malware
Email – From Novelty to Nefarious
6 min read
How a revolutionary technology was usurped for evil, and what we can do about it Since its inception, email has gone from a novelty, to a necessity, to at...
Ransomware or Wiper? LockerGoga Straddles the Line
1 min read
LockerGoga is a ransomware variant that, while lacking sophistication, can still cause extensive damage to organizations or individuals. Talos has also seen wiper malware impersonate ransomware, such as NotPetya.
GlitchPOS: New PoS malware for sale
1 min read
Warren Mercer and Paul Rascagneres authored this post with contributions from Ben Baker. Executive summary Point-of-sale malware is popular among attackers, as it usually leads to them obtaining credit card...
Combing Through Brushaloader Amid Massive Detection Uptick
1 min read
Brushaloader is an evolving threat that is being actively developed and refined over time as attackers identify areas of improvement and add additional functionality. Ensure PowerShell logging is enabled and configured on endpoints.
ExileRAT shares C2 with LuckyCat, targets Tibet
1 min read
Cisco Talos recently observed a malware campaign delivering malicious Microsoft PowerPoint document using a mailing list run by the Central Tibetan Administration (CTA), an organization officially representing the Tibetan government-in-exile....
What we learned by unpacking a recent wave of Imminent RAT infections using AMP
1 min read
Cisco Talos has been tracking a series of Imminent RAT infections for the past two months following reported data from Cisco Advanced Malware Protection's (AMP) Exploit Prevention engine. AMP successfully...
Threat Hunting for the Holidays
4 min read
Cisco Threat Response demystifies and proactively speeds threat hunting for the stealthiest one percent of threats that can compromise your endpoints, exfiltrate your data, and disrupt your services becomes imperative.
Persian Stalker pillages Iranian users of Instagram and Telegram
1 min read
State-sponsored actors have a number of different techniques at their disposal to remotely gain access to social media and secure messaging applications. Starting in 2017 and continuing through 2018, Cisco...
Threat Roundup for Sept 14 – 21
1 min read
Today, as we do every week, Talos is giving you a glimpse into the most prevalent threats we’ve observed this week — covering the dates between Sept. 14 and 21....