Cisco Talos Intelligence Blog

July 1, 2020 11:02

Threat Spotlight: Valak Slithers Its Way Into Manufacturing and Transportation Networks

By Nick Biasini, Edmund Brumaghin and Mariano Graziano. Threat summary * Attackers are actively distributing the Valak malware family around the globe, with enterprises, in particular, being targeted. * These campaigns make use of existing email threads from compromised acco

May 21, 2020 11:23

Vulnerability Spotlight: Memory corruption vulnerability in GNU Glibc leaves smart vehicles open to attack

By Sam Dytrych and Jason Royes. Executive summary Modern automobiles are complex machines, merging both mechanical and computer systems under one roof. As automobiles become more advanced, additional sensors and devices are added to help the vehicle understand its internal and

May 11, 2020 11:00

Threat Spotlight: Astaroth — Maze of obfuscation and evasion reveals dark stealer

By Nick Biasini, Edmund Brumaghin and Nick Lister. * Cisco Talos is detailing an information stealer, Astaroth, that has been targeting Brazil with a variety of lures, including COVID-19 for the past nine to 12 months. * Complex maze of obfuscation and anti-analysis/evasion t

April 23, 2020 11:37

Threat Spotlight: MedusaLocker

By Edmund Brumaghin, with contributions from Amit Raut. Overview MedusaLocker is a ransomware family that has been observed being deployed since its discovery in 2019. Since its introduction to the threat landscape, there have been several variants observed. However, most of

February 13, 2020 14:07

Threat actors attempt to capitalize on coronavirus outbreak

* Coronavirus is dominating the news and threat actors are taking advantage. * Cisco Talos has found multiple malware families being distributed with Coronavirus lures and themes. This includes emotet and several RAT variants. Executive Summary Using the news to try and incr

January 13, 2020 14:13

New Snort rules protect against recently discovered Citrix vulnerability

By Edmund Brumaghin, with contributions from Dalton Schaadt. Executive Summary Recently, the details of a critical vulnerability affecting Citrix Application Delivery Controller and Citrix Gateway servers were publicly disclosed. This vulnerability is currently being tracked us

November 5, 2019 09:00

How adversaries use politics for compromise

By Nick Biasini and Edmund Brumaghin. Executive Summary With the U.S. presidential primaries just around the corner, even malware authors can't help but get behind the frenzy. Cisco Talos recently discovered several malware distribution campaigns where the adversaries were uti

September 26, 2019 16:07

Divergent: "Fileless" NodeJS Malware Burrows Deep Within the Host

Update (09/27/2019): Additional information regarding the malware interaction with various online advertisements has been included to highlight the click-fraud related network communications associated with Divergent.   Executive summary Cisco Talos recently discovered a new

July 15, 2019 11:04

SWEED: Exposing years of Agent Tesla campaigns

By Edmund Brumaghin and other Cisco Talos researchers. Executive summary Cisco Talos recently identified a large number of ongoing malware distribution campaigns linked to a threat actor we're calling "SWEED," including such notable malware as Formbook, Lokibot and Agent Tesl