Cisco Talos Blog

September 2, 2021 08:02

Translated: Talos' insights from the recently leaked Conti ransomware playbook

Executive summary Cisco Talos recently became aware of a leaked playbook that has been attributed to the ransomware-as-a-service (RaaS) group Conti. Talos has a team of dedicated, native-level speakers that translated these documents in their entirety into English. We also transl

August 27, 2021 14:44

Threat Roundup for August 20 to August 27

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Aug. 20 and Aug. 27. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting k

August 20, 2021 14:23

Threat Roundup for August 13 to August 20

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Aug. 13 and Aug. 20. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting k

August 17, 2021 08:01

Neurevt trojan takes aim at Mexican users

By Chetan Raghuprasad, with contributions from Vanja Svajcer. News summary * Cisco Talos discovered a new version of the Neurevt trojan with spyware and backdoor capabilities in June 2021 using Cisco Secure Endpoint product telemetry. * This version of Neurevt appears to tar

August 13, 2021 13:12

Threat Roundup for August 6 to August 13

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Aug. 6 and Aug. 13. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting ke

August 12, 2021 18:33

Vice Society leverages PrintNightmare in ransomware attacks

Executive Summary Another threat actor is actively exploiting the so-called PrintNightmarevulnerability (CVE-2021-1675 / CVE-2021-34527) in Windows' print spooler service to spread laterally across a victim's network as part of a recent ransomware attack, according to Ci

August 12, 2021 08:00

Signed MSI files, Raccoon and Amadey are used for installing ServHelper RAT

By Vanja Svajcer. News summary * Group TA505 has been active for at least seven years, making wide-ranging connections with other threat actors involved in ransomware, stealing credit card numbers and exfiltrating data. One of the common tools in TA505's arsenal is ServH

August 11, 2021 08:00

Talos Incident Response quarterly threat report — The top malware families and TTPs used in Q2 2021

By David Liebenberg and Caitlin Huey. Last quarter, ransomware was not the most dominant threat for the first time since we began compiling these reports. We theorized that this was due to a huge uptick in Microsoft Exchange exploitation, which temporarily became a primary focus

August 6, 2021 13:49

Threat Roundup for July 30 to August 6

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between July 30 and Aug. 6. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting ke