Upgraded Aggah malspam campaign delivers multiple RATs
By Asheer Malhotra * Cisco Talos has observed an upgraded version of a malspam campaign known to distribute multiple remote access trojans (RATs). * The infection chain utilized in the attacks is highly modularized. * The attackers utilize publicly available infrastructure s
Threat Roundup for April 17 to April 24
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between April 17 and April 24. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting
Threat Source newsletter for April 23, 2020
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. There’s a new Beers with Talos podcast out now. And guess what? They actually talk about security this time! The guy
Threat Spotlight: MedusaLocker
By Edmund Brumaghin, with contributions from Amit Raut. Overview MedusaLocker is a ransomware family that has been observed being deployed since its discovery in 2019. Since its introduction to the threat landscape, there have been several variants observed. However, most of
Talos Incident Response announces new, lower price through July 25
Today’s world looks very different than three months ago. More people work remotely than ever before. IT teams work around the clock to expand capacity and new software and services are being deployed to handle the load. Within this new remote environment, we have seen new malwar
Beers with Talos Ep. #78: Fingerprints and hunting parties
If iTunes and Google Play aren't your thing, click here. Recorded April 10, 2020 We have a couple great topics today — and only one of them is a COVID-19 related topic. So, it turns out that you can fake fingerprints. The good news is that it takes a lot of time, equipment a
Vulnerability Spotlight: Zoom Communications user enumeration
Video conferencing and calling software has spiked in popularity as individuals across the globe are forced to stay home due to the COVID-19 pandemic. There are a plethora of players in this space, with one or two getting increased attention. One service in particular — Zoom — ha
Threat Roundup for April 10 to April 17
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between April 10 and April 17. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting
PoetRAT: Python RAT uses COVID-19 lures to target Azerbaijan public and private sectors
By Warren Mercer, Paul Rascagneres and Vitor Ventura. News summary * Azerbaijan government and energy sector likely targeted by an unknown actor. * From the energy sector, the actor demonstrates interest in SCADA systems related to wind turbines. * The actor uses Word docum