Threat Source newsletter (April 7, 2022) — More money for cybersecurity still doesn't solve the skills gap problem
Welcome to this week’s edition of the Threat Source newsletter. U.S. President Joe Biden’s proposed budget would include an 11 percent increase in the federal government’s IT budget, including a total of $10.9 billion for cybersecurity. On the surface — this is all great (we can
Threat Spotlight: AsyncRAT campaigns feature new version of 3LOSH crypter
By Edmund Brumaghin, with contributions from Alex Karkins. * Ongoing malware distribution campaigns are using ISO disk images to deliver AsyncRAT, LimeRAT and other commodity malware to victims. * The infections leverage process injection to evade detection by endpoint securit
Threat Roundup for March 25 to April 1
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between March 25 and April 1. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting
Beers with Talos, Ep. #119: If it walks like a BlackCat, smells like a BlackCat...
Beers with Talos (BWT) Podcast episode No. 119 is now available. Download this episode and subscribe to Beers with Talos: * Apple Podcasts * Google Podcasts * Spotify * Stitcher Recorded March 25, 2022. If iTunes and Google Play aren't your thing, click here. We'r
Threat Advisory: Spring4Shell
UPDATE, APRIL 4, 2022: The Kenna Risk Score for CVE-2022-22965 is currently at maximum 100. This is an exceptionally rare score, of which only 415 out of 184,000 CVEs (or 0.22 percent) have achieved, reflecting the severity and potential effects of this vulnerability. To get a r
On the Radar: Is 2022 the year encryption is doomed?
Senior managers responsible for information security should take stock of the encryption algorithms in use within their systems and plan their move to quantum-secure algorithms.
Threat Source newsletter (March 31, 2022) — Is "Fortnite" a Metaverse?
Welcome to this week’s edition of the Threat Source newsletter. By now, anyone on the internet has pondered the question: “Is a hot dog a sandwich?” (My two cents: Yes, absolutely.) Now as we move into the new internet age and onto Web 3.0 and NFTs instead of classic memes, I’v
Transparent Tribe campaign uses new bespoke malware to target Indian government officials
By Asheer Malhotra and Justin Thattil with contributions from Kendall McKay. * Cisco Talos has observed a new Transparent Tribe campaign targeting Indian government and military entities. While the actors are infecting victims with CrimsonRAT, their well-known malware of choi
Threat Roundup for March 18 to March 25
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between March 18 and March 25. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting