Mercenary mayhem: A technical analysis of Intellexa's PREDATOR spyware
Commercial spyware use is on the rise, with actors leveraging these sophisticated tools to conduct surveillance operations against a growing number of targets. Cisco Talos has new details of a commercial spyware product sold by the spyware firm Intellexa (formerly known as Cytrox).
What is a web shell?
What are web shells? And why are attackers increasingly using them in their campaigns? We break it down in this blog.
Newly identified RA Group compromises companies in U.S. and South Korea with leaked Babuk source code
Cisco Talos recently discovered a new ransomware actor called RA Group that has been operating since at least April 22, 2023.
State-sponsored campaigns target global network infrastructure
This campaign, dubbed "Jaguar Tooth," is an example of a much broader trend of sophisticated adversaries targeting networking infrastructure to advance espionage objectives or pre-position for future destructive activity.
Threat Roundup for May 19 to May 26
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between May 19 and May 26. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral
Memory corruption vulnerability in Mitsubishi PLC could lead to DoS, code execution
A vulnerability, TALOS-2023-1727 (CVE-2023-1424), exists in the device’s MELSOFT Direct functionality that is triggered if an adversary sends the targeted device a specially crafted network packet.
It’s apparently hip to still be using Windows 7
Steam, the most popular video game storefront on PCs, only recently announced that it was ending support for Windows 7 and 8, and even then, it won’t be official until January.
It’s really OK to take a break sometimes, especially in security
The work is always going to be there, whether you take a day or a week off. Unfortunately, the cybersecurity community at large is not going to stop cybercrime overnight.
Threat Roundup for May 5 to May 12
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between May 5 and May 12. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral c
Threat Source newsletter (May 11, 2023) — So much for that ransomware decline
A ransomware attack on the city of Dallas, Texas is still disrupting many social services as of Wednesday, including hampering police communications and operations and potentially putting personal information at risk.