Cisco Talos Blog

December 4, 2023 08:01

Project PowerUp – Helping to keep the lights on in Ukraine in the face of electronic warfare

Project PowerUp is the story of how Cisco Talos worked with a multi-national, multi-company coalition of volunteers and experts to help “keep the lights on” in Ukraine, by injecting a measure of stability in Ukraine’s power transmission grid.

August 18, 2022 08:00

Ukraine war spotlights agriculture sector's vulnerability to cyber attack

The war in Ukraine has caused massive problems for global food supplies, underscoring the high impact of disruptive events to agriculture entities and related organizations. * The challenges to the Ukrainian agriculture sector imposed by the war--and global ripple effects--have

August 12, 2021 18:33

Vice Society leverages PrintNightmare in ransomware attacks

Executive Summary Another threat actor is actively exploiting the so-called PrintNightmarevulnerability (CVE-2021-1675 / CVE-2021-34527) in Windows' print spooler service to spread laterally across a victim's network as part of a recent ransomware attack, according to Ci

July 2, 2021 22:03

REvil ransomware actors attack Kaseya in supply chain attack

Updated on July 6, 2021: As analysis of the ransomware attack affecting organizations using Kaseya VSA has continued, we are sharing an update containing additional information. As new details are identified, this information may be updated as needed. * This event consisted of

February 2, 2021 08:00

Interview with a LockBit ransomware operator

By Azim Khodjibaev, Dmytro Korzhevin and Kendall McKay. Ransomware is still highly prevalent in our current threat landscape — it's one of the top threats Cisco Talos Incident Response responds to. One such ransomware family we encounter is called LockBit, a ransomware-as-a-

November 5, 2020 17:01

Vulnerability Spotlight: Multiple JavaScript vulnerabilities in Adobe Acrobat Reader

Aleksandar Nikolic of Cisco Talos discovered these vulnerabilities. Blog by Joe Marshall Cisco Talos recently discovered an heap buffer overflow and a use after free vulnerability in Adobe Acrobat Reader. Adobe Acrobat Reader is one of the most popular and feature-r

June 11, 2020 14:53

Tor2Mine is up to their old tricks — and adds a few new ones

By Kendall McKay and Joe Marshall. Threat summary * Cisco Talos has identified a resurgence of activity by Tor2Mine, a cryptocurrency mining group that was likely last active in 2018. Tor2Mine is deploying additional malware to harvest credentials and steal more money, includ

May 14, 2020 15:07

The basics of a ransomware infection as Snake, Maze expands

There have recently been several high-profile ransomware campaigns utilizing Maze and Snake malware. From critical medical supply companies, to large logistics firms, many businesses of all sizes have fallen victim to this cybercrime wave. When an organization falls victim to a

March 18, 2019 12:44

IPv6 unmasking via UPnP