September 29, 2020

THREAT RESEARCH

LodaRAT Update: Alive and Well

1 min read

Talos recently identified new versions of Loda RAT, a remote access trojan written in AutoIt. Not only have these versions abandoned their usual obfuscation techniques, several functions have been rewritten and new functionality has been added. In one version, a hex-encoded PowerShell keylogger script has been added, along with a new VB script, only to […]

September 28, 2020

THREAT RESEARCH

Microsoft Netlogon exploitation continues to rise

1 min read

Cisco Talos is tracking a spike in exploitation attempts against the Microsoft vulnerability CVE-2020-1472, an elevation of privilege bug in Netlogon, outlined in the August Microsoft Patch Tuesday report. The vulnerability stems from a flaw in a cryptographic authentication scheme used by the Netlogon Remote Protocol which — among other things — can be used […]

September 25, 2020

THREAT RESEARCH

Threat Roundup for September 18 to September 25

1 min read

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between September 18 and September 25. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are […]

September 18, 2020

THREAT RESEARCH

Threat Roundup for September 11 to September 18

1 min read

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between September 11 and September 18. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are […]

September 11, 2020

THREAT RESEARCH

Threat Roundup for September 4 to September 11

1 min read

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between September 4 and September 11. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are […]

September 4, 2020

THREAT RESEARCH

Threat Roundup for August 28 to September 4

1 min read

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between August 28 and September 4. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are […]

September 3, 2020

THREAT RESEARCH

Salfram: Robbing the place without removing your name tag

1 min read

Over the past several months, Cisco Talos has seen attackers carrying out ongoing email-based malware distribution campaigns to distribute various malware payloads. These email campaigns feature several notable characteristics that appear designed to evade detection and maximize the effectiveness of these campaigns. The use of web-based contact forms, legitimate hosting platforms, and a specific crypter […]

August 27, 2020

THREAT RESEARCH

Threat Roundup for August 21 to August 27

1 min read

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between August 21 and August 27. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are […]

August 21, 2020

THREAT RESEARCH

Threat Roundup for August 14 to August 21

1 min read

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between August 14 and August 21. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are […]