Cisco Talos Blog

Recent
October 31, 2024 11:29

NVIDIA shader out-of-bounds and eleven LevelOne router vulnerabilities

Cisco Talos' Vulnerability Research team recently discovered five Nvidia out-of-bounds access vulnerabilities in shader processing, as well as eleven LevelOne router vulnerabilities spanning a range of possible exploits. For Snort coverage that can detect the exploitation of

October 31, 2024 09:37

Threat actors use copyright infringement phishing lure to deploy infostealers

Cisco Talos has observed a threat actor conducting a phishing campaign targeting Facebook business and advertising account users in Taiwan. This campaign delivers an information stealer onto the target's machine to avoid network security product detections.

October 30, 2024 06:00

Writing a BugSleep C2 server and detecting its traffic with Snort

This blog will demonstrate the practice and methodology of reversing BugSleep’s protocol, writing a functional C2 server, and detecting this traffic with Snort.

October 25, 2024 10:09

How LLMs could help defenders write better and faster detection

Can LLM tools actually help defenders in the cybersecurity industry write more effective detection content? Read the full research

October 24, 2024 06:00

Talos IR trends Q3 2024: Identity-based operations loom large

Credential theft was the main goal in 25% of incidents last quarter, and new ransomware variants made their appearance - read more about the top trends, TTPs, and security weaknesses that facilitated adversary actions.

October 23, 2024 06:02

Threat Spotlight: WarmCookie/BadSpace

WarmCookie is a malware family that emerged in April 2024 and has been distributed via regularly conducted malspam and malvertising campaigns.

October 23, 2024 06:02

Highlighting TA866/Asylum Ambuscade Activity Since 2021

TA866 (also known as Asylum Ambuscade) is a threat actor that has been conducting intrusion operations since at least 2020.

October 22, 2024 06:00

Threat actor abuses Gophish to deliver new PowerRAT and DCRAT

Cisco Talos recently discovered a phishing campaign using an open-source phishing toolkit called Gophish by an unknown threat actor.

October 21, 2024 12:50

Akira ransomware continues to evolve

As the Akira ransomware group continues to evolve its operations, Talos has the latest research on the group's attack chain, targeted verticals, and potential future TTPs.