Cisco Talos
Nibiru ransomware variant decryptor
1 min read
Nikhil Hegde developed this tool. Weak encryption The Nibiru ransomware is a .NET-based malware family. It traverses directories in the local disks, encrypts files with Rijndael-256 and gives them a .Nibiru extension. Rijndael-256 is a secure encryption algorithm. However, Nibiru uses a hard-coded string “Nibiru” to compute the 32-byte key and 16-byte IV values. The […]
Threat Roundup for November 6 to November 13
1 min read
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between November 6 and November 13. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically […]
Threat Roundup for October 30 to November 6
1 min read
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between October 30 and November 6. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are […]
The future of security operations
1 min read
Podcast discussion on where data security is going next, including how organizations can manage the risk of sensitive data, and how security operations centres will evolve to become even more privacy-centric.
Threat Roundup for October 23 to October 30
1 min read
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between October 23 and October 30. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are […]
Cisco Talos Advisory on Adversaries Targeting the Healthcare and Public Health Sector
1 min read
Background Cisco Talos has become aware that an adversary is leveraging Trickbot banking trojan and Ryuk ransomware to target U.S. hospitals and healthcare providers at an increasing rate. Security journalists reported on October 28, 2020 that the adversary was preparing to encrypt systems at “potentially hundreds” of medical centers and hospitals, based on a tip from a […]
DoNot’s Firestarter abuses Google Firebase Cloud Messaging to spread
1 min read
The newly discovered Firestarter malware uses Google Firebase Cloud Messaging to notify its authors of the final payload location. Even if the command and control (C2) is taken down, the DoNot team can still redirect the malware to another C2 using Google infrastructure. The approach in the final payload upload denotes a highly personalized targeting […]
Threat Roundup for October 16 to October 23
1 min read
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between October 16 and October 23. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are […]
3 Ways to Stay Safe During National Cybersecurity Awareness Month (and Beyond)
3 min read
Organizations must remain constantly alert to detect and defend against the latest cybersecurity threats. Taking basic protection steps can go a long way in reducing vulnerabilities.