Cisco Talos Blog


Operation Celestial Force employs mobile and desktop malware to target Indian entities

Cisco Talos is disclosing a new malware campaign called “Operation Celestial Force” running since at least 2018. It is still active today, employing the use of GravityRAT, an Android-based malware, along with a Windows-based malware loader we track as “HeavyLift.”

June 11, 2024 13:46

Only one critical issue disclosed as part of Microsoft Patch Tuesday

The lone critical security issue is a remote code execution vulnerability due to a use-after-free issue in the HTTP handling function of Microsoft Message Queuing.

May 30, 2024 08:01

LilacSquid: The stealthy trilogy of PurpleInk, InkBox and InkLoader

Cisco Talos is disclosing a new suspected data theft campaign, active since at least 2021, we attribute to an advanced persistent threat actor (APT) we’re calling “LilacSquid.”  Multiple TTPs utilized in this campaign bear some overlap with North Korean APT groups.

May 29, 2024 12:07

Out-of-bounds reads in Adobe Acrobat; Foxit PDF Reader contains vulnerability that could lead to SYSTEM-level privileges

Acrobat, one of the most popular PDF readers currently available, contains two out-of-bounds read vulnerabilities that could lead to the exposure of sensitive contents of arbitrary memory in the application.

June 13, 2024 14:00

How we can separate botnets from the malware operations that rely on them

A botnet is a network of computers or other internet-connected devices that are infected by malware and controlled by a single threat actor or group.

June 6, 2024 14:00

The sliding doors of misinformation that come with AI-generated search results

AI’s integration into search engines could change the way many of us interact with the internet.

June 5, 2024 08:00

DarkGate switches up its tactics with new payload, email templates

DarkGate has been observed distributing malware through Microsoft Teams and even via malvertising campaigns.

May 31, 2024 08:00

New banking trojan “CarnavalHeist” targets Brazil with overlay attacks

Since February 2024, Cisco Talos has been observing an active campaign targeting Brazilian users with a new banking trojan called “CarnavalHeist.” Many of the observed tactics, techniques and procedures (TTPs) are common among other banking trojans coming out of Brazil.

May 30, 2024 14:00

Attackers are impersonating a road toll payment processor across the U.S. in phishing attacks

Drivers from New York to Georgia and Pennsylvania have received these types of texts with equally convincing phishing text messages and lure pages.

May 29, 2024 12:32

New Generative AI category added to Talos reputation services

Generative AI applies to any site “whose primary purpose is to use artificial intelligence models to generate output in the form of text, audio, video or images based on user-supplied prompts.”