New Horabot campaign targets the Americas
Cisco Talos has observed a threat actor deploying a previously unidentified botnet program Talos is calling “Horabot,” which delivers a known banking trojan and spam tool onto victim machines in a campaign that has been ongoing since at least November 2020.
Legislation alone isn’t enough to stop spyware
The latest on a newly discovered phishing botnet and the latest headlines regarding how countries use spyware.
What is a web shell?
What are web shells? And why are attackers increasingly using them in their campaigns? We break it down in this blog.
Mercenary mayhem: A technical analysis of Intellexa's PREDATOR spyware
Commercial spyware use is on the rise, with actors leveraging these sophisticated tools to conduct surveillance operations against a growing number of targets. Cisco Talos has new details of a commercial spyware product sold by the spyware firm Intellexa (formerly known as Cytrox).
Threat Roundup for May 19 to May 26
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between May 19 and May 26. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral
Memory corruption vulnerability in Mitsubishi PLC could lead to DoS, code execution
A vulnerability, TALOS-2023-1727 (CVE-2023-1424), exists in the device’s MELSOFT Direct functionality that is triggered if an adversary sends the targeted device a specially crafted network packet.
It’s apparently hip to still be using Windows 7
Steam, the most popular video game storefront on PCs, only recently announced that it was ending support for Windows 7 and 8, and even then, it won’t be official until January.
It’s really OK to take a break sometimes, especially in security
The work is always going to be there, whether you take a day or a week off. Unfortunately, the cybersecurity community at large is not going to stop cybercrime overnight.
Newly identified RA Group compromises companies in U.S. and South Korea with leaked Babuk source code
Cisco Talos recently discovered a new ransomware actor called RA Group that has been operating since at least April 22, 2023.