Cisco Talos Blog

Recent
November 14, 2024 06:00

New PXA Stealer targets government and education sectors for sensitive information

Cisco Talos discovered a new information stealing campaign operated by a Vietnamese-speaking threat actor targeting government and education entities in Europe and Asia.

November 12, 2024 18:11

November Patch Tuesday release contains three critical remote code execution vulnerabilities

The Patch Tuesday for November of 2024 includes 91 vulnerabilities, including two that Microsoft marked as “critical.” The remaining 89 vulnerabilities listed are classified as “important.”

November 7, 2024 06:00

Unwrapping the emerging Interlock ransomware attack

Cisco Talos Incident Response (Talos IR) recently observed an attacker conducting big-game hunting and double extortion attacks using the relatively new Interlock ransomware.

October 31, 2024 11:29

NVIDIA shader out-of-bounds and eleven LevelOne router vulnerabilities

Cisco Talos' Vulnerability Research team recently discovered five Nvidia out-of-bounds access vulnerabilities in shader processing, as well as eleven LevelOne router vulnerabilities spanning a range of possible exploits. For Snort coverage that can detect the exploitation of

October 31, 2024 09:37

Threat actors use copyright infringement phishing lure to deploy infostealers

Cisco Talos has observed a threat actor conducting a phishing campaign targeting Facebook business and advertising account users in Taiwan. This campaign delivers an information stealer onto the target's machine to avoid network security product detections.

October 30, 2024 06:00

Writing a BugSleep C2 server and detecting its traffic with Snort

This blog will demonstrate the practice and methodology of reversing BugSleep’s protocol, writing a functional C2 server, and detecting this traffic with Snort.

October 25, 2024 10:09

How LLMs could help defenders write better and faster detection

Can LLM tools actually help defenders in the cybersecurity industry write more effective detection content? Read the full research

October 24, 2024 06:00

Talos IR trends Q3 2024: Identity-based operations loom large

Credential theft was the main goal in 25% of incidents last quarter, and new ransomware variants made their appearance - read more about the top trends, TTPs, and security weaknesses that facilitated adversary actions.

October 23, 2024 06:02

Threat Spotlight: WarmCookie/BadSpace

WarmCookie is a malware family that emerged in April 2024 and has been distributed via regularly conducted malspam and malvertising campaigns.