Gustuff return, new features for victims

By Vitor Ventura with contributions from Chris Neal. Executive summary The Gustuff banking trojan is back with new features, months after initially appearing targeting financial institutions in Australia. Cisco Talos first reported on Gustuff in April. Soon after, the actors be

Gustuff banking botnet targets Australia

EXECUTIVE SUMMARY Cisco Talos has uncovered a new Android-based campaign targeting Australian financial institutions. As the investigation progressed, Talos came to understand that this campaign was associated with the "ChristinaMorrow" text message spam scam previousl

in(Secure) messaging apps — How side-channel attacks can compromise privacy in WhatsApp, Telegram, and Signal

This blog post is authored by Vitor Ventura. Executive summary Messaging applications have been around since the inception of the internet. But recently, due to the increased awareness around mass surveillance in some countries, more users are installing end-to-end encrypted

Vulnerability Spotlight: Multiple remote vulnerabilities in TP-Link TL-R600VPN

Vulnerabilities discovered by Carl Hurd and Jared Rittle of Cisco Talos. Cisco Talos is disclosing multiple vulnerabilities in the TP-Link TL-R600VPN router. TP-Link produces a number of different types of small and home office (SOHO) routers. Talos discovered several bugs in th

Persian Stalker pillages Iranian users of Instagram and Telegram

GPlayed's younger brother is a banker — and it's after Russian banks

GPlayed Trojan - .Net playing with Google Market

This blog post is authored byVitor Ventura. Introduction In a world where everything is always connected, and mobile devices are involved in individuals' day-to-day lives more and more often, malicious actors are seeing increased opportunities to attack these devices. Cisc

Vulnerability Spotlight: Multiple Remote Vulnerabilities In Insteon Hub PubNub

Vulnerabilities discovered by Claudio Bozzato of Cisco Talos Talos is disclosing twelve new vulnerabilities in Insteon Hub, ranging from remote code execution, to denial of service. The majority of the vulnerabilities have their root cause in the unsafe usage of the strcpy() fun

TeleGrab - Grizzly Attacks on Secure Messaging

The malware is mainly targeting Russian-speaking victims, and is intentionally avoiding IP addresses related with anonymizer services.