Cisco Talos Blog

October 21, 2019 10:46

Gustuff return, new features for victims

By Vitor Ventura with contributions from Chris Neal. Executive summary The Gustuff banking trojan is back with new features, months after initially appearing targeting financial institutions in Australia. Cisco Talos first reported on Gustuff in April. Soon after, the actors be

April 9, 2019 13:45

Gustuff banking botnet targets Australia

EXECUTIVE SUMMARY Cisco Talos has uncovered a new Android-based campaign targeting Australian financial institutions. As the investigation progressed, Talos came to understand that this campaign was associated with the "ChristinaMorrow" text message spam scam previousl

December 10, 2018 11:51

in(Secure) messaging apps — How side-channel attacks can compromise privacy in WhatsApp, Telegram, and Signal

This blog post is authored by Vitor Ventura. Executive summary Messaging applications have been around since the inception of the internet. But recently, due to the increased awareness around mass surveillance in some countries, more users are installing end-to-end encrypted

November 19, 2018 09:30

Vulnerability Spotlight: Multiple remote vulnerabilities in TP-Link TL-R600VPN

Vulnerabilities discovered by Carl Hurd and Jared Rittle of Cisco Talos. Cisco Talos is disclosing multiple vulnerabilities in the TP-Link TL-R600VPN router. TP-Link produces a number of different types of small and home office (SOHO) routers. Talos discovered several bugs in th

October 11, 2018 09:06

GPlayed Trojan - .Net playing with Google Market

This blog post is authored byVitor Ventura. Introduction In a world where everything is always connected, and mobile devices are involved in individuals' day-to-day lives more and more often, malicious actors are seeing increased opportunities to attack these devices. Cisc

June 19, 2018 11:25

Vulnerability Spotlight: Multiple Remote Vulnerabilities In Insteon Hub PubNub

Vulnerabilities discovered by Claudio Bozzato of Cisco Talos Talos is disclosing twelve new vulnerabilities in Insteon Hub, ranging from remote code execution, to denial of service. The majority of the vulnerabilities have their root cause in the unsafe usage of the strcpy() fun

May 16, 2018 13:17

TeleGrab - Grizzly Attacks on Secure Messaging

The malware is mainly targeting Russian-speaking victims, and is intentionally avoiding IP addresses related with anonymizer services.