Cisco Talos Blog

Featured

UAT-5647 targets Ukrainian and Polish entities with RomCom malware variants

By Dmytro Korzhevin, Asheer Malhotra, Vanja Svajcer and Vitor Ventura.  * Cisco Talos has observed a new wave of attacks active since at least late 2023, from a Russian speaking group we track as “UAT-5647”, against Ukrainian government entities and unknown Polish entities.

October 16, 2024 08:51

Protecting major events: An incident response blueprint

Go behind the scenes with Talos incident responders and learn from what we've seen in the field.

September 26, 2024 09:00

Simple Mail Transfer Pirates: How threat actors are abusing third-party infrastructure to send spam

Many spammers have elected to attack web pages and mail servers of legitimate organizations, so they may use these “pirated” resources to send unsolicited email.

September 10, 2024 00:00

DragonRank, a Chinese-speaking SEO manipulator service provider

Cisco Talos is disclosing a new threat called “DragonRank” that primarily targets countries in Asia and a few in Europe, operating PlugX and BadIIS for search engine optimization (SEO) rank manipulation.

Recent
October 17, 2024 14:00

What I’ve learned in my first 7-ish years in cybersecurity

Plus, a zero-day vulnerability in Qualcomm chips, exposed health care devices, and the latest on the Salt Typhoon threat actor.

October 10, 2024 14:00

What NIST’s latest password standards mean, and why the old ones weren’t working

Rather than setting a regular cadence for changing passwords, users only need to change their passwords if there is evidence of a breach.

October 10, 2024 06:00

Ghidra data type archive for Windows driver functions

Cisco Talos is releasing a GDT file on GitHub that contains various definitions for functions and data types.

October 9, 2024 12:00

Vulnerability in popular PDF reader could lead to arbitrary code execution; Multiple issues in GNOME project

Talos also discovered three vulnerabilities in Veertu’s Anka Build, a suite of software designed to test macOS or iOS applications in CI/CD environments.

October 8, 2024 15:04

Largest Patch Tuesday since July includes two exploited in the wild, three critical vulnerabilities

The two vulnerabilities that Microsoft reports have been actively exploited in the wild and are publicly known are both rated as only being of “moderate” severity.

October 3, 2024 14:00

CISA is warning us (again) about the threat to critical infrastructure networks

Despite what lessons we thought we learned from Colonial Pipeline, none of those lessons have been able to be put into practice.