Tor2Mine is up to their old tricks — and adds a few new ones

By Kendall McKay and Joe Marshall. Threat summary * Cisco Talos has identified a resurgence of activity by Tor2Mine, a cryptocurrency mining group that was likely last active in 2018. Tor2Mine is deploying additional malware to harvest credentials and steal more money, includ

The basics of a ransomware infection as Snake, Maze expands

There have recently been several high-profile ransomware campaigns utilizing Maze and Snake malware. From critical medical supply companies, to large logistics firms, many businesses of all sizes have fallen victim to this cybercrime wave. When an organization falls victim to a

IPv6 unmasking via UPnP

Threat Roundup for Feb. 22 to March 1

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Feb. 22 and March 01. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting

Threat Roundup for Feb. 15 to Feb. 22

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Feb. 15 and Feb. 22. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting k

An introduction to offensive capabilities of Active Directory on UNIX

Tim Wadhwa-Brown of Portcullis Labs authored this post. In preparation for our talk at Black Hat Europe, Security Advisory EMEAR would like to share the background on our recent research into some common Active Directory integration solutions. Just as with Windows, these solutio

Attack on Critical Infrastructure Leverages Template Injection

Executive Summary Attackers are continually trying to find new ways to target users with malware sent via email. Talos has identified an email-based attack targeting the energy sector, including nuclear power, that puts a new spin on the classic word document attachment phish. T