.0 is a nebulous term. If...
View ArticleVulnerability Spotlight: Heap overflow in Sound Exchange libsox library
Lilith >_> of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered an exploitable heap-based buffer overflow vulnerability in the sphere.c...
View ArticleThreat Advisory: DoubleZero
Overview The Computer Emergency Response Team of Ukraine released an advisory on March 22, 2022 disclosing another wiper dubbed "DoubleZero" targeting Ukrainian enterprises during Russia's invasion of...
View ArticleThreat Source newsletter (March 24, 2022) — Channelling productive worry to...
By Jon Munshaw. Welcome to this week’s edition of the Threat Source newsletter. The war in Ukraine has involved misinformation since before Russia’s ground forces invaded the country. So, it’s not...
View ArticleThreat Roundup for March 18 to March 25
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between March 18 and March 25. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead,...
View ArticleTransparent Tribe campaign uses new bespoke malware to target Indian...
By Asheer Malhotra and Justin Thattil with contributions from Kendall McKay. Cisco Talos has observed a new Transparent Tribe campaign targeting Indian government and military entities. While the...
View ArticleThreat Source newsletter (March 31, 2022) — Is "Fortnite" a Metaverse?
By Jon Munshaw. Welcome to this week’s edition of the Threat Source newsletter. By now, anyone on the internet has pondered the question: “Is a hot dog a sandwich?” (My two cents: Yes, absolutely.)...
View ArticleOn the Radar: Is 2022 the year encryption is doomed?
By Martin Lee. Quantum technology in development by the world’s superpowers will render many current encryption algorithms obsolete overnight. When it becomes available, whoever controls this...
View ArticleThreat Advisory: Spring4Shell
Cisco Talos is releasing coverage to protect users against the exploitation of two remote code execution vulnerabilities in Spring Framework. CVE-2022-22963 is a medium-severity bug that affects Spring...
View ArticleBeers with Talos, Ep. #119: If it walks like a BlackCat, smells like a...
Beers with Talos (BWT) Podcast episode No. 119 is now available. Download this episode and subscribe to Beers with Talos: Apple Podcasts Google Podcasts Spotify StitcherRecorded March 25, 2022. If...
View ArticleThreat Roundup for March 25 to April 1
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between March 25 and April 1. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead,...
View ArticleThreat Spotlight: AsyncRAT campaigns feature new version of 3LOSH crypter
By Edmund Brumaghin, with contributions from Alex Karkins. Ongoing malware distribution campaigns are using ISO disk images to deliver AsyncRAT, LimeRAT and other commodity malware to victims.The...
View ArticleThreat Source newsletter (April 7, 2022) — More money for cybersecurity still...
By Jon Munshaw. Welcome to this week’s edition of the Threat Source newsletter. U.S. President Joe Biden’s proposed budget would include an 11 percent increase in the federal government’s IT budget,...
View ArticleThreat Roundup for April 1 to April 8
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between April 1 and April 8. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead,...
View ArticleMicrosoft Patch Tuesday includes most vulnerabilities since Sept. 2020
By Jon Munshaw and Nick Biasini. Microsoft released its latest security update Tuesday, disclosing more than 140 vulnerabilities across its array of products. This is a departure from past Patch...
View ArticleThreat Spotlight: "Haskers Gang" Introduces New ZingoStealer
Update (04/14/22): Following the initial publication of this blog, we observed a new post in the Haskers Gang Telegram channel announcing that ownership of the ZingoStealer project is being transferred...
View ArticleThreat Source newsletter (April 14, 2022) — It's Tax Day, and you know what...
By Jon Munshaw. Welcome to this week’s edition of the Threat Source newsletter. The deadline to file taxes in the United States is Monday. That means a few things: everyone should probably make sure...
View Article