Cisco Talos Blog

April 9, 2020 14:00

Threat Source newsletter for April 9, 2020

Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. Nearly all devices have some sort of fingerprint scanner now, used to log users in. But these scanners prevent their

January 16, 2020 14:00

Threat Source newsletter (Jan. 16, 2019)

Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. This wasn’t your average Patch Tuesday. Microsoft’s monthly security update was notable for a few reasons. For start

December 18, 2019 08:06

2019: The year in malware

February * Attackers use a malicious PowerPoint presentation to target members of the Tibetan government in the hopes of infecting them with ExileRAT. March * Talos discovers a new point-of-sale malware for sale online called “GlitchPOS” that is easy enough to use that any

December 17, 2019 10:46

Incident Response lessons from recent Maze ransomware attacks

By JJ Cummings and Dave Liebenberg  This year, we have been flooded with reports of targeted ransomware attacks. Whether it's a city, hospital, large- or medium-sized enterprise — they are all being targeted. These attacks can result in significant damage, cost, and have many

November 13, 2019 11:00

Hunting for LoLBins

By Vanja Svajcer. Introduction Attackers' trends tend to come and go. But one popular technique we're seeing at this time is the use of living-off-the-land binaries — or "LoLBins". LoLBins are used by different actors combined with fileless malware and legiti

November 5, 2019 09:00

How adversaries use politics for compromise

By Nick Biasini and Edmund Brumaghin. Executive Summary With the U.S. presidential primaries just around the corner, even malware authors can't help but get behind the frenzy. Cisco Talos recently discovered several malware distribution campaigns where the adversaries were

November 4, 2019 11:03

C2 With It All: From Ransomware To Carding

By Warren Mercer, Paul Rascagneres and Vitor Ventura. Summary Cisco Talos recently discovered a new server hosting a large stockpile of malicious files. Our analysis of these files shows that these attackers were able to obtain a deep level of access to victims' infrastruc

August 20, 2019 11:11

What you — and your company — should know about cyber insurance

By Jon Munshaw and Joe Marshall. It’s no longer a question of “if” any given company or organization is going to be hit with a cyber attack — it’s when. And when that attack comes, who is willing to take on that risk? For some groups, it may be that they feel they are fully pre

July 11, 2019 08:04

Should governments pay extortion payments after a ransomware attack?

"The risk must be judged to see if the cost is worth the attempt to get that data back or if these resources can do it within a reasonable timeframe. There are no guarantees in either direction."