Talos
DNSpionage brings out the Karkoff
1 min read
In November 2018, Cisco Talos discovered an attack campaign, called DNSpionage, in which threat actors created a new remote administrative tool that supports HTTP and DNS communication with the attackers'...
DNS Hijacking Abuses Trust In Core Internet Service
1 min read
This blog post discusses the technical details of a state-sponsored attack manipulating DNS systems. While this incident is limited to targeting primarily national security organizations in the Middle East and...
Gustuff banking botnet targets Australia
1 min read
Cisco Talos has uncovered a new Android-based campaign targeting Australian financial institutions. As the investigation progressed, Talos came to understand that this campaign was associated with the "ChristinaMorrow" text message...
Social media and black markets
3 min read
Cybercrime happens in hidden corners of the Internet, but also in social networks: Cisco Talos uncovered 74 criminal groups on Facebook. Fortunately, Cisco has a layered defense against cybercriminals.
Cisco, Talos tout importance of IoT security at RSA keynote
1 min read
By 2020, Gartner predicts 20 billion connected devices will be online — and more devices mean more security threats. Connected devices have exploded into the public and corporate landscape, rattling...
ExileRAT shares C2 with LuckyCat, targets Tibet
1 min read
Cisco Talos recently observed a malware campaign delivering malicious Microsoft PowerPoint document using a mailing list run by the Central Tibetan Administration (CTA), an organization officially representing the Tibetan government-in-exile....
AMP tracks new campaign that delivers Ursnif
1 min read
This blog post was authored by John Arneson of Cisco Talos Executive Summary Cisco Talos once again spotted the Ursnif malware in the wild. We tracked this information stealer after...
Vulnerability Deep Dive: TP-Link TL-R600VPN remote code execution vulnerabilities
1 min read
Introduction TP-Link recently patched three vulnerabilities in their TL-R600VPN gigabit broadband VPN router, firmware version 1.3.0. Cisco Talos publicly disclosed these issues after working with TP-Link to ensure...
Microsoft Patch Tuesday — January 2019: Vulnerability disclosures and Snort coverage
1 min read
Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 49 vulnerabilities, seven of which are rated “critical,”...