Breaking security news all uses should be up-to-date on, along with any other cybersecurity topics in the news.
Backdoors & Breaches: How Talos is helping humanitarian aid NGOs prepare for cyber attacks
In 2023, Cisco Talos and partners created a special Backdoors & Breaches card deck to help NGOs improve their cybersecurity skills with practical, easy-to-use training tailored to their needs.
Talos joins CISA to counter cyber threats against non-profits, activists and other at-risk communities
Commercial spyware tools can threaten democratic values by enabling governments to conduct covert surveillance on citizens, undermining privacy rights and freedom of expression.
What’s the deal with the massive backlog of vulnerabilities at the NVD?
Given the state of the NVD and vulnerability management, we felt it was worth looking at the current state of the NVD, how we got to this point, what it means for security teams, and where we go from here.
New decryptor for Babuk Tortilla ransomware variant released
Cisco Talos obtained executable code capable of decrypting files affected by the Babuk Tortilla ransomware variant, allowing Talos to extract and share the private decryption key used by the threat actor.
Video: How propaganda can spread on social media via memes, fake news
In this video, we'll look at a few examples of what essentially equates to propaganda spreading across social media, leading to false stories, headlines, posts and the continued degradation of the meaning of "truth."
Cisco Talos shares insights related to recent cyber attack on Cisco
THIS POST IS ALSO AVAILABLE IN: 日本語 (Japanese) Update History DateDescription of UpdatesAug. 10th 2022 Adding clarifying details on activity involving active directory. Aug. 10th 2022 Update made to the Cisco Response and Recommendations section related to MFA. Executive
Attackers target Ukraine using GoMet backdoor
Executive summary Since the Russian invasion of Ukraine began, Ukrainians have been under a nearly constant barrage of cyber attacks. Working jointly with Ukrainian organizations, Cisco Talos has discovered a fairly uncommon piece of malware targeting Ukraine — this time aimed a
Talos Incident Response added to German BSI Advanced Persistent Threat response list
Cisco Talos Incident Response is now listed as an approved vendor on the Bundesamt für Sicherheit in der Informationstechnik (BSI) Advanced Persistent Threat (APT) response service providers list [https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Cyber-Sicherheit/Themen/Dienst
Cisco recognized by Forrester as cybersecurity incident response services provider
Cisco Talos Incident Response is proud to announce that Forrester has recognized us by including Cisco in the new Forrester report “Now Tech: Cybersecurity Incident Response Services, Q4 2021.” The Forrester report provides an overview of 36 Cybersecurity Incident Response Servi
Threat Roundup for November 26 to December 3
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Nov. 26 and Dec. 3. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting ke
Cisco named leader in Incident Response Services
It has been more than two years already since Cisco Incident Response became a part of the Talos family. Since then, my team has continued a journey to simplify our offering for consumption and make incident response the ultimate team sport. That is why I could not be more humbl
Talos Takes Ep. #78: Attackers would love to buy you a non-existent PS5 this holiday season
By Jon Munshaw. The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. We know this episode comes around every year, but people keep falling for scams, so we have to remind p
Threat Roundup for November 12 to November 19
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Nov. 12 and Nov. 19. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting k
Threat Roundup for October 29 to November 5
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Oct. 29 and Nov. 5. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting ke
Threat Roundup for October 15 to October 22
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Oct. 15 and Oct. 22. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting k
Threat Roundup for October 8 to October 15
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Oct. 8 and Oct. 15. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting ke
Talos release protection against zero-day vulnerability (CVE-2021-40444) in Microsoft MSHTML
Cisco Talos released new SNORT® rules Thursday to protect against the exploitation of a zero-day vulnerability in Microsoft MSHTML that the company warns is being actively exploited in the wild. Users are encouraged to deploy SIDs 58120 – 58129, Snort 3 SID 300049 and ClamAV sig
Attracting flies with Honey(gain): Adversarial abuse of proxyware
By Edmund Brumaghin and Vitor Ventura. * With internet-sharing applications, or "proxyware," users download software that allows them to share a percentage of their bandwidth with other internet users for a fee, with the companies that created this software acting as
Threat Roundup for August 6 to August 13
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Aug. 6 and Aug. 13. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting ke
Vice Society leverages PrintNightmare in ransomware attacks
Executive Summary Another threat actor is actively exploiting the so-called PrintNightmarevulnerability (CVE-2021-1675 / CVE-2021-34527) in Windows' print spooler service to spread laterally across a victim's network as part of a recent ransomware attack, according to Ci
Threat Roundup for July 23 to July 30
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between July 23 and July 30. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting k
Threat Roundup for July 16 to July 23
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between July 16 and July 23. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting k
Threat Roundup for July 9 to July 16
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between July 9 and July 16. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting ke
Threat Roundup for July 2 to July 9
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between July 2 and July 9. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key
Threat Roundup for June 25 to July 2
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between June 25 and July 2. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting ke
Threat Roundup for June 18 to June 25
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between June 18 and June 25. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting k
Threat Roundup for June 11 to June 17
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between June 11 and June 17. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting k
Threat Roundup for June 4 to June 11
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between June 4 and June 11. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting ke
Lemon Duck spreads its wings: Actors target Microsoft Exchange servers, incorporate new TTPs
By Caitlin Huey and Andrew Windsor with contributions from Edmund Brumaghin. * Lemon Duck continues to refine and improve upon their tactics, techniques and procedures as they attempt to maximize the effectiveness of their campaigns. * Lemon Duck remains relevant as the operat
Recording: Analyzing Android Malware — From triage to reverse-engineering
It's easy to get wrapped up worry about large-scale ransomware attacks on the threat landscape. These are the types of attacks that make headlines and strike fear into the hearts of CISOs everywhere. But if you want to defend the truly prolific and widespread threats that tar
Sowing Discord: Reaping the benefits of collaboration app abuse
As telework has become the norm throughout the COVID-19 pandemic, attackers are modifying their tactics to take advantage of the changes to employee workflows. * Attackers are leveraging collaboration platforms, such as Discord and Slack, to stay under the radar and evade organ
Kasablanka Group's LodaRAT improves espionage capabilities on Android and Windows
* The developers of LodaRAT have added Android as a targeted platform. * A new iteration of LodaRAT for Windows has been identified with improved sound recording capabilities. * The operators behind LodaRAT tied to a specific campaign targeting Bangladesh, although others h
What to expect when you're electing: The building blocks of disinformation campaigns
By Nick Biasini, Kendall McKay and Matt Valites. Editor's note: Related reading on Talos election security research: * /what-to-expect-when-youre-electing * /election-roundtable-video * /what-to-expect-electing-disinformation-building-blocks As Cisco Talos discovered du
Threat Source newsletter for July 23, 2020
Good afternoon, Talos readers. While ransomware attacks continue to hog all the headlines, cryptocurrency miners are still running the background, sapping computing power from unsuspecting victims. We have what we believe is the first documentation of a new botnet we're calli
Threat Source newsletter for July 16, 2020
Good afternoon, Talos readers. If you haven’t already, we highly recommend you read our in-depth research paper on election security. This paper represents four years of hands-on research, interviews and insight into how things have changed since 2016, and what hurdles remain to
What to expect when you’re electing: Talos’ 2020 election security primer
Editor's note: Related reading on Talos election security research: * /what-to-expect-when-youre-electing * /election-roundtable-video * /what-to-expect-electing-disinformation-building-blocks After the 2016 General Election, the talk was all around foreign meddling. Rumo
New Snort rule addresses critical vulnerability in F5 BIG-IP
By Jon Munshaw. Cisco Talos just released Snort coverage for a prominent vulnerability in F5’s BIG-IP. BIG-IP is one of the most popular networking products on the modern market. This product is used to shape web traffic, access gateways, limit rates and much more. F5 disclosed
Threat Source newsletter for July 2, 2020
Good afternoon, Talos readers. Our latest research you should catch up on is the Valak malware. This information-stealer sneaks its way onto victim machines by hijacking legitimate email threads. The threat actors send their phishing emails and attachments in email threads, hop
Threat Source newsletter for June 25, 2020
Good afternoon, Talos readers. We recently decided to replace our use of the terms "blacklist" and "whitelist" with "block list" and "allow list.” Even though these terms are commonly in use in the security industry, we will not go along with c
Cisco Talos replacing all mentions of 'blacklist,' 'whitelist'
There are many ways to respond to injustice, both large and small, but each response is important. While we acknowledge it is a small change, Cisco Talos is moving to replace our use of the terms "blacklist" and "whitelist" with "block list" and &quo
Threat Source newsletter for June 18, 2020
Good afternoon, Talos readers. Now that Cisco Live is over, you can access both of Talos’ talks on-demand here if you registered for the online event. The latest Beers with Talos episode covers how to push your career in cyber security forward when you feel like you’re stuck i
Threat Source newsletter for June 11, 2020
Good afternoon, Talos readers. We are back this week with new content, mainly around Microsoft Patch Tuesday. We have our complete breakdown of all the vulns here, as well as in-depth information on two remote code execution vulnerabilities one of our researchers discovered in E
Threat Source newsletter for June 4, 2020
Our social media content and promotion are on pause this week as there are more important issues being discussed and other voices that need to be heard. However, we still wanted to provide users with the latest IOCs and threats we’re seeing. Upcoming public engagements Event:
Threat Source newsletter for May 28, 2020
Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. We need to start things off by wishing a Happy Birthday to Beers with Talos! The first episode was released on May 12, 2017. To celebrate, we have a new e
Threat Source newsletter for May 21, 2020
Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. Beers with Talos chugs on during quarantine with the latest episode of “The In-Between.” Once again, the hosts talk about everything but security, answeri
What the continued escalation of tensions in the Middle East means for security
Cisco Talos works with many organizations around the world, monitoring and protecting against sophisticated threats every day. As such, we are watching the current state of events in the Middle East very closely for our customers and partners who may be impacted by the ongoing si