Cisco Talos Blog

April 4, 2024 08:00

CoralRaider targets victims’ data and social media accounts

Cisco Talos discovered a new threat actor we’re calling “CoralRaider” that we believe is of Vietnamese origin and financially motivated. CoralRaider has been operating since at least 2023, targeting victims in several Asian and Southeast Asian countries.

April 2, 2024 08:00

Adversaries are leveraging remote access tools now more than ever — here’s how to stop them

While there are many legitimate uses for this software, adversaries are also finding ways to use them for command and control in their campaigns.

March 28, 2024 10:00

Enter the substitute teacher

Welcome to this week’s threat source newsletter with Jon out, you’ve got me as your substitute teacher. I’m taking you back to those halcyon days of youth and that moment when you found out that you had a sub that day...

March 21, 2024 14:00

“Pig butchering” is an evolution of a social engineering tactic we’ve seen for years

In the case of pig butchering scams, it’s not really anything that can be solved by a cybersecurity solution or sold in a package.

March 21, 2024 09:08

New details on TinyTurla’s post-compromise activity reveal full kill chain

We now have new information on the entire kill chain this actor uses, including the tactics, techniques and procedures (TTPs) utilized to steal valuable information from their victims and propagate through their infected enterprises.

March 20, 2024 12:00

Netgear wireless router open to code execution after buffer overflow vulnerability

There is also a newly disclosed vulnerability in a graphics driver for some NVIDIA GPUs that could lead to a memory leak.

March 20, 2024 08:00

Dissecting a complex vulnerability and achieving arbitrary code execution in Ichitaro Word

Research conducted by Cisco Talos last year uncovered multiple vulnerabilities rated as low severity despite their ability to allow for full arbitrary code execution.

March 15, 2024 10:00

The LockBit story: Why the ransomware affiliate model can turn takedowns into disruptions

Talos explores the recent law enforcement takedown of LockBit, a prolific ransomware group that claimed to resume their operations 7 days later.

March 14, 2024 14:00

Not everything has to be a massive, global cyber attack

There are a few reasons why we’re so ready to jump to the “it’s a cyber attack!”