Cisco Talos at RSAC 2024
With RSAC just a week away, Cisco Talos is gearing up for another year of heading to San Francisco to share in some of the latest major cybersecurity announcements, research and news.
James Nutland studies what makes threat actors tick, growing our understanding of the current APT landscape
Nutland says he goes into every engagement or new project with a completely open mind and a blank slate — using his background investigating terror operations to find out as much as he can about a particular adversary’s operation.
The private sector probably isn’t coming to save the NVD
Plus, new details emerge on the Scattered Spider cybercrime network and ArcaneDoor.
Talos IR trends: BEC attacks surge, while weaknesses in MFA persist
Within BEC attacks, adversaries will send phishing emails appearing to be from a known or reputable source making a valid request, such as updating payroll direct deposit information.
ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices
ArcaneDoor is a campaign that is the latest example of state-sponsored actors targeting perimeter network devices from multiple vendors. Coveted by these actors, perimeter network devices are the perfect intrusion point for espionage-focused campaigns.
Suspected CoralRaider continues to expand victimology using three information stealers
Talos also discovered a new PowerShell command-line argument embedded in the LNK file to bypass anti-virus products and download the final payload into the victims’ host.
What’s the deal with the massive backlog of vulnerabilities at the NVD?
Given the state of the NVD and vulnerability management, we felt it was worth looking at the current state of the NVD, how we got to this point, what it means for security teams, and where we go from here.
Could the Brazilian Supreme Court finally hold people accountable for sharing disinformation?
At most, someone who intentionally or repeatedly shares information on their social platform that’s misleading or downright false may have their account blocked, suspended or deleted.
OfflRouter virus causes Ukrainian users to upload confidential documents to VirusTotal
The documents contained malicious VBA code, indicating they may be used as lures to infect organizations.