Cisco Talos Blog

Recent
February 22, 2024 14:00

TikTok’s latest actions to combat misinformation shows it’s not just a U.S. problem

Fake news, disinformation, misinformation – whatever label you want to put on it – will not just go away if one election in the U.S. goes one way or the other.

February 22, 2024 08:00

TinyTurla-NG in-depth tooling and command and control analysis

Cisco Talos, in cooperation with CERT.NGO, has discovered new malicious components used by the Turla APT. New findings from Talos illustrate the inner workings of the command and control (C2) scripts deployed on the compromised WordPress servers utilized in the compromise we previously disclosed.

February 21, 2024 08:54

How CVSS 4.0 changes (or doesn’t) the way we see vulnerability severity

While distilling risk down to a simple numerical score is helpful for many in the security space, it is also an imperfect system that can often leave out important context.

February 20, 2024 08:00

Astaroth, Mekotio & Ousaban abusing Google Cloud Run in LATAM-focused malware campaigns

Since September 2023, we have observed a significant increase in the volume of malicious emails leveraging the Google Cloud Run service to infect potential victims with banking trojans.

February 15, 2024 14:00

Why the toothbrush DDoS story fooled us all

There was about a 24-hour period where many news outlets reported on a reported DDoS attack that involved a botnet made up of thousands of internet-connected toothbrushes.

February 15, 2024 08:00

TinyTurla Next Generation - Turla APT spies on Polish NGOs

This new backdoor we’re calling “TinyTurla-NG” (TTNG) is similar to Turla’s previously disclosed implant, TinyTurla, in coding style and functionality implementation.

February 14, 2024 08:00

How are attackers using QR codes in phishing emails and lure documents?

QR code attacks are particularly dangerous because they move the attack vector off a protected computer and onto the target’s personal mobile device, which usually has fewer security protections in place and ultimately has the sensitive information that attackers are after.

February 13, 2024 13:59

First Microsoft Patch Tuesday zero-day of 2024 disclosed as part of group of 75 vulnerabilities

Although considered of moderate risk, one of the vulnerabilities is being actively exploited in the wild — CVE-2024-21351, a security feature bypass vulnerability in Windows SmartScreen.

February 8, 2024 14:00

Spyware isn’t going anywhere, and neither are its tactics

For their part, the U.S. did roll out new restrictions on the visas of any foreign individuals who misuse commercial spyware.