Cisco Talos Blog

January 9, 2024 04:00

New decryptor for Babuk Tortilla ransomware variant released

Cisco Talos obtained executable code capable of decrypting files affected by the Babuk Tortilla ransomware variant, allowing Talos to extract and share the private decryption key used by the threat actor.

August 8, 2023 15:25

Six critical vulnerabilities included in August’s Microsoft security update

The only vulnerability Microsoft states is being exploited in the wild is CVE-2023-38180, a denial-of-service vulnerability in .NET and Microsoft Visual Studio.

July 13, 2023 06:45

Malicious campaigns target government, military and civilian entities in Ukraine, Poland

Cisco Talos has discovered a threat actor conducting several campaigns against government entities, military organizations and civilian users in Ukraine and Poland. We judge that these operations are very likely aimed at stealing information and gaining persistent remote access.

March 9, 2023 08:02

Prometei botnet improves modules and exhibits new capabilities in recent updates

The high-profile botnet, focused on mining cryptocurrency, is back with new Linux versions.

December 20, 2022 08:00

Threat Spotlight: XLLing in Excel - threat actors using malicious add-ins

As more and more users adopt new versions of Microsoft Office, it is likely that threat actors will turn away from VBA-based malicious documents to other formats such as XLLs or rely on exploiting newly discovered vulnerabilities to launch malicious code.

September 28, 2022 08:12

New campaign uses government, union-themed lures to deliver Cobalt Strike beacons

Cisco Talos recently discovered a malicious campaign with a modularised attack technique to deliver Cobalt Strike beacons on infected endpoints.

September 1, 2022 13:35

ModernLoader delivers multiple stealers, cryptominers and RATs

* Cisco Talos recently observed three separate, but related, campaigns between March and June 2022 delivering a variety of threats, including the ModernLoader bot, RedLine information-stealer and cryptocurrency-mining malware to victims. * The actors use PowerShell, .NET assemb

August 9, 2022 16:44

Microsoft Patch Tuesday for August 2022 — Snort rules and prominent vulnerabilities

Microsoft released its monthly security update Tuesday, disclosing more than 120 vulnerabilities across its line of products and software, the most in a single Patch Tuesday in four months. This batch of updates also includes a fix for a new vulnerability in the Microsoft Window

February 9, 2022 08:05

What’s with the shared VBA code between Transparent Tribe and other threat actors?

Recently, we've been researching several threat actors operating in South Asia: Transparent Tribe, SideCopy, etc., that deploy a range of remote access trojans (RATs). After a hunting session in our malware sample repositories and VirusTotal while looking into these actors, w