Threat Source newsletter (Sept. 23, 2021)
Good afternoon, Talos readers. The Russian APT Turla is one of the most notorious threat actors out there today. And they aren't stopping, recently adding a new backdoor to their arsenal that serves as a "last chance" to retain a foothold on victim machines, even a
Threat Source newsletter (Sept. 16, 2021)
Good afternoon, Talos readers. It's a bird, it's a plane, it's a rat! We've been tracking a series of trojans targeting the aviation industry, and trying to lure victims in by sending them spam related to flight itineraries and other transportation news. In our
Threat Source newsletter (Sept. 9, 2021)
Good afternoon, Talos readers. The biggest security news this week is no doubt another Microsoft zero-day. On the heels of PrintNightmare and multiple Exchange Server vulnerabilities comes a code execution vulnerability in MSHTML, the rendering engine in Internet Explorer. We h
Threat Source newsletter (Sept. 2, 2021)
Good afternoon, Talos readers. If you haven't seen already, our blog has a lot of cool and new stuff this week. We first dove into the world of proxyware on Tuesday (aka internet-sharing applications). Attackers are hiding in this newly popular software to steal users'
Threat Source newsletter (Aug. 26, 2021)
Good afternoon, Talos readers. We have RATs on RATs on RATs over the past few weeks. And last week, we found a few more heading to Latin America to target users and try to steal their login credentials. The threat actor in this case has some compelling connections to the Aggah
Threat Source newsletter (Aug. 19, 2021)
Good afternoon, Talos readers. I'm writing this on Tuesday morning on account of vacation (again), so apologies if we miss any major stories. You certainly don't want to miss our latest blog post on the Neurevt remote access trojan that's targeting users in Mexico.
Threat Source newsletter (Aug. 12, 2021)
Good afternoon, Talos readers. No, that's not Ratatouille. It's ServHelper, who is much more dangerous (albeit just as cute) as the cartoon chef. We have a new blog post out today detailing this RAT, run by the threat actor Group TA505, that is stealing credit card data
Threat Source newsletter (Aug. 5, 2021)
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. We hope everyone is enjoying BlackHat and/or DEFCON this week, regardless of if you're attending virtually or in person. In case you missed any of our talks from BlackHat, you can check them out here, along
Threat Source newsletter (July 29, 2021)
Good afternoon, Talos readers. Thanks to everyone who joined us live yesterday for our talk on business email compromise. If you missed us live, the recording is up on our YouTube page now. Nick Biasini from Talos Outreach provided some great advice on avoiding business email co