Cisco Talos Intelligence Blog

Featured

Mercenary mayhem: A technical analysis of Intellexa's PREDATOR spyware

Commercial spyware use is on the rise, with actors leveraging these sophisticated tools to conduct surveillance operations against a growing number of targets. Cisco Talos has new details of a commercial spyware product sold by the spyware firm Intellexa (formerly known as Cytrox).

May 26, 2023 08:05

What is a web shell?

What are web shells? And why are attackers increasingly using them in their campaigns? We break it down in this blog.

May 15, 2023 08:05

Newly identified RA Group compromises companies in U.S. and South Korea with leaked Babuk source code

Cisco Talos recently discovered a new ransomware actor called RA Group that has been operating since at least April 22, 2023.

April 18, 2023 11:04

State-sponsored campaigns target global network infrastructure

This campaign, dubbed "Jaguar Tooth," is an example of a much broader trend of sophisticated adversaries targeting networking infrastructure to advance espionage objectives or pre-position for future destructive activity.

Recent
May 26, 2023 17:05

Threat Roundup for May 19 to May 26

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between May 19 and May 26. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral

May 26, 2023 15:05

Memory corruption vulnerability in Mitsubishi PLC could lead to DoS, code execution

A vulnerability, TALOS-2023-1727 (CVE-2023-1424), exists in the device’s MELSOFT Direct functionality that is triggered if an adversary sends the targeted device a specially crafted network packet.

May 25, 2023 14:05

It’s apparently hip to still be using Windows 7

Steam, the most popular video game storefront on PCs, only recently announced that it was ending support for Windows 7 and 8, and even then, it won’t be official until January.

May 18, 2023 14:05

It’s really OK to take a break sometimes, especially in security

The work is always going to be there, whether you take a day or a week off. Unfortunately, the cybersecurity community at large is not going to stop cybercrime overnight.

May 12, 2023 15:05

Threat Roundup for May 5 to May 12

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between May 5 and May 12. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral c

May 11, 2023 14:05

Threat Source newsletter (May 11, 2023) — So much for that ransomware decline

A ransomware attack on the city of Dallas, Texas is still disrupting many social services as of Wednesday, including hampering police communications and operations and potentially putting personal information at risk.