Cisco Talos has observed an unknown threat actor conducting a phishing campaign targeting Facebook business and advertising account users in Taiwan. The decoy email and fake PDF filenames are designed to impersonate a company's legal department, attempting to lure the…
Category: Cisco Talos Blog
Writing a BugSleep C2 server and detecting its traffic with Snort
This blog will demonstrate the practice and methodology of reversing BugSleep’s protocol, writing a functional C2 server, and detecting this traffic with Snort. This article has been indexed from Cisco Talos Blog Read the original article: Writing a BugSleep C2…
How LLMs could help defenders write better and faster detection
Can LLM tools actually help defenders in the cybersecurity industry write more effective detection content? Read the full research This article has been indexed from Cisco Talos Blog Read the original article: How LLMs could help defenders write better and faster…
Talos IR trends Q3 2024: Identity-based operations loom large
Credential theft was the main goal in 25% of incidents last quarter, and new ransomware variants made their appearance – read more about the top trends, TTPs, and security weaknesses that facilitated adversary actions. This article has been indexed from…
Highlighting TA866/Asylum Ambuscade Activity Since 2021
TA866 (also known as Asylum Ambuscade) is a threat actor that has been conducting intrusion operations since at least 2020. This article has been indexed from Cisco Talos Blog Read the original article: Highlighting TA866/Asylum Ambuscade Activity Since 2021
Threat Spotlight: WarmCookie/BadSpace
WarmCookie is a malware family that emerged in April 2024 and has been distributed via regularly conducted malspam and malvertising campaigns. This article has been indexed from Cisco Talos Blog Read the original article: Threat Spotlight: WarmCookie/BadSpace
Threat actor abuses Gophish to deliver new PowerRAT and DCRAT
Cisco Talos recently discovered a phishing campaign using an open-source phishing toolkit called Gophish by an unknown threat actor. This article has been indexed from Cisco Talos Blog Read the original article: Threat actor abuses Gophish to deliver new PowerRAT…
Akira ransomware continues to evolve
As the Akira ransomware group continues to evolve its operations, Talos has the latest research on the group’s attack chain, targeted verticals, and potential future TTPs. This article has been indexed from Cisco Talos Blog Read the original article: Akira…
What I’ve learned in my first 7-ish years in cybersecurity
Plus, a zero-day vulnerability in Qualcomm chips, exposed health care devices, and the latest on the Salt Typhoon threat actor. This article has been indexed from Cisco Talos Blog Read the original article: What I’ve learned in my first 7-ish…
UAT-5647 targets Ukrainian and Polish entities with RomCom malware variants
By Dmytro Korzhevin, Asheer Malhotra, Vanja Svajcer and Vitor Ventura. Cisco Talos has observed a new wave of attacks active since at least late 2023, from a Russian speaking group we track as “UAT-5647”, against Ukrainian government entities and unknown…