Cisco Talos Blog

April 18, 2024 14:00

Could the Brazilian Supreme Court finally hold people accountable for sharing disinformation?

At most, someone who intentionally or repeatedly shares information on their social platform that’s misleading or downright false may have their account blocked, suspended or deleted.

April 17, 2024 07:59

OfflRouter virus causes Ukrainian users to upload confidential documents to VirusTotal

The documents contained malicious VBA code, indicating they may be used as lures to infect organizations.

April 16, 2024 08:00

Large-scale brute-force activity targeting VPNs, SSH services with commonly used login credentials

Cisco Talos would like to acknowledge Anna Bennett and Brandon White of Cisco Talos and Phillip Schafer, Mike Moran, and Becca Lynch of the Duo Security Research team for their research that led to the identification of these attacks. Cisco Talos is actively monitoring a global

April 11, 2024 14:00

The internet is already scary enough without April Fool’s jokes

The security community is still reflecting on the “What If” of the XZ backdoor.

April 10, 2024 12:56

Vulnerability in some TP-Link routers could lead to factory reset

There are also two out-of-bounds write vulnerabilities in the AMD Radeon user mode driver for DirectX 11.

April 9, 2024 14:23

April’s Patch Tuesday includes 150 vulnerabilities, 60 which could lead to remote code execution

Though April’s monthly security update from Microsoft includes 150 vulnerabilities, only three of them are considered “critical."

April 9, 2024 08:02

Starry Addax targets human rights defenders in North Africa with new malware

Cisco Talos is disclosing a new threat actor we deemed “Starry Addax” targeting mostly human rights activists, associated with the Sahrawi Arab Democratic Republic (SADR) cause with a novel mobile malware.

April 4, 2024 14:00

There are plenty of ways to improve cybersecurity that don’t involve making workers return to a physical office

An April 2023 study from Kent State University found that remote workers are more likely to be vigilant of security threats and take actions to ward them off than their in-office counterparts.

April 4, 2024 08:00

CoralRaider targets victims’ data and social media accounts

Cisco Talos discovered a new threat actor we’re calling “CoralRaider” that we believe is of Vietnamese origin and financially motivated. CoralRaider has been operating since at least 2023, targeting victims in several Asian and Southeast Asian countries.