Articles
Threat Roundup for January 8 to January 15
1 min read
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between January 8 and January 15. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are […]
A Deep Dive into Lokibot Infection Chain
1 min read
News summary Lokibot is one of the most well-known information stealers on the malware landscape. In this post, we’ll provide a technical breakdown of one of the latest Lokibot campaigns. Talos also has a new script to unpack the dropper’s third stage. The actors behind Lokibot usually have the ability to steal multiple types of […]
Talos Vulnerability Discovery Year in Review — 2020
1 min read
Cisco Talos' Systems Vulnerability Research Team discovered 231 vulnerabilities this year across a wide range of products. And thanks to our vendor partners, these vulnerabilities were patched and published before any attackers could exploit them. Mitigating possible zero-day breeches in your defenses is the easiest and fastest way to prevent wide-ranging and business-critical cyber attacks.
Threat Roundup for December 11 to December 18
1 min read
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between December 11 and December 18. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are […]
Talos Tools of the Trade
1 min read
If you’re looking for something to keep you busy while we’re all stuck inside during the holidays, Cisco Talos has a few tools for you you can play with in the coming days and weeks. We recently updated GhIDA to work with the latest version of IDA and we are releasing new features for the […]
Threat Advisory: SolarWinds supply chain attack
1 min read
Cisco Talos is monitoring yesterday’s announcements by FireEye and Microsoft that a likely state-sponsored actor compromised potentially thousands of high-value government and private organizations around the world via the SolarWinds Orion product. FireEye reported on Dec. 8 that it had been compromised in a sophisticated attack in which state-sponsored actors stole sensitive red team tools. […]
Threat Roundup for December 4 to December 11
1 min read
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between December 4 and December 11. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are […]
FireEye Breach Detection Guidance
1 min read
Cyber security firm FireEye recently disclosed an incident that was reported to have resulted in the inadvertent disclosure of various internally developed offensive security tools (OSTs) that were used across FireEye red-team engagements. Some of these tools appear to be based on well-known offensive frameworks like Cobalt Strike. This is even evident in the naming […]
Threat Roundup for November 27 to December 4
1 min read
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between November 27 and December 4. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically […]
Xanthe – Docker aware miner
1 min read
By Vanja Svajcer and Adam Pridgen, Cisco Incident Command Attackers are constantly reinventing ways of monetizing their tools. Cisco Talos recently discovered an interesting campaign affecting Linux systems employing a multi-modular botnet with several ways to spread and a payload focused on providing financial benefits for the attacker by mining Monero online currency. The actor […]
Threat Roundup for November 13 to November 20
1 min read
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between November 13 and November 20. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically […]
Back from vacation: Analyzing Emotet’s activity in 2020
1 min read
By Nick Biasini, Edmund Brumaghin, and Jaeson Schultz. Emotet is one of the most heavily distributed malware families today. Cisco Talos observes large quantities of Emotet emails being sent to individuals and organizations around the world on an almost daily basis. These emails are typically sent automatically by previously infected systems attempting to infect […]
Nibiru ransomware variant decryptor
1 min read
Nikhil Hegde developed this tool. Weak encryption The Nibiru ransomware is a .NET-based malware family. It traverses directories in the local disks, encrypts files with Rijndael-256 and gives them a .Nibiru extension. Rijndael-256 is a secure encryption algorithm. However, Nibiru uses a hard-coded string “Nibiru” to compute the 32-byte key and 16-byte IV values. The […]
Threat Roundup for November 6 to November 13
1 min read
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between November 6 and November 13. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically […]
CRAT wants to plunder your endpoints
1 min read
By Asheer Malhotra. Cisco Talos has observed a new version of a remote access trojan (RAT) family known as CRAT. Apart from the prebuilt RAT capabilities, the malware can download and deploy additional malicious plugins on the infected endpoint. One of the plugins is a ransomware known as “Hansom.” CRAT has been attributed to the Lazarus […]
Threat Roundup for October 30 to November 6
1 min read
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between October 30 and November 6. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are […]
Threat Roundup for October 23 to October 30
1 min read
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between October 23 and October 30. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are […]
Cisco Talos Advisory on Adversaries Targeting the Healthcare and Public Health Sector
1 min read
Background Cisco Talos has become aware that an adversary is leveraging Trickbot banking trojan and Ryuk ransomware to target U.S. hospitals and healthcare providers at an increasing rate. Security journalists reported on October 28, 2020 that the adversary was preparing to encrypt systems at “potentially hundreds” of medical centers and hospitals, based on a tip from a […]