Olympic Destroyer Takes Aim At Winter Olympics
The Winter Olympics this year is being held in Pyeongchang, South Korea. The Guardian, a UK Newspaper reported an article that suggested the Olympic computer systems suffered technical issues during...
Malware
Cryptojacking: Hijacking your computer resources
Your internet connection is slower than usual, your PC is also very slow, and you notice that your CPU fan is running faster when you are on a given website. All the above symptoms indicate that you could be a victim of cryptojacking. This is a new
ROKRAT Reloaded
This post was authored by Warren Mercer, Paul Rascagneres and with contributions from Jungsoo An. Earlier this year, Talos published 2 articles concerning South Korean threats. The first one was about the use of a malicious HWP document which dropped
“Cyber Conflict” Decoy Document Used In Real Cyber Conflict
This post was authored by Warren Mercer, Paul Rascagneres and Vitor Ventura INTRODUCTION Cisco Talos discovered a new malicious campaign from the well known actor Group 74 (aka Tsar Team, Sofacy, APT28, Fancy Bear…). Ironically the decoy document is a
A Guide for Encrypted Traffic Analytics
Learn about Encrypted Traffic Analytics, Cisco’s latest innovation that allows organizations to leverage the network to find threats in encrypted traffic.
Securing the Digital Institute – Deakin University: A Case Study in Cyber Security Excellence
Ransomware and malware attacks have been capturing recent global headlines and like all industries, the education sector is vulnerable to this growing threat landscape. Although the full reputational and financial impact of these attacks are not
CCleaner Command and Control Causes Concern
This post was authored by Edmund Brumaghin, Earl Carter, Warren Mercer, Matthew Molyett, Matthew Olney, Paul Rascagneres and Craig Williams. Note: This blog post discusses active research by Talos into a new threat. This information should be
Threat Round-up for Aug 11 – Aug 18
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between August 11 and August 18. As with previous round-ups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the
When combining exploits for added effect goes wrong
Since public disclosure in April 2017, CVE-2017-0199 has been frequently used within malicious Office documents. The vulnerability allows attackers to include Ole2Link objects within RTF documents to launch remote code when HTA applications are opened