Cisco Talos Intelligence Blog

September 7, 2023 08:09

Cybercriminals target graphic designers with GPU miners

Cybercriminals are abusing Advanced Installer, a legitimate Windows tool used for creating software packages, to drop cryptocurrency-mining malware including PhoenixMiner and lolMiner on infected machines.

September 6, 2023 12:09

Eight vulnerabilities in Open Automation Software Platform could lead to information disclosure, improper authentication

OAS Platform allows various devices, including PLCs, servers, files, databases and internet-of-things platforms to communicate with one another and share data when they otherwise would be unable to because of their various protocols.

August 31, 2023 14:08

New open-source infostealer, and reflections on 2023 so far

A new open-source information stealer called ‘SapphireStealer’ has been observed across public malware repositories with increasing frequency. Plus, watch a new series of videos on the year so far in the threat landscape.

August 31, 2023 08:08

SapphireStealer: Open-source information stealer enables credential and data theft

SapphireStealer appears to be delivered as part of a multi-stage infection process, with threat actors leveraging open-source malware downloaders like FUD-Loader to deliver SapphireStealer to potential victims.

August 29, 2023 08:08

What's in a name? Strange behaviors at top-level domains creates uncertainty in DNS

Confusion over whether some name is a public DNS name or another private resource can cause sensitive data to fall into the hands of unintended recipients.

August 24, 2023 14:08

Years into these games’ histories, attackers are still creating “Fortnite” and “Roblox”-related scams

The latest activity from Lazarus Groups, .gov domains scamming people out of "V-Bucks" and more in this week's edition.

August 24, 2023 08:08

Lazarus Group's infrastructure reuse leads to discovery of new malware

Lazarus Group appears to be changing its tactics, increasingly relying on open-source tools and frameworks in the initial access phase of their attacks, as opposed to strictly employing them in the post-compromise phase.

August 24, 2023 08:08

Lazarus Group exploits ManageEngine vulnerability to deploy QuiteRAT

This is the third documented campaign attributed to this actor in less than a year, with the actor reusing the same infrastructure throughout these operations.

August 23, 2023 12:08

Three vulnerabilities in NVIDIA graphics driver could cause memory corruption

The driver is vulnerable to memory corruption if an adversary sends a specially crafted shader packer, which can lead to a memory corruption problem in the driver.