New Snort rules protect against recently discovered Citrix vulnerability
By Edmund Brumaghin, with contributions from Dalton Schaadt. Executive Summary Recently, the details of a critical vulnerability affecting Citrix Application Delivery Controller and Citrix Gateway servers were publicly disclosed. This vulnerability is currently being tracked us
How adversaries use politics for compromise
By Nick Biasini and Edmund Brumaghin. Executive Summary With the U.S. presidential primaries just around the corner, even malware authors can't help but get behind the frenzy. Cisco Talos recently discovered several malware distribution campaigns where the adversaries were
Divergent: "Fileless" NodeJS Malware Burrows Deep Within the Host
Update (09/27/2019): Additional information regarding the malware interaction with various online advertisements has been included to highlight the click-fraud related network communications associated with Divergent. Executive summary Cisco Talos recently discovered a new
SWEED: Exposing years of Agent Tesla campaigns
By Edmund Brumaghin and other Cisco Talos researchers. Executive summary Cisco Talos recently identified a large number of ongoing malware distribution campaigns linked to a threat actor we're calling "SWEED," including such notable malware as Formbook, Lokibot
Threat Roundup for June 14 to June 21
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between June 14 and June 21. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting k
Sorpresa! JasperLoader targets Italy with a new bag of tricks
Nick Biasini and Edmund Brumaghin authored this blog post. Executive summary Over the past few months, a new malware loader called JasperLoader has emerged that targets Italy and other European countries with banking trojans such as Gootkit. We recently released a comprehensi
JasperLoader Emerges, Targets Italy with Gootkit Banking Trojan
Nick Biasini and Edmund Brumaghin authored this blog post with contributions from Andrew Williams. Introduction to JasperLoader Malware loaders are playing an increasingly important role in malware distribution. They give adversaries the ability to gain an initial foothold on a
New HawkEye Reborn Variant Emerges Following Ownership Change
Edmund Brumaghin and Holger Unterbrink authored this blog post. Executive summary Malware designed to steal sensitive information has been a threat to organizations around the world for a long time. The emergence of the greyware market and the increased commercialization of key
Vulnerability Spotlight: Multiple Vulnerabilities in CUJO Smart Firewall, Das U-Boot, OCTEON SDK, Webroot BrightCloud
Claudio Bozzato of Cisco Talos discovered these vulnerabilities. Executive summary CUJO AI produces the CUJO Smart Firewall, a device that provides protection to home networks against a myriad of threats such as malware, phishing websites and hacking attempts. Cisco Talos rec