Cisco Talos Blog

February 27, 2024 08:00

TimbreStealer campaign targets Mexican users with financial lures

Talos has observed a phishing spam campaign targeting potential victims in Mexico, luring users to download a new obfuscated information stealer we’re calling TimbreStealer, which has been active since at least November 2023.

June 13, 2023 08:03

".Zip" top-level domains draw potential for information leaks

As a result of user applications increasingly registering actual “.zip” files as URLs, these filenames may trigger unintended DNS queries or web requests, thereby revealing possibly sensitive or internal company data in a file’s name to any actor monitoring the associated DNS server

March 9, 2023 08:02

Prometei botnet improves modules and exhibits new capabilities in recent updates

The high-profile botnet, focused on mining cryptocurrency, is back with new Linux versions.

February 14, 2023 08:00

New MortalKombat ransomware and Laplas Clipper malware threats deployed in financially motivated campaign

Since December 2022, Cisco Talos has been observing an unidentified actor deploying two relatively new threats, the recently discovered MortalKombat ransomware and a GO variant of the Laplas Clipper malware, to steal cryptocurrency from victims.

February 9, 2023 08:09

Beyond the basics: Implementing an active defense

An active defense posture, where the defenders actively use threat intelligence and their own telemetry to uncover potential compromises, is the next stage in the cyber security maturity road. Instead of waiting for detections to trigger, defenders can take initiative and hunt threat actors.

January 24, 2023 07:59

State Sponsored Attacks in 2023 and Beyond

As 2023 begins I wanted to look forward on the future of state sponsored aggression and how we can see it change and evolve over the next year and beyond.

November 8, 2022 09:33

The Company You Keep – Preparing for supply chain attacks with Talos IR

Organizations must proactively limit supply chain risks through careful selection of the company they keep while preparing to respond to an incident that will invariably originate from the supply chain.

November 1, 2022 15:03

Threat Advisory: High Severity OpenSSL Vulnerabilities

In late October two new buffer overflow vulnerabilities, CVE-2022-3602 and CVE-2022-3786, were announced in OpenSSL versions 3.0.0 to 3.0.6. These vulnerabilities can be exploited by sending an X.509 certificate with a specially crafted email address, potentially causing a buffer

October 25, 2022 08:00

Quarterly Report: Incident Response Trends in Q3 2022

A lack of MFA remains one of the biggest impediments to enterprise security.