Cisco Talos Blog

Recent
July 9, 2024 08:00

How do cryptocurrency drainer phishing scams work?

In recent months, a surge in cryptodrainer phishing attacks has been observed, targeting cryptocurrency holders with sophisticated schemes aimed at tricking them into divulging their valuable credentials.

June 27, 2024 14:00

We’re not talking about cryptocurrency as much as we used to, but there are still plenty of scammers out there

A report in March found that 72% of cryptocurrency projects had died since 2020, with crypto trading platform FTX’s downfall taking out many of them in one fell swoop.

June 27, 2024 08:01

Snowflake isn’t an outlier, it’s the canary in the coal mine

By Nick Biasini with contributions from Kendall McKay and Guilherme Venere Headlines continue to roll in about the many implications and follow-on attacks originating from leaked and/or stolen credentials for the Snowflake cloud data platform. Adversaries obtained stolen login

June 26, 2024 12:00

Multiple vulnerabilities in TP-Link Omada system could lead to root access

Affected devices could include wireless access points, routers, switches and VPNs.

June 21, 2024 08:00

Unveiling SpiceRAT: SneakyChef's latest tool targeting EMEA and Asia

The new remote access trojan (RAT) dubbed SpiceRAT was used by the threat actor SneakyChef in a recent campaign targeting government agencies in EMEA and Asia.

June 21, 2024 08:00

SneakyChef espionage group targets government agencies with SugarGh0st and more infection techniques

Cisco Talos recently discovered an ongoing campaign from SneakyChef, a newly discovered threat actor using SugarGh0st malware, as early as August 2023.

June 20, 2024 14:00

Tabletop exercises are headed to the next frontier: Space

More on the recent Snowflake breach, MFA bypass techniques and more.

June 18, 2024 08:00

Exploring malicious Windows drivers (Part 2): the I/O system, IRPs, stack locations, IOCTLs and more

As the second entry in our “Exploring malicious Windows drivers” series, we will continue where the first left off: Discussing the I/O system and IRPs.

June 18, 2024 07:57

How are attackers trying to bypass MFA?

Exploring trends on how attackers are trying to manipulate and bypass MFA, as well as when/how attackers will try their 'push-spray' MFA attacks