Threat Research
- Our Favorite Topics:
Dynamic Data Resolver (DDR) — IDA Plugin 1.0 beta
1 min read
Executive summary Static reverse-engineering in IDA can often be problematic. Certain values are calculated at run time, which makes it difficult to understand what a certain basic block is doing. If you try to perform dynamic analysis by debugging a piece of malware, the malware will often detect it and start behaving differently. Today, Cisco […]
Vulnerability Spotlight: Memory Corruption Vulnerability in GNU Glibc Leaves Smart Vehicles Open to Attack
1 min read
By Sam Dytrych and Jason Royes. Executive summary Modern automobiles are complex machines, merging both mechanical and computer systems under one roof. As automobiles become more advanced, additional sensors and devices are added to help the vehicle understand its internal and external environments. These sensors provide drivers with real-time information, connect the vehicle to the […]
The Wolf Is Back…
1 min read
Cisco Talos has discovered a new Android malware based on a leak of the DenDroid malware family. We named this malware “WolfRAT” due to strong links between this malware (and the command and control (C2) infrastructure) and Wolf Research, an infamous organization that developed interception and espionage-based malware and was publicly described by CSIS during VirusBulletin […]
Threat Roundup for May 8 to May 15
1 min read
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between May 8 and May 15. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are […]
Threat Spotlight: Astaroth – Maze of Obfuscation and Evasion Reveals Dark Stealer
2 min read
By Nick Biasini, Edmund Brumaghin and Nick Lister. Executive summary The threat landscape is littered with various malware families being delivered in a constant wave to enterprises and individuals alike. The majority of these threats have one thing in common: money. Many of these threats generate revenue for financially motivated adversaries by granting access to […]
Threat Roundup for May 1 to May 8
1 min read
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between Apr 24 and May 1. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are […]
Threat Roundup for April 24 to May 1
1 min read
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between Apr 24 and May 1. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are […]
Security Stories 4: Building the best cybersecurity team, with Mark Weatherford
2 min read
Experienced CISO Mark Weatherford, former deputy under-secretary for cybersecurity at the U.S Department of Homeland Security, takes to the interview chair for Episode 4 of the Security Stories podcast.
Upgraded Aggah malspam campaign delivers multiple RATs
1 min read
By Asheer Malhotra Cisco Talos has observed an upgraded version of a malspam campaign known to distribute multiple remote access trojans (RATs). The infection chain utilized in the attacks is highly modularized. The attackers utilize publicly available infrastructure such as Bitly and Pastebin (spread over a number of accounts) to direct and host their attack […]