Cisco Talos Blog

January 14, 2025 16:15

Microsoft Patch Tuesday for January 2025 — Snort rules and prominent vulnerabilities

Microsoft has released its monthly security update for January of 2025 which includes 159 vulnerabilities, including 10 that Microsoft marked as “critical.” The remaining vulnerabilities listed are classified as “important.”

October 23, 2024 06:02

Threat Spotlight: WarmCookie/BadSpace

WarmCookie is a malware family that emerged in April 2024 and has been distributed via regularly conducted malspam and malvertising campaigns.

October 23, 2024 06:02

Highlighting TA866/Asylum Ambuscade Activity Since 2021

TA866 (also known as Asylum Ambuscade) is a threat actor that has been conducting intrusion operations since at least 2020.

February 20, 2024 08:00

Astaroth, Mekotio & Ousaban abusing Google Cloud Run in LATAM-focused malware campaigns

Since September 2023, we have observed a significant increase in the volume of malicious emails leveraging the Google Cloud Run service to infect potential victims with banking trojans.

January 9, 2024 13:58

Microsoft starts off new year with relatively light Patch Tuesday, no zero-days

One of the critical vulnerabilities patched Tuesday is CVE-2024-20674, a security bypass vulnerability in the Windows Kerberos authentication protocol.

August 31, 2023 08:00

SapphireStealer: Open-source information stealer enables credential and data theft

SapphireStealer appears to be delivered as part of a multi-stage infection process, with threat actors leveraging open-source malware downloaders like FUD-Loader to deliver SapphireStealer to potential victims.

April 4, 2023 08:00

Typhon Reborn V2: Updated stealer features enhanced anti-analysis and evasion capabilities

The stealer is for sale on dark web forums for $59 a month, or $540 for a lifetime subscription, which is relatively inexpensive compared to other infostealers.

March 22, 2023 15:41

Emotet resumes spam operations, switches to OneNote

Since returning, Emotet has leveraged several distinct infection chains, indicating that they are modifying their approach based on their perceived success in infecting new systems.

December 13, 2022 14:06

Microsoft Patch Tuesday for December 2022 — Snort rules and prominent vulnerabilities

Microsoft released its monthly security update on Tuesday, disclosing 48 vulnerabilities. Of these vulnerabilities, 6 are classified as “Critical”, 41 are classified as “Important”, with the remaining vulnerability classified as “Moderate.”