Threat Spotlight: Cyber Criminal Adoption of IPFS for Phishing, Malware Campaigns
* The InterPlanetary File System (IPFS) is an emerging Web3 technology that is currently seeing widespread abuse by threat actors. * Cisco Talos has observed multiple ongoing campaigns that leverage the IPFS network to host their malware payloads and phishing kit infrastructure
Threat Roundup for May 13 to May 20
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between May 13 and May 20. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key
Threat Spotlight: "Haskers Gang" Introduces New ZingoStealer
Update (04/14/22): Following the initial publication of this blog, we observed a new post in the Haskers Gang Telegram channel announcing that ownership of the ZingoStealer project is being transferred to a new threat actor. We also observed the malware author offering to sell t
Threat Advisory: Opportunistic cyber criminals take advantage of Ukraine invasion
By Edmund Brumaghin, with contributions from Jonathan Byrne, Perceo Lemos and Vasileios Koutsoumpogeras. This post is also available in: 日本語 (Japanese) Українська (Ukrainian) Executive Summary * Since the beginning of the war in Ukraine, we have observed threat actors usin
Microsoft Patch Tuesday for March 2022 — Snort rules and prominent vulnerabilities
Microsoft released another relatively light security update Tuesday, disclosing 71 vulnerabilities, including fixes for issues in Azure and the Office suite of products. March’s Patch Tuesday only included two critical vulnerabilities, which is notable considering there weren’t a
Threat Advisory: Critical Apache Log4j vulnerability being exploited in the wild
Update History DateDescription of UpdatesDec. 20, 2021 Additional coverage and IOCs; additional detection capabilities for customers via Cisco Global Threat Alerts. Dec. 18, 2021 Additional mitigation guidance; updated coverage information. Dec. 17, 2021 Added additional vulner
Attracting flies with Honey(gain): Adversarial abuse of proxyware
By Edmund Brumaghin and Vitor Ventura. * With internet-sharing applications, or "proxyware," users download software that allows them to share a percentage of their bandwidth with other internet users for a fee, with the companies that created this software acting as
Vice Society leverages PrintNightmare in ransomware attacks
Executive Summary Another threat actor is actively exploiting the so-called PrintNightmarevulnerability (CVE-2021-1675 / CVE-2021-34527) in Windows' print spooler service to spread laterally across a victim's network as part of a recent ransomware attack, according to Ci
Threat Roundup for May 28 to June 4
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between May 28 and June 4. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key