Cisco Talos Intelligence Blog

November 17, 2022 08:11

Get a Loda This: LodaRAT meets new friends

* LodaRAT samples were deployed alongside other malware families, including RedLine and Neshta. * Cisco Talos identified several variants and altered versions of LodaRAT with updated functionality have been seen in the wild. * Changes in these LodaRAT variants include new f

November 8, 2022 13:11

Microsoft Patch Tuesday for November 2022 — Snort rules and prominent vulnerabilities

Microsoft released its monthly security update on Tuesday, disclosing 62 vulnerabilities. Of these vulnerabilities, 8 are classified as “Critical” and the rest are classified as “Important.”

June 21, 2022 07:06

Avos ransomware group expands with new attack arsenal

By Flavio Costa, * In a recent customer engagement, we observed a month-long AvosLocker campaign. * The attackers utilized several different tools, including Cobalt Strike, Sliver and multiple commercial network scanners. * The initial ingress point in this incident was a pa

February 8, 2022 13:02

Microsoft Patch Tuesday for Feb. 2022 — Snort rules and prominent vulnerabilities

Microsoft released its monthly security update Tuesday, disclosing 51 vulnerabilities across its large collection of hardware and software. None of the vulnerabilities disclosed this month are considered “critical,” an extreme rarity for the company’s Patch Tuesdays. Additionall

July 29, 2021 13:07

Threat Spotlight: Solarmarker

By Andrew Windsor, with contributions from Chris Neal. Executive summary * Cisco Talos has observed new activity from Solarmarker, a highly modular .NET-based information stealer and keylogger. * A previous staging module, "d.m," used with this malware has been replaced by a

June 7, 2021 08:06

Intelligence-driven disruption of ransomware campaigns

By Neil Jenkins and Matthew Olney. Note: Our guest co-author, Neil Jenkins, is the Chief Analytic Officer at the Cyber Threat Alliance. He leads the CTA's analytic efforts, focusing on the development of threat profiles, adversary playbooks and other analysis using the threat in

April 7, 2021 08:04

Sowing Discord: Reaping the benefits of collaboration app abuse

As telework has become the norm throughout the COVID-19 pandemic, attackers are modifying their tactics to take advantage of the changes to employee workflows. * Attackers are leveraging collaboration platforms, such as Discord and Slack, to stay under the radar and evade organ

March 23, 2021 16:03

Defending Microsoft Exchange from encrypted attacks with Cisco Secure IPS

This blog was authored by Brandon Stultz Microsoft released fixes for several critical vulnerabilities in Exchange Server earlier this month. One of these vulnerabilities (CVE-2021-26855) — aka "ProxyLogon" — is especially dangerous. ProxyLogon is a server-side request forgery (

February 9, 2021 14:02

Kasablanka Group's LodaRAT improves espionage capabilities on Android and Windows

* The developers of LodaRAT have added Android as a targeted platform. * A new iteration of LodaRAT for Windows has been identified with improved sound recording capabilities. * The operators behind LodaRAT tied to a specific campaign targeting Bangladesh, although others h