Articles
Threat Roundup for May 24 to May 31
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between May 17 and May 24. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral ch…
10 years of virtual dynamite: A high-level retrospective of ATM malware
It has been 10 years since the discovery of Skimer, first malware specifically designed to attack automated teller machines (ATMs). At the time, the learning curve for understanding its functionality was rather steep and analysis required specific knowledge of a manufacturer’s ATM API function…
Threat Roundup for May 17 to May 24
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between May 17 and May 24. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral ch…
One year later: The VPNFilter catastrophe that wasn’t
One year ago, Cisco Talos first disclosed the existence of VPNFilter on May 23, 2018. The malware made headlines across the globe, as it was a sophisticated piece of malware developed by a nation state, infecting half a million devices, and poised to cause havoc. Yet the attack was averted. This is…
Sorpresa! JasperLoader targets Italy with a new bag of tricks
Nick Biasini and Edmund Brumaghin authored this blog post. Executive summary Over the past few months, a new malware loader has emerged that targets Italy and other European countries with banking trojans such as Gootkit. We recently released a comprehensive analysis of the functionality associated…
Recent MuddyWater-associated BlackWater campaign shows signs of new anti-detection techniques
This blog was authored by Danny Adamitis, David Maynor, and Kendall McKay Executive summary Cisco Talos assesses with moderate confidence that a campaign we recently discovered called “BlackWater” is associated with suspected persistent threat actor MuddyWater. Newly associated samples…
Vulnerability Spotlight: Multiple bugs in several Jenkins plugins
Jenkins is an open-source automation server written in Java. There are several plugins that exist to integrate Jenkins with other pieces of software, such as GitLab. Today, Cisco Talos is disclosing vulnerabilities in three of these plugins: Swarm, Ansible and GitLab. All three of these are informat…
Threat Roundup for April 26 to May 3
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between April 26 and May 03. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral…
Qakbot levels up with new obfuscation techniques
Qakbot, also known as Qbot, is a well-documented banking trojan that has been around since 2008. Recent Qakbot campaigns, however, are utilizing an updated persistence mechanism that can make it harder for users to detect and remove the trojan. Qakbot is known to target businesses with the hope of s…