Disk Image Deception
Cisco's Computer Security Incident Response Team (CSIRT) detected a large and ongoing malspam campaign leveraging the .IMG file extension to bypass automated malware analysis tools and infect machines with a variety of Remote Access Trojans. During our investigation, we observed multiple tactics, techniques, and procedures (TTPs) that defenders can monitor for in their environments. Our incident response and security monitoring team's analysis on a suspicious phishing attack uncovered some helpful improvements in our detection capabilities and timing.
A Look Back at the Major Cyber Threats of 2019
Use the latest Cisco cybersecurity report to understand the current cyber threat landscape, and test how your organization would perform against these attacks.
Office 365 phishing
Let’s be honest: administering email is a pain. Routing issues, disk quotas, bouncebacks, the times when users can send but not receive emails, receive but not send, or they flat...
Recent MuddyWater-associated BlackWater campaign shows signs of new anti-detection techniques
This blog was authored by Danny Adamitis, David Maynor, and Kendall McKay Executive summary Cisco Talos assesses with moderate confidence that a campaign we recently...
“Spark Joy” With New 12.0 Email Security Features & Videos
When you see “software update available,” does it spark joy? For many of us, the answer is a resounding “no.” But, don’t be fooled into thinking that our new 12.0...
Email – From Novelty to Nefarious
How a revolutionary technology was usurped for evil, and what we can do about it Since its inception, email has gone from a novelty, to a necessity, to at...
Hiding in Plain Sight
Talos has compiled a list of 74 groups on Facebook promising to carry out an array of cyber dirty deeds, and we are tracking their potential impact on Cisco customers.