Cisco Talos Blog

Recent
May 31, 2024 08:00

New banking trojan “CarnavalHeist” targets Brazil with overlay attacks

Since February 2024, Cisco Talos has been observing an active campaign targeting Brazilian users with a new banking trojan called “CarnavalHeist.” Many of the observed tactics, techniques and procedures (TTPs) are common among other banking trojans coming out of Brazil.

May 30, 2024 14:00

Attackers are impersonating a road toll payment processor across the U.S. in phishing attacks

Drivers from New York to Georgia and Pennsylvania have received these types of texts with equally convincing phishing text messages and lure pages.

May 30, 2024 08:01

LilacSquid: The stealthy trilogy of PurpleInk, InkBox and InkLoader

Cisco Talos is disclosing a new suspected data theft campaign, active since at least 2021, we attribute to an advanced persistent threat actor (APT) we’re calling “LilacSquid.”  Multiple TTPs utilized in this campaign bear some overlap with North Korean APT groups.

May 29, 2024 12:32

New Generative AI category added to Talos reputation services

Generative AI applies to any site “whose primary purpose is to use artificial intelligence models to generate output in the form of text, audio, video or images based on user-supplied prompts.”

May 29, 2024 12:07

Out-of-bounds reads in Adobe Acrobat; Foxit PDF Reader contains vulnerability that could lead to SYSTEM-level privileges

Acrobat, one of the most popular PDF readers currently available, contains two out-of-bounds read vulnerabilities that could lead to the exposure of sensitive contents of arbitrary memory in the application.

May 23, 2024 14:00

Apple and Google are taking steps to curb the abuse of location-tracking devices — but what about others?

Plus, SS7 vulnerabilities are being exploited and BreachForums is taken down again.

May 22, 2024 08:17

From trust to trickery: Brand impersonation over the email attack vector

Cisco recently developed and released a new feature to detect brand impersonation in emails when adversaries pretend to be a legitimate corporation.

May 16, 2024 14:00

Rounding up some of the major headlines from RSA

Here’s a rundown of some things you may have missed if you weren’t able to stay on top of the things coming out of the conference.

May 16, 2024 08:00

Talos releases new macOS open-source fuzzer

Compared to fuzzing for software vulnerabilities on Linux, where most of the code is open-source, targeting anything on macOS presents a few difficulties.