If you can’t trust a MAC address, what can you trust?
The concept of random and changing MAC addresses is not brand new, but is beginning to have a real impact on how network tools operate. The idea that operating system vendors are providing users with increasing privacy by making it harder for big corporations to track them is a double edged sword. How can networking tools continue to provide critical services such as network access control, guest and BYOD services in an environment where the identifier of the endpoint, the MAC address, is no longer stable.
DoNot’s Firestarter abuses Google Firebase Cloud Messaging to spread
The newly discovered Firestarter malware uses Google Firebase Cloud Messaging to notify its authors of the final payload location. Even if the command and control (C2) is taken down, the DoNot team can still redirect the malware to another C2 using Google infrastructure. The approach in the final payload upload denotes a highly personalized targeting […]
The Wolf Is Back…
Cisco Talos has discovered a new Android malware based on a leak of the DenDroid malware family. We named this malware “WolfRAT” due to strong links between this malware (and the command and control (C2) infrastructure) and Wolf Research, an infamous organization that developed interception and espionage-based malware and was publicly described by CSIS during VirusBulletin […]
Stay Connected in Digital Spaces with OpenRoaming
Enabling customers, guests, and employees to automatically join wireless networks without passwords is good. Identifying their location, in real-time, to provide them with a personalized experience is even better.
Gustuff banking botnet targets Australia
Cisco Talos has uncovered a new Android-based campaign targeting Australian financial institutions. As the investigation progressed, Talos came to understand that this campaign was associated with the "ChristinaMorrow" text message...
ExileRAT shares C2 with LuckyCat, targets Tibet
Cisco Talos recently observed a malware campaign delivering malicious Microsoft PowerPoint document using a mailing list run by the Central Tibetan Administration (CTA), an organization officially representing the Tibetan government-in-exile....
Persian Stalker pillages Iranian users of Instagram and Telegram
State-sponsored actors have a number of different techniques at their disposal to remotely gain access to social media and secure messaging applications. Starting in 2017 and continuing through 2018, Cisco...
Fake AV Investigation Unearths KevDroid, New Android Malware
Talos identified two variants of the Android Remote Administration Tool (RAT) with the capability to steal information on the compromised device (contacts, SMS and phone history) and record phone calls.
The Mobile Workspace For Collaboration
The first thing you may wonder is how can you have a mobile workspace. After all, the point of being mobile is that you can be anywhere and if you’re anywhere, you may not have a physical workspace. This means your accessories must also be mobile. They should fit in your pockets, or at least […]