Threat Research
Overcoming the DNS “Blind Spot”
2 min read
[ed. note – this post was authored jointly by John Stuppi and Dan Hubbard] The Domain Name Service (DNS) provides the IP addresses of intended domain names in response to queries from requesting end hosts. Because many threat actors today are leveraging DNS to compromise end hosts monitoring DNS is often a critical step in […]
Rigging compromise – RIG Exploit Kit
1 min read
This Post was Authored by Nick Biasini, with contributions by Joel Esler Exploit Kits are one of the biggest threats that affects users, both inside and outside the enterprise, as it indiscriminately compromises simply by visiting a web site, delivering a malicious payload. One of the challenges with exploit kits is at any given time […]
Cognitive Research: Fake Blogs Generating Real Money
5 min read
Summary In the past several months Cisco Cognitive Threat Analytics (CTA) researchers have observed a number of blog sites using either fake content or content stolen from other sites to...
SYNful Knock: Protect Your Credentials, Protect Your Network
1 min read
Interest in IT security has never been higher. So when a new type of attack comes along, it attracts the attention of our customers and others in the industry. Earlier this week Cisco and Mandiant/Fireye released information about the so-called SYNful Knock malware found on Cisco networking devices. You can read my earlier blog on […]
My Resume Protects All Your Files
4 min read
This post was authored by Nick Biasini Talos has found a new SPAM campaign that is using multiple layers of obfuscation to attempt to evade detection. Spammers are always evolving to get their messages to the end users by bypassing SPAM filters while still appearing convincing enough to get a user to complete the actions required […]
Angler EK: More Obfuscation, Fake Extensions, and Other Nonsense
6 min read
This post was authored by Nick Biasini Late last week Talos researchers noticed a drastic uptick in Angler Exploit Kit activity. We have covered Angler previously, such as the discussion of domain shadowing. This exploit kit evolves on an almost constant basis. However, the recent activity caught our attention due to a change to the URL […]
Little Links, Big Headaches
4 min read
This post was authored by Earl Carter & Jaeson Schultz. Talos is always fascinated by the endless creativity of those who send spam. Miscreants who automate sending spam using botnets are of particular interest. Talos has been tracking a spam botnet that over the past several months that has been spamming weight loss products, male erectile […]
Threat Spotlight: Rombertik – Gazing Past the Smoke, Mirrors, and Trapdoors
9 min read
This post was authored by Ben Baker and Alex Chiu. Executive Summary Threat actors and security researchers are constantly looking for ways to better detect and evade each other. As researchers have become more adept and efficient at malware analysis, malware authors have made an effort to build more evasive samples. Better static, dynamic, and automated analysis tools […]
Threat Spotlight: TeslaCrypt – Decrypt It Yourself
7 min read
This post was authored by: Andrea Allievi, Earl Carter & Emmanuel Tacheau Update 4/28: Windows files recompiled with backward compatibility in Visual Studio 2008 Update 5/8: We’ve made the source code available via Github here Update 6/9/2016: We’ve released a tool to decrypt any TeslaCrypt Version After the takedown of Cryptolocker, we have seen the rise […]