Clik here to view.
Rounding up some of the major headlines from RSA
While I one day wish to make it to the RSA Conference in person, I’ve never had the pleasure of making the trek to San Francisco for one of the largest security conferences in the U.S. Instead, I had...
View ArticleClik here to view.
From trust to trickery: Brand impersonation over the email attack vector
Cisco recently developed and released a new feature to detect brand impersonation in emails when adversaries pretend to be a legitimate corporation.Talos has discovered a wide range of techniques...
View ArticleClik here to view.
Apple and Google are taking steps to curb the abuse of location-tracking...
Since the advent of products like the Tile and Apple AirTag, both used to keep track of easily lost items like wallets, keys and purses, bad actors and criminals have found ways to abuse them. These...
View ArticleClik here to view.
Out-of-bounds reads in Adobe Acrobat; Foxit PDF Reader contains vulnerability...
Cisco Talos’ Vulnerability Research team has helped to disclose and patch more than 20 vulnerabilities over the past three weeks, including two in the popular Adobe Acrobat Reader software.Acrobat, one...
View ArticleClik here to view.
New Generative AI category added to Talos reputation services
Cisco Talos is preparing to release the first in a series of changes to our Web Categorization system, which is designed to simplify the verbiage we use. In mid-June, we're adding a new “Generative AI”...
View ArticleClik here to view.
LilacSquid: The stealthy trilogy of PurpleInk, InkBox and InkLoader
By Anna Bennett, Nicole Hoffman, Asheer Malhotra, Sean Taylor and Brandon White. Cisco Talos is disclosing a new suspected data theft campaign, active since at least 2021, we attribute to an advanced...
View ArticleClik here to view.
Attackers are impersonating a road toll payment processor across the U.S. in...
My wife (no stranger to weird types of scams) recently received a fake text message from someone claiming to be New Jersey’s E-ZPass program saying that she had an outstanding balance from highway...
View ArticleClik here to view.
New banking trojan “CarnavalHeist” targets Brazil with overlay attacks
Since February 2024, Cisco Talos has been observing an active campaign targeting Brazilian users with a new banking trojan called “CarnavalHeist.” Many of the observed tactics, techniques and...
View ArticleClik here to view.
DarkGate switches up its tactics with new payload, email templates
This post was authored by Kalpesh Mantri. Cisco Talos is actively tracking a recent increase in activity from malicious email campaigns containing a suspicious Microsoft Excel attachment that, when...
View ArticleClik here to view.
The sliding doors of misinformation that come with AI-generated search results
As someone who used to think that his entire livelihood would come from writing, I’ve long wondered if any sort of computer or AI could replace my essential functions at work. For now, it seems there...
View ArticleClik here to view.
Only one critical issue disclosed as part of Microsoft Patch Tuesday
Microsoft released its monthly security update Tuesday, disclosing 49 vulnerabilities across its suite of products and software. Of those there is only one critical vulnerability. Every other security...
View ArticleClik here to view.
Operation Celestial Force employs mobile and desktop malware to target Indian...
By Gi7w0rm, Asheer Malhotra and Vitor Ventura. Cisco Talos is disclosing a new malware campaign called “Operation Celestial Force” running since at least 2018. It is still active today, employing the...
View ArticleClik here to view.
How we can separate botnets from the malware operations that rely on them
As I covered in last week’s newsletter, law enforcement agencies from around the globe have been touting recent botnet disruptions affecting the likes of some of the largest threat actors and malware...
View ArticleClik here to view.
How are attackers trying to bypass MFA?
In the latest Cisco Talos Incident Response Quarterly Trends report, instances related to multi-factor authentication (MFA) were involved in nearly half of all security incidents that our team...
View ArticleClik here to view.
Exploring malicious Windows drivers (Part 2): the I/O system, IRPs, stack...
This blog post is part of a multi-part series, and it is highly recommended to read the first entry here before continuing.As the second entry in our “Exploring malicious Windows drivers” series, we...
View ArticleClik here to view.
Tabletop exercises are headed to the next frontier: Space
I think we can all agree that tabletop exercises are a good thing. They allow organizations of all sizes to test their incident response plans without the potentially devastating effects of a...
View ArticleClik here to view.
SneakyChef espionage group targets government agencies with SugarGh0st and...
Cisco Talos recently discovered an ongoing campaign from SneakyChef, a newly discovered threat actor using SugarGh0st malware, as early as August 2023. In the newly discovered campaign, we observed a...
View ArticleClik here to view.
Unveiling SpiceRAT: SneakyChef's latest tool targeting EMEA and Asia
Cisco Talos discovered a new remote access trojan (RAT) dubbed SpiceRAT, used by the threat actor SneakyChef in a recent campaign targeting government agencies in EMEA and Asia. We observed that...
View ArticleClik here to view.
Multiple vulnerabilities in TP-Link Omada system could lead to root access
The TP-Link Omada system is a software-defined networking solution for small to medium-sized businesses. It touts cloud-managed devices and local management for all Omada devices. The supported devices...
View ArticleClik here to view.
Snowflake isn’t an outlier, it’s the canary in the coal mine
By Nick Biasini with contributions from Kendall McKay and Guilherme VenereHeadlines continue to roll in about the many implications and follow-on attacks originating from leaked and/or stolen...
View Article