Cisco Talos Intelligence Blog

Blog
Podcasts

Software
Vulnerability Information
Reputation Center
Library
Support
Incident Response
Blog
Podcasts
- Podcasts
- BACK
- Beers with Talos
- Talos Takes
Careers
About

Threat Source (May 2, 2019)

By Jonathan Munshaw

Thursday, May 2, 2019 14:05

Qakbot Threat Source newsletter

Share this post

Following the LNK metadata trail

January 19, 2023 08:01

While tracking some prevalent commodity malware threat actors, Talos observed the popularization of malicious LNK files as their initial access method to download and execute payloads. A closer look at the LNK files illustrates how their metadata could be used to identify and track new campaigns.

HTML smugglers turn to SVG images

December 13, 2022 15:12

* HTML smuggling is a technique attackers use to hide an encoded malicious script within an HTML email attachment or webpage. * Once a victim receives the email and opens the attachment, their browser decodes and runs the script, which then assembles a malicious payload directly on the victim’s device. * Talos

What Talos Incident Response learned from a recent Qakbot attack hijacking old email threads

July 27, 2022 08:07

By Nate Pors and Terryn Valikodath. Executive summary * In a recent malspam campaign delivering the Qakbot banking trojan, Cisco Talos Incident Response (CTIR) observed the adversary using aggregated, old email threads from multiple organizations that we assess were likely harvested during the 2021 ProxyLogon-related compromises targeting vulnerable Microsoft Exchange servers.

Software
Reputation Center
Vulnerability Inforamtion
Microsoft Advisory Snort Rules
Incident Response
Secure Endpoint Naming Conventions
Talos File Reputation
Library
Support Communities
About
Careers
Talos Blog
Threat Source newsletters
Beers with Talos Podcast
Talos Takes Podcast