Articles
Sodinokibi Ransomware Exploits WebLogic Server Vulnerability
This blog was authored by Pierre Cadieux, Colin Grady, Jaeson Schultz and Matt Valites Attackers are actively exploiting a recently disclosed vulnerability in Oracle WebLogic to install a new variant of ransomware called “Sodinokibi.” Sodinokibi attempts to encrypt data in a user’s…
Threat Roundup for April 19 to April 26
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between Apr. 19 and Apr. 26. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral…
Vulnerability Spotlight: Multiple vulnerabilities in Sierra Wireless AirLink ES450
Carl Hurd and Jared Rittle of Cisco Talos discovered these vulnerabilities. Executive summary Several exploitable vulnerabilities exist in the Sierra Wireless AirLink ES450, an LTE gateway designed for distributed enterprise, such as retail point-of-sale or industrial control systems. These flaws pr…
JasperLoader Emerges, Targets Italy with Gootkit Banking Trojan
Nick Biasini and Edmund Brumaghin authored this blog post with contributions from Andrew Williams. Introduction to JasperLoader Malware loaders are playing an increasingly important role in malware distribution. They give adversaries the ability to gain an initial foothold on a system and are typica…
DNSpionage brings out the Karkoff
In November 2018, Cisco Talos discovered an attack campaign, called DNSpionage, in which threat actors created a new remote administrative tool that supports HTTP and DNS communication with the attackers’ command and control(C2). Since then, there have been several other public reports of addi…
Threat Roundup for April 12 to April 19
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between Apr. 12 and Apr. 19. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral…
DNS Hijacking Abuses Trust In Core Internet Service
This blog post discusses the technical details of a state-sponsored attack manipulating DNS systems. While this incident is limited to targeting primarily national security organizations in the Middle East and North Africa, and we do not want to overstate the consequences of this specific campaign,…
New HawkEye Reborn Variant Emerges Following Ownership Change
Edmund Brumaghin and Holger Unterbrink authored this blog post. Executive summary Malware designed to steal sensitive information has been a threat to organizations around the world for a long time. The emergence of the greyware market and the increased commercialization of keyloggers, stealers, and…
Vulnerability Spotlight: Multiple vulnerabilities in Shimo VPN’s helper tool
Cisco Talos is disclosing a series of vulnerabilities found in the Shimo VPN Helper Tool. Shimo VPN is a popular VPN client for MacOS that can be used to connect multiple VPN accounts to one application. These specific vulnerabilities were found in the “helper tool,” a feature that Shimo VPN uses to…