phishing

How to Build a Retail Culture of Security

Hello! My name is Teresa Devine, and I am a business transformation advisor here at Cisco. I help large enterprises in retail and hospitality define and execute digital transformation strategies. A key area of interest of mine is security: As a former Fortune 500 CIO and acting CISO, I understand the demands and complexities that […]

May 10, 2016

FINANCIAL SERVICES

Hackers Are Challenging Banks Every Day

$81 million is what was stolen, undetected, out of a Bangladesh Bank account at the Federal Reserve Bank of New York. Unbelievable how the malware modified the SWIFT software and bypassed validity checks. This Bangladesh Bank breach highlights the wide range and new, creative ways hackers are innovating. And the challenges in protecting the financial […]

July 31, 2015

THREAT RESEARCH

Your Files Are Encrypted with a “Windows 10 Upgrade”

This post was authored by Nick Biasini with contributions from Craig Williams & Alex Chiu Update 8/1: To see a video of this threat in action click here Adversaries are always trying to take advantage of current events to lure users into executing their malicious payload. These campaigns are usually focussed around social events and are […]

June 24, 2015

THREAT RESEARCH

Hook, Line & Sinker: Catching Unsuspecting Users Off Guard

This post was authored by Earl Carter. Attackers are constantly looking for ways to monetize their malicious activity. In many instances this involves targeting user data and accounts. Talos continues to see phishing attacks targeting customers of multiple high profile financial institutions.  In the past couple of months, we have observed phishing attacks against various […]

March 12, 2015

THREAT RESEARCH

Talos Discovery Spotlight: Hundreds of Thousands of Google Apps Domains’ Private WHOIS Information Disclosed

This post was authored by Nick Biasini, Alex Chiu, Jaeson Schultz, and Craig Williams. Special thanks to William McVey for his contributions to this post. Table of Contents Overview WHOIS Privacy Protection Why Does This Exist The Issue Implications for the Good/Bad Guys Current State and Mitigations Disclosure Timeline Conclusion Footnotes Overview In mid-2013, a problem […]

March 3, 2015

SECURITY

The Seven Deadly Sins of User Access Controls: Part I

2014 was a terrible year for corporate data breaches. If there is to be any silver lining, information security professionals must draw lessons from the carnage. A good place to start is to identify common denominators. Several of the most damaging incidents started with phishing emails into office (or contractor) networks. Social engineering has gotten […]

January 29, 2015

SECURITY

Cisco Email Security Stays Ahead of Current Threats by Adding Stronger Snowshoe Spam Defense, AMP Enhancements, and More …

If you read the recently released Cisco Annual Security Report, you will have learned how spammers have adopted a “Snowshoe” strategy, using a large number of IP addresses with a low message volume per IP address, to send spam, preventing some spam systems from sinking the spam. This yielded a 250 percent increase in spam […]

October 2, 2014

SECURITY

Visualizing a String of Paerls

Researchers from the Cisco Talos Security Intelligence and Research Team recently discovered an elaborate attack dubbed the String of Paerls. The attack, a combined spearphishing and exploit attempt, was able to bypass most antivirus engines and used a targeted phishing email that included a malicious Word document attachment. Upon opening the Word attachment, a macro downloaded […]

July 14, 2014

SECURITY

Big Data: Observing a Phishing Attack Over Years

Overview Phishing attacks use social engineering in an attempt to lure victims to fake websites. The websites could allow the attacker to retrieve sensitive or private information such as usernames, passwords, and credit card details. Attacks of this kind have been around since 1995, evolving in sophistication in order to increase their success rate. Up until now, […]