May 28, 2020

THREAT RESEARCH

Dynamic Data Resolver (DDR) — IDA Plugin 1.0 beta

1 min read

Executive summary Static reverse-engineering in IDA can often be problematic. Certain values are calculated at run time, which makes it difficult to understand what a certain basic block is doing. If you try to perform dynamic analysis by debugging a piece of malware, the malware will often detect it and start behaving differently. Today, Cisco […]

May 21, 2020

THREAT RESEARCH

Vulnerability Spotlight: Memory Corruption Vulnerability in GNU Glibc Leaves Smart Vehicles Open to Attack

1 min read

By Sam Dytrych and Jason Royes. Executive summary Modern automobiles are complex machines, merging both mechanical and computer systems under one roof. As automobiles become more advanced, additional sensors and devices are added to help the vehicle understand its internal and external environments. These sensors provide drivers with real-time information, connect the vehicle to the […]

May 19, 2020

THREAT RESEARCH

The Wolf Is Back…

1 min read

Cisco Talos has discovered a new Android malware based on a leak of the DenDroid malware family. We named this malware “WolfRAT” due to strong links between this malware (and the command and control (C2) infrastructure) and Wolf Research, an infamous organization that developed interception and espionage-based malware and was publicly described by CSIS during VirusBulletin […]

May 15, 2020

THREAT RESEARCH

Threat Roundup for May 8 to May 15

1 min read

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between May 8 and May 15. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are […]

May 11, 2020

THREAT RESEARCH

Threat Spotlight: Astaroth – Maze of Obfuscation and Evasion Reveals Dark Stealer

2 min read

By Nick Biasini, Edmund Brumaghin and Nick Lister. Executive summary The threat landscape is littered with various malware families being delivered in a constant wave to enterprises and individuals alike. The majority of these threats have one thing in common: money. Many of these threats generate revenue for financially motivated adversaries by granting access to […]

May 8, 2020

THREAT RESEARCH

Threat Roundup for May 1 to May 8

1 min read

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between Apr 24 and May 1. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are […]

May 1, 2020

THREAT RESEARCH

Threat Roundup for April 24 to May 1

1 min read

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between Apr 24 and May 1. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are […]

April 29, 2020

THREAT RESEARCH

Security Stories 4: Building the best cybersecurity team, with Mark Weatherford

2 min read

Experienced CISO Mark Weatherford, former deputy under-secretary for cybersecurity at the U.S Department of Homeland Security, takes to the interview chair for Episode 4 of the Security Stories podcast.

April 29, 2020

THREAT RESEARCH

Upgraded Aggah malspam campaign delivers multiple RATs

1 min read

By Asheer Malhotra Cisco Talos has observed an upgraded version of a malspam campaign known to distribute multiple remote access trojans (RATs). The infection chain utilized in the attacks is highly modularized. The attackers utilize publicly available infrastructure such as Bitly and Pastebin (spread over a number of accounts) to direct and host their attack […]