Translated: Talos' insights from the recently leaked Conti ransomware playbook
Executive summary Cisco Talos recently became aware of a leaked playbook that has been attributed to the ransomware-as-a-service (RaaS) group Conti. Talos has a team of dedicated, native-level speakers that translated these documents in their entirety into English. We also transl
Threat Roundup for August 20 to August 27
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Aug. 20 and Aug. 27. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting k
Threat Roundup for August 13 to August 20
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Aug. 13 and Aug. 20. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting k
Neurevt trojan takes aim at Mexican users
By Chetan Raghuprasad, with contributions from Vanja Svajcer. News summary * Cisco Talos discovered a new version of the Neurevt trojan with spyware and backdoor capabilities in June 2021 using Cisco Secure Endpoint product telemetry. * This version of Neurevt appears to tar
Threat Roundup for August 6 to August 13
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Aug. 6 and Aug. 13. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting ke
Vice Society leverages PrintNightmare in ransomware attacks
Executive Summary Another threat actor is actively exploiting the so-called PrintNightmarevulnerability (CVE-2021-1675 / CVE-2021-34527) in Windows' print spooler service to spread laterally across a victim's network as part of a recent ransomware attack, according to Ci
Signed MSI files, Raccoon and Amadey are used for installing ServHelper RAT
By Vanja Svajcer. News summary * Group TA505 has been active for at least seven years, making wide-ranging connections with other threat actors involved in ransomware, stealing credit card numbers and exfiltrating data. One of the common tools in TA505's arsenal is ServH
Talos Incident Response quarterly threat report — The top malware families and TTPs used in Q2 2021
By David Liebenberg and Caitlin Huey. Last quarter, ransomware was not the most dominant threat for the first time since we began compiling these reports. We theorized that this was due to a huge uptick in Microsoft Exchange exploitation, which temporarily became a primary focus
Threat Roundup for July 30 to August 6
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between July 30 and Aug. 6. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting ke