Threat Research
- Our Favorite Topics:
DNSpionage brings out the Karkoff
1 min read
In November 2018, Cisco Talos discovered an attack campaign, called DNSpionage, in which threat actors created a new remote administrative tool that supports HTTP and DNS communication with the attackers'...
Threat Roundup for April 12 to April 19
1 min read
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Apr. 12 and Apr. 19. As with previous roundups, this post isn't meant to be an...
DNS Hijacking Abuses Trust In Core Internet Service
1 min read
This blog post discusses the technical details of a state-sponsored attack manipulating DNS systems. While this incident is limited to targeting primarily national security organizations in the Middle East and...
New HawkEye Reborn Variant Emerges Following Ownership Change
1 min read
HawkEye is another example of malware being marketed across various hacking forums. Talos observed ongoing malware distribution campaigns attempting to leverage the latest version of the HawkEye keylogger/stealer, HawkEye Reborn v9, against organizations to steal sensitive information and account credentials for use in additional attacks and account compromise.
Vulnerability Spotlight: Multiple vulnerabilities in Shimo VPN’s helper tool
1 min read
Cisco Talos is disclosing a series of vulnerabilities found in the Shimo VPN Helper Tool. Shimo VPN is a popular VPN client for MacOS that can be used to connect...
Threat Roundup for April 5 to April 12
1 min read
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Apr. 5 and Apr. 12. As with previous roundups, this post isn't meant to be an...
Sextortion Profits Decline Despite Higher Volume, New Techniques
1 min read
Sextortionists are doing everything to evade spam filters and convince potential victims that perceived threats are real. Here are some recent changes we’ve seen in the sextortion email landscape.
Gustuff banking botnet targets Australia
1 min read
Cisco Talos has uncovered a new Android-based campaign targeting Australian financial institutions. As the investigation progressed, Talos came to understand that this campaign was associated with the "ChristinaMorrow" text message...
Threat Roundup for March 29 to April 5
1 min read
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Mar. 29 and Apr. 5. As with previous roundups, this post isn't meant to be an...