Cisco Talos Intelligence Blog

August 13, 2020 09:08

Attribution: A Puzzle

By Martin Lee, Paul Rascagneres and Vitor Ventura. Introduction The attribution of cyber attacks is hard. It requires collecting diverse intelligence, analyzing it and deciding who is responsible. Rarely does the evidence available to researchers reach a level of proof that wo

April 8, 2020 08:04

Fingerprint cloning: Myth or reality?

Phone, computer fingerprint scanners can be defeated with 3-D printing By Paul Rascagneres and Vitor Ventura.   Executive summary Passwords are the traditional authentication methods for computers and networks. But passwords can be stolen. Biometric authentication seems the pe

March 5, 2020 06:03

Bisonal: 10 years of play

By Warren Mercer, Paul Rascagneres and Vitor Ventura. Update 06/03/20: added samples from 2020. Executive summary * Security researchers detected and exposed the Bisonal malware over the past 10 years. But the Tonto team, the threat actor behind it, didn't stop. * The vi

July 9, 2019 10:07

Sea Turtle keeps on swimming, finds new victims, DNS hijacking techniques

By Danny Adamitis with contributions from Paul Rascagneres. Executive summary After several months of activity, the actors behind the "Sea Turtle" DNS hijacking campaign are not slowing down. Cisco Talos recently discovered new details that suggest they regrouped after we pub

April 23, 2019 13:04

DNSpionage brings out the Karkoff

Update 4/24: The C2 section below now includes details around the XOR element of the C2 communication system. Executive summary In November 2018, Cisco Talos discovered an attack campaign, called DNSpionage, in which threat actors created a new remote administrative tool that

March 13, 2019 10:03

GlitchPOS: New PoS malware for sale

Warren Mercer and Paul Rascagneres authored this post with contributions from Ben Baker. Executive summary Point-of-sale malware is popular among attackers, as it usually leads to them obtaining credit card numbers and immediately use that information for financial gain. This t

February 11, 2019 11:02

What you can learn from Cisco Talos’ new oil pumpjack workshop

Paul Rascagneres wrote this blog post with contributions from Patrick DeSantis from Cisco Talos ARES (Advanced Research/Embedded Systems). Executive summary Every day, more industrial control systems (ICS) become vulnerable to cyber attacks. As these massive, critical machines

January 30, 2019 14:01

Fake Cisco Job Posting Targets Korean Candidates

Edmund Brumaghin and Paul Rascagneres authored this post, with contributions from Jungsoo An. Executive summary   Cisco Talos recently observed a targeted malware campaign being leveraged in an attempt to compromise specific organizations. The infection vector associated with

January 28, 2019 10:01

Vulnerability Spotlight: Multiple WIBU SYSTEMS WubiKey vulnerabilities

Marcin "Icewall" Noga of Cisco Talos discovered these vulnerabilities. Executive Summary Cisco Talos discovered two vulnerabilities that could allow remote code execution and memory disclosure at the kernel level in WIBU-SYSTEMS WibuKey. WibuKey is a USB key designed to protec