DNSpionage brings out the Karkoff
In November 2018, Cisco Talos discovered an attack campaign, called DNSpionage, in which threat actors created a new remote administrative tool that supports HTTP and DNS communication with the attackers'...
Threat Research
Threat Roundup for April 12 to April 19
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Apr. 12 and Apr. 19. As with previous roundups, this post isn't meant to be an...
DNS Hijacking Abuses Trust In Core Internet Service
This blog post discusses the technical details of a state-sponsored attack manipulating DNS systems. While this incident is limited to targeting primarily national security organizations in the Middle East and...
New HawkEye Reborn Variant Emerges Following Ownership Change
HawkEye is another example of malware being marketed across various hacking forums. Talos observed ongoing malware distribution campaigns attempting to leverage the latest version of the HawkEye keylogger/stealer, HawkEye Reborn v9, against
Vulnerability Spotlight: Multiple vulnerabilities in Shimo VPN’s helper tool
Cisco Talos is disclosing a series of vulnerabilities found in the Shimo VPN Helper Tool. Shimo VPN is a popular VPN client for MacOS that can be used to connect...
Threat Roundup for April 5 to April 12
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Apr. 5 and Apr. 12. As with previous roundups, this post isn't meant to be an...
Sextortion Profits Decline Despite Higher Volume, New Techniques
Sextortionists are doing everything to evade spam filters and convince potential victims that perceived threats are real. Here are some recent changes we’ve seen in the sextortion email landscape.
Gustuff banking botnet targets Australia
Cisco Talos has uncovered a new Android-based campaign targeting Australian financial institutions. As the investigation progressed, Talos came to understand that this campaign was associated with the "ChristinaMorrow" text message...
Threat Roundup for March 29 to April 5
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Mar. 29 and Apr. 5. As with previous roundups, this post isn't meant to be an...