Cisco Talos defends Cisco customers with trusted global cybersecurity intelligence. Support requests: talosintelligence.com/suppor…

CCleanup: A Vast Number of Machines at Risk dlvr.it/Pnkxlq
11
327
215
CCleaner Command and Control Causes Concern dlvr.it/PpM5RP
8
213
202
Cisco Talos has discovered a new threat we're calling "Sea Turtle," which is targeting public and private entities across the globe. The attackers appear to be using DNS hijacking as their primary method of attack. Check out all the details here cs.co/6014EdN3g
3
159
197
Content-Type: Malicious - New Apache 0-day Under Attack dlvr.it/NZVZH7
3
177
145
We have new tools we're excited to show off: GhIDA, an IDA Pro plugin that integrates the Ghidra decompiler in the IDA workflow, and Ghidraaas, a simple web server that exposes Ghidra analysis through REST APIs cs.co/6019E7z39
7
81
146
PyREBox, a Python Scriptable Reverse Engineering Sandbox dlvr.it/PWL9f4
4
98
139
Exploitable or Not Exploitable? Using REVEN to Examine a NULL Pointer Dereference. dlvr.it/QdZqrx
2
96
134
Last day to register! Get the latest intel on Miners, Malspam, and Meltdowns from Talos Research Engineer Nick Biasini. The event is nearly full, so register now.
2
26
115
Malware debugging just got a lot easier. There's a new JavaScript bridge for #WinDbg. In this post, we'll walk through these new features #malware #debugging #JavaScript cs.co/6012ET56n
1
52
113
Player 3 Has Entered the Game: Say Hello to 'WannaCry' dlvr.it/P7RK9n
5
148
111
Advanced Mobile Malware Campaign in India uses Malicious MDM dlvr.it/QbLsn5
3
103
110
#MagicRAT is the latest #malware from the well-known #LazarusGroup (a suspected North Korean APT). More on this new threat and Lazarus Group's overall goals here cs.co/6010MM7ng
3
56
113
We have released a new plugin for IDA that makes it easier to reverse-engineer malware. Here's our breakdown of how to use Dynamic Data Resolver cs.co/6011E3ClT
79
109
Olympic Destroyer Takes Aim At Winter Olympics dlvr.it/QG27c9
96
100
The adversary behind WastedLocker is taking advantage of various "dual-use" toolsets like Cobalt Strike, Mimikatz, Empire and PowerSploit to move laterally across many victims' networks. Find out the full details of this threat here cs.co/6019GrXUc
1
58
98
BlackMatter, BlackCat, DarkSide...it can be tough to keep up with all these #ransomware threat actors and their various names. But is there any real connection between these groups? We take a closer look in our newest blog post cs.co/6014KlWCg
1
45
97
It's here! Snort 3 is now in beta. Here's everything you need to know about what makes Snort 3 different from 2, and what changes we plan on making in the future. Let us know what you think! cs.co/6015DxsxU
78
94
Files Cannot Be Decrypted? Challenge Accepted. Talos Releases ThanatosDecryptor dlvr.it/QYZrgp
1
69
89
Now on stage @HITBSecConf - @infosec_nick "if you have 445 open, you don't need to worry about 0-day. Go back to your basics and try again"
38
84
Cisco Talos has discovered a new malware we're calling #DNSpionage that's targeting governments in the Middle East and even one airline company. Here's a breakdown of the attacker's methods and the malicious documents they're spreading cs.co/6016EEsun
1
80
85
New Ransomware Variant Compromises Systems Worldwide dlvr.it/PQW6D7
120
78
Despite a recent takedown from the FBI, our research indicates that the actor behind #Qakbot is still active with its spamming operations, and is still delivering the #RansomKnight #malware cs.co/6013uMxMV
41
81
87,518
Cisco Talos recently discovered a new attack framework called "Manjusaka" that could be the next #CobaltStrike and grow in popularity in the coming months. Read all about this new threat here: cs.co/6014zNHBr
36
84
After years of partnership, we've decided to bring Cisco Incident Response and Talos under the same umbrella. Say hello to Talos Incident Response cs.co/60121KsV2
43
81
Vulnerability Walkthrough: 7zip CVE-2016-2334 HFS+ Code Execution Vulnerability dlvr.it/Q3fldN
77
80
We recently discovered a new C2 framework called #Alchimist that's spreading the new #Insekt trojan, targeting Windows, Mac and Linux machines Windows, Linux and Mac machines cs.co/6013MiH0R
5
38
83
Interview with a #LockBit #ransomware operator: Over the course of several weeks, we conducted multiple interviews that gave us a rare, first-hand account of a ransomware operator’s cybercriminal activities. Read the full report here cs.co/6011HdW65
2
72
80
we'll all be wearing pants and trousers next week at the office
1
25
73
We have released a new, free decryptor tool for the PyLocky ransomware that can help victims recover their files #PyLocky #ransomware cs.co/6019EMA7d
3
65
79
FIN7 Group Uses JavaScript and Stealer DLL Variant in New Attacks dlvr.it/Pqrqdf
4
87
81
Check out this in-depth walkthrough of the development of a new tool we're releasing called Barbervisor, which makes fuzzing easier for researchers cs.co/6019G9mXL
43
76
Disassembler and Runtime Analysis dlvr.it/Pv45yd
3
38
76
“Cyber Conflict” Decoy Document Used In Real Cyber Conflict dlvr.it/Px1jJp
3
72
73
The world is watching events unfold in Ukraine. Talos offers this guidance for ongoing cyber attacks in Ukraine and beyond. blog.talosintelligence.com/2…
2
46
66
2021 started off with the fallout of #SolarWinds. Now, somehow, we're dealing with #Log4j. Let's take a look back at the Year in Malware to see how we got here cs.co/6014JISLY
1
24
65
The Talos Quarterly Threat Briefing is coming up next Tuesday - "Miners, Malspam, and Meltdowns" Get the Talos take on a very active quarter in the threat landscape. Spots are limited, register now: cs.co/TalosQTB-Q218
1
22
64
Flash 0 Day In The Wild: Group 123 At The Controls dlvr.it/QDkw8z
65
70
As the Russia-led invasion intensifies, Ukraine is being attacked by bombs and bytes. Cisco is working around the clock on a global, company-wide effort to protect our customers there and ensure that nothing goes dark blog.talosintelligence.com/2…
2
27
63
Recently, a new threat referred to as #SQUIRRELWAFFLE (unfortunately no, we didn't name it) is being spread more widely via spam campaigns, infecting systems with a new malware loader. Find out why you should be on the lookout cs.co/6019JrqK3
1
32
62
VPNFilter Update - VPNFilter exploits endpoints, targets new devices dlvr.it/QWNGrg
5
76
58
We have more information to unveil regarding VPNFilter. There are seven new third-stage modules that we believe everyone needs to know about. Read about our updates here cs.co/6015D2xE5
1
60
62
Join @infosec_nick on Tues Feb 27 for the Talos Quarterly Threat Briefing - "Miners, Malspam, and Meltdowns" - a look at the most insidious threats Talos has seen in the last quarter. Spots are limited, register now: cs.co/TalosQTB-Q218
1
37
62
We are actively tracking the #MuddyWater APT, as the Iranian-linked group targets #Turkey with #malware downloaders and, eventually, #ransomware cs.co/6010KKiQM
48
64
Cisco Talos has been tracking several different sextortion spam campaigns over the past few months. Here are the connections we were able to draw, in addition to other spam campaigns that are hitting people's inboxes cs.co/6016Dhjoy
4
37
61
We are actively following the #Kaseya supply chain attack and associated #REvil ransomware. Here's what we know so far and some defensive strategies to deploy cs.co/6012ypp0I
1
61
61
To no one's surprise, the #Emotet botnet is back, this time using OneNote documents to spread its malware and infect systems. Here's what we know about this latest reboot and how users can stay protected cs.co/60193hPZD
28
63
16,104
Threat Spotlight: Follow the Bad Rabbit dlvr.it/PxPSnY
77
63
From @CNN, learn how a team of experts from Talos and others at @Cisco are helping to protect #Ukraine's power grid with a line of specially crafted devices cnn.com/2023/11/21/politics/…
3
27
50
12,551
Two VPN clients — ProtonVPN and NordVPN — have very similar privilege escalation vulnerabilities that could allow an attacker to execute code with administrator privileges. Here's what to watch out for, and how you can protect against them cs.co/6013DLnhl
3
54
59
We recently discovered a new point-of-sale malware available on some forums called "GlitchPOS." The malware is easy enough to set up and use that it could allow basically any user to establish their own botnet #GlitchPOS #malware cs.co/6014EXWW0
2
54
59
Malware monitor - leveraging PyREBox for malware analysis dlvr.it/QPQYFT
37
60
GravityRAT - The Two-Year Evolution Of An APT Targeting India dlvr.it/QQtDPs
1
53
59
Attack on Critical Infrastructure Leverages Template Injection dlvr.it/PSzpb8
43
55
Another Apache Struts Vulnerability Under Active Exploitation dlvr.it/PlWBYm
1
67
57
The #Turla APT is back with a new backdoor, very similar to its previous "TinyTurla" tool. Read more about what this Russian state-sponsored actor is up to now cs.co/6018Vf8ls
1
29
57
27,430
SO THERE ARE THESE BAD GUYS IN CANADA WHO SEND YOUR GRANDMA MEAN EMAILS ASKING FOR $100 AMAZON GIFT CARDS AND YOU CLICK ON A BAD LINK THAT GIVES YOU BAD THINGS
1
13
52
Today, we are releasing the 1.0 beta version of Dynamic Data Resolver (DDR) — a plugin for IDA that makes reverse-engineering malware easier. Check out the full details here cs.co/6016GE1Pa
31
59
This morning, Talos shared new research on network infrastructure we assess with high confidence is being used by a state-sponsored North Korean nexus of threat actors we track as “UAT-5394" cs.co/6015lQCy7
1
29
57
26,109
Talos Blog: Vulnerability Deep Dive: Exploiting the Apple Graphics Driver and Bypassing KASLR tinyurl.com/gwtz39z
62
51
Using the Immunity Debugger API to Automate Analysis sfi.re/1pRthah
2
46
53
File2pcap - The Talos Swiss Army Knife of Snort Rule Creation dlvr.it/PDWn0z
28
55
Cisco Talos is aware of CVE-2021-44228, an actively exploited vulnerability in #Apache #Log4j. We are releasing coverage to defend against the exploitation of this #vulnerability cs.co/6013Jtb8H
2
32
49
#Ransomware is not just financial extortion. It is crime that transcends business, academic and geographic boundaries. Talos was proud to assist with this #RansomwareTaskForce report that provides a path forward to mitigate this criminal enterprise cs.co/6013HAIlF
1
24
54
A new variant of the #Hawkeye malware is active after a change in ownership. We've seen it be used against organizations to steal sensitive information and account credentials for use in additional attacks. Here's a rundown of all features and protections cs.co/6016Ed5Li
1
34
51
Adversaries are increasingly relying on publishing sites to host lure documents to bypass traditional detection techniques. More on our blog about what Talos Incident Response is seeing in the wild with this tactic cs.co/6013k3xvt
5
24
51
24,370
We recently discovered several vulnerabilities in a smart air fryer that an attacker could use to change cooking settings. Here's more on these issues and a Snort rule to keep your chicken tenders safe cs.co/6010HNMMu
4
23
49
We recently uncovered a new threat actor called "SWEED" that's been active for at least three years. Check out our full breakdown here, along with coverage of the various malware families they distribute #SWEED #malware cs.co/6011EvCsX
1
33
50
Слава Україні!
Today marks one year since Russia invaded Ukraine. Talos stays committed to our unwavering support of our colleagues, partners, and the people of Ukraine: cs.co/60193s4uS
1
9
49
10,064
Our vulnerability analysts have developed a custom fuzzer using the popular snapshot fuzzer “WTF” which targets Direct Composition in #Windows. Learn more about this tool and how it could help other researchers here cs.co/6018ukBEA
20
54
19,372
Forgot About Default Accounts? No Worries, GoScanSSH Didn’t dlvr.it/QMQwkk
39
54
We recently identified a series of documents that we believe are part of a coordinated series of cyber attacks that we are calling the "Frankenstein" campaign. Why should you be worried about this? And what can you do to keep your network safe? cs.co/6019EWcjR
2
47
51
Last night, we released the latest Snort rule update, which includes coverage for the highly publicized Microsoft vulnerability CVE-2019-0708. The vulnerability is wormable, meaning future malware that exploits this bug could spread from system to system cs.co/6019EYUzh
34
48
A new C2 platform called #DarkUtilities recently popped up, and attackers wasted no time in leveraging it for their #malware campaigns. Here's what we know about this "C2aaS" cs.co/6012z4Pns
25
47
[UPDATE]As part of our work analyzing malicious activity in Ukraine, we are tracking many actors, both state-sponsored and typical cybercriminals. One recent sample indicates a possible increase in threats targeting countries that are *NOT* Ukraine. blog.talosintelligence.com/2…
29
49
Cisco Talos’ latest blog exposes Static Tundra, a Russian state-sponsored group targeting unpatched Cisco devices for long-term espionage worldwide. Apply the patch now and protect your network: cs.co/6018fvA0O
27
44
6,918
Regarding today’s outbreak, we are working directly with @CyberpoliceUA on the issue. More information is forthcoming.
1
49
42
Emotet is back again with a new campaign displaying many characteristics of older runs, including the use of Auto_Open macros inside XLS documents. Read Talos’ latest coverage of Emotet here: cs.co/6010Ma1i4
19
47
We recently saw threat actors exploiting a #Windows policy loophole that allows the signing and loading of cross-signed kernel-mode drivers with older signature timestamps. #Microsoft just released an advisory on this activity, but more on our blog here: cs.co/6011PzaVd
2
22
45
36,970
We recently discovered a new threat actor called #YoroTrooper that's primarily motivated by espionage-related activities. Find out what this group may be after and why. cs.co/60113NqOR
1
25
44
13,829
Shoutout to the many members of our team who worked on our DNS hijacking research that won the Peter Ször Award for outstanding research at the @virusbtn conference. Thanks to @martijn_grooten, as well!
10
42
Cisco has identified a critical vulnerability in the #IOSXE software. We urge customers to follow the guidance here cs.co/6017uXOmZ
1
31
40
22,382
A Chinese-speaking threat actor has already targeted more than a dozen government agencies across the globe. More on #SneakyChef here cs.co/6018grxky
11
15
42
11,232
We have some exciting news to share! Cisco Talos, in partnership with the state of Maryland, is launching CyberVets USA, an industry partnership of cyber-focused companies offering free training and certifications to the military and veteran community cs.co/6015Dhtex
1
19
41
Organizations around the U.S. were hit with phony bomb threats yesterday. Talos was able to connect these attacks to the same actors behind a sextortion campaign we recently reported on. Read about our new findings here. cs.co/6010EydUi
39
38