Cisco Talos Blog

April 21, 2022 08:49

TeamTNT Targeting AWS, Alibaba

By Darin Smith. * TeamTNT is actively modifying its scripts after they were made public by security researchers. * These scripts primarily target Amazon Web Services, but can also run in on-premise, container, or other forms of Linux instances. * The group's payloads inc

March 22, 2022 08:01

On the Radar: Securing Web 3.0, the Metaverse and beyond

Internet technology evolves rapidly, and the World Wide Web (WWW or Web) is currently experiencing a transition into what many are calling "Web 3.0". Web 3.0 is a nebulous term. If you spend enough time Googling it, you'll find many interpretations regarding what We

November 23, 2021 13:29

Attackers exploiting zero-day vulnerability in Windows Installer — Here’s what you need to know and Talos’ coverage

Cisco Talos is releasing new SNORTⓇ rules to protect against the exploitation of a zero-day elevation of privilege vulnerability in Microsoft Windows Installer. This vulnerability allows an attacker with a limited user account to elevate their privileges to become an administrato

July 22, 2021 08:00

Security implications of misconfigurations

By Jaeson Schultz. When defenders regularly monitor their organization's Domain Name System (DNS) queries, they can often snuff out potential attacks before they happen. At the very least, it's important to identify and fix configuration mistakes that could lead to nasty

March 8, 2021 11:00

Domain dumpster diving

By Jaeson Schultz. Dumpster diving — searching through the trash looking for items of value — has long been a staple of hacking culture. In the 1995 movie "Hackers," Acid Burn and Crash Override are seen dumpster diving for information they can use to help them "h

September 24, 2020 11:00

The Internet did my homework

By Jaeson Schultz and Matt Valites. As students return to school for in-person and virtual learning, Cisco Talos discovered an increase in DNS requests coming into Umbrella resolving domains we classify as "academic fraud." Data from Pew Research on back-to-school date

January 16, 2020 09:00

Stolen emails reflect Emotet's organic growth

By Jaeson Schultz Introduction Emotet has a penchant for stealing a victim's email, then impersonating that victim and sending copies of itself in reply. The malicious emails are delivered through a network of stolen outbound SMTP accounts. This relatively simple email-man-

September 17, 2019 16:00

Emotet is back after a summer break

Emotet is still evolving, five years after its debut as a banking trojan. It is one of the world's most dangerous botnets and malware droppers-for-hire. The malware payloads dropped by Emotet serve to more fully monetize their attacks, and often include additional banking tro

April 11, 2019 13:37

Sextortion profits decline despite higher volume, new techniques

Sextortion spammers continue blasting away at high volume. The success they experienced with several high-profile campaigns last year has led these attackers to continue transmitting massive amounts of sextortion email. These sextortion spammers have been doing everything they ca