Cisco Talos Blog

April 17, 2024 07:59

OfflRouter virus causes Ukrainian users to upload confidential documents to VirusTotal

The documents contained malicious VBA code, indicating they may be used as lures to infect organizations.

January 9, 2024 04:00

New decryptor for Babuk Tortilla ransomware variant released

Cisco Talos obtained executable code capable of decrypting files affected by the Babuk Tortilla ransomware variant, allowing Talos to extract and share the private decryption key used by the threat actor.

August 8, 2023 15:25

Six critical vulnerabilities included in August’s Microsoft security update

The only vulnerability Microsoft states is being exploited in the wild is CVE-2023-38180, a denial-of-service vulnerability in .NET and Microsoft Visual Studio.

July 13, 2023 06:45

Malicious campaigns target government, military and civilian entities in Ukraine, Poland

Cisco Talos has discovered a threat actor conducting several campaigns against government entities, military organizations and civilian users in Ukraine and Poland. We judge that these operations are very likely aimed at stealing information and gaining persistent remote access.

March 9, 2023 08:02

Prometei botnet improves modules and exhibits new capabilities in recent updates

The high-profile botnet, focused on mining cryptocurrency, is back with new Linux versions.

December 20, 2022 08:00

Threat Spotlight: XLLing in Excel - threat actors using malicious add-ins

As more and more users adopt new versions of Microsoft Office, it is likely that threat actors will turn away from VBA-based malicious documents to other formats such as XLLs or rely on exploiting newly discovered vulnerabilities to launch malicious code.

September 28, 2022 08:12

New campaign uses government, union-themed lures to deliver Cobalt Strike beacons

Cisco Talos recently discovered a malicious campaign with a modularised attack technique to deliver Cobalt Strike beacons on infected endpoints.

September 1, 2022 13:35

ModernLoader delivers multiple stealers, cryptominers and RATs

* Cisco Talos recently observed three separate, but related, campaigns between March and June 2022 delivering a variety of threats, including the ModernLoader bot, RedLine information-stealer and cryptocurrency-mining malware to victims. * The actors use PowerShell, .NET assemb

August 9, 2022 16:44

Microsoft Patch Tuesday for August 2022 — Snort rules and prominent vulnerabilities

Microsoft released its monthly security update Tuesday, disclosing more than 120 vulnerabilities across its line of products and software, the most in a single Patch Tuesday in four months. This batch of updates also includes a fix for a new vulnerability in the Microsoft Window