Threat Research

1 min read

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between Apr 17 and Apr 24. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are […]

1 min read

By Edmund Brumaghin, with contributions from Amit Raut. Overview MedusaLocker is a ransomware family that has been observed being deployed since its discovery in 2019. Since its introduction to the threat landscape, there have been several variants observed. However, most of the functionality remains consistent. The most notable differences are changes to the file extension […]

1 min read

Video conferencing and calling software has spiked in popularity as individuals across the globe are forced to stay home due to the COVID-19 pandemic. There are a plethora of players in this space, with one or two getting increased attention. One service in particular — Zoom — has received an enormous amount of attention from […]

1 min read

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between Apr 10 and Apr 17. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are […]

1 min read

Cisco Talos has discovered a new malware campaign based on a previously unknown family we’re calling “PoetRAT.” At this time, we do not believe this attack is associated with an already known threat actor. Our research shows the malware was distributed using URLs that mimic some Azerbaijan government domains, thus we believe the adversaries in […]

1 min read

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between Apr 3 and Apr 10. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are […]

1 min read

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between Mar 27 and Apr 3. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are […]

1 min read

Attackers are constantly reinventing ways of monetizing their tools. Cisco Talos recently discovered a complex campaign with several different executable payloads, all focused on providing financial benefits for the attacker in a slightly different way.

1 min read

In recent years, the modular banking trojan known as Trickbot has evolved to become one of the most advanced trojans in the threat landscape. It has gone through a diverse set of changes since it was first discovered in 2016, including adding features that focus on Windows 10 and modules that target point of sale […]