REvil ransomware actors attack Kaseya in supply chain attack
Updated on July 6, 2021: As analysis of the ransomware attack affecting organizations using Kaseya VSA has continued, we are sharing an update containing additional information. As new details are identified, this information may be updated as needed. * This event consisted of
Interview with a LockBit ransomware operator
By Azim Khodjibaev, Dmytro Korzhevin and Kendall McKay. Ransomware is still highly prevalent in our current threat landscape — it's one of the top threats Cisco Talos Incident Response responds to. One such ransomware family we encounter is called LockBit, a ransomware-as-a-
Vulnerability Spotlight: Multiple JavaScript vulnerabilities in Adobe Acrobat Reader
Aleksandar Nikolic of Cisco Talos discovered these vulnerabilities. Blog by Joe Marshall Cisco Talos recently discovered an heap buffer overflow and a use after free vulnerability in Adobe Acrobat Reader. Adobe Acrobat Reader is one of the most popular and feature-r
Tor2Mine is up to their old tricks — and adds a few new ones
By Kendall McKay and Joe Marshall. Threat summary * Cisco Talos has identified a resurgence of activity by Tor2Mine, a cryptocurrency mining group that was likely last active in 2018. Tor2Mine is deploying additional malware to harvest credentials and steal more money, includ
The basics of a ransomware infection as Snake, Maze expands
There have recently been several high-profile ransomware campaigns utilizing Maze and Snake malware. From critical medical supply companies, to large logistics firms, many businesses of all sizes have fallen victim to this cybercrime wave. When an organization falls victim to a
IPv6 unmasking via UPnP
Threat Roundup for Feb. 22 to March 1
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Feb. 22 and March 01. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting
Threat Roundup for Feb. 15 to Feb. 22
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Feb. 15 and Feb. 22. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting k
An introduction to offensive capabilities of Active Directory on UNIX
Tim Wadhwa-Brown of Portcullis Labs authored this post. In preparation for our talk at Black Hat Europe, Security Advisory EMEAR would like to share the background on our recent research into some common Active Directory integration solutions. Just as with Windows, these solutio