Cisco Talos Blog

Recent
April 25, 2024 08:00

Talos IR trends: BEC attacks surge, while weaknesses in MFA persist

Within BEC attacks, adversaries will send phishing emails appearing to be from a known or reputable source making a valid request, such as updating payroll direct deposit information.

April 24, 2024 11:54

ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices

ArcaneDoor is a campaign that is the latest example of state-sponsored actors targeting perimeter network devices from multiple vendors. Coveted by these actors, perimeter network devices are the perfect intrusion point for espionage-focused campaigns.

April 23, 2024 08:01

Suspected CoralRaider continues to expand victimology using three information stealers

Talos also discovered a new PowerShell command-line argument embedded in the LNK file to bypass anti-virus products and download the final payload into the victims’ host.

April 19, 2024 08:00

What’s the deal with the massive backlog of vulnerabilities at the NVD?

Given the state of the NVD and vulnerability management, we felt it was worth looking at the current state of the NVD, how we got to this point, what it means for security teams, and where we go from here.

April 18, 2024 14:00

Could the Brazilian Supreme Court finally hold people accountable for sharing disinformation?

At most, someone who intentionally or repeatedly shares information on their social platform that’s misleading or downright false may have their account blocked, suspended or deleted.

April 17, 2024 07:59

OfflRouter virus causes Ukrainian users to upload confidential documents to VirusTotal

The documents contained malicious VBA code, indicating they may be used as lures to infect organizations.

April 16, 2024 08:00

Large-scale brute-force activity targeting VPNs, SSH services with commonly used login credentials

Cisco Talos would like to acknowledge Anna Bennett and Brandon White of Cisco Talos and Phillip Schafer, Mike Moran, and Becca Lynch of the Duo Security Research team for their research that led to the identification of these attacks. Cisco Talos is actively monitoring a global

April 11, 2024 14:00

The internet is already scary enough without April Fool’s jokes

The security community is still reflecting on the “What If” of the XZ backdoor.

April 10, 2024 12:56

Vulnerability in some TP-Link routers could lead to factory reset

There are also two out-of-bounds write vulnerabilities in the AMD Radeon user mode driver for DirectX 11.