Articles
IPv6 unmasking via UPnP
Martin Zeiser and Aleksandar Nikolich authored this post EXECUTIVE SUMMARY With tools such as ZMap and Masscan and general higher bandwidth availability, exhaustive internet-wide scans of full IPv4 address space have become the norm after it was once impractical. Projects like Shodanand Scans.io agg…
Threat Roundup for March 8 to March 15
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between Mar. 8 and Mar. 15. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral c…
GlitchPOS: New PoS malware for sale
Warren Mercer and Paul Rascagneres authored this post with contributions from Ben Baker. Executive summary Point-of-sale malware is popular among attackers, as it usually leads to them obtaining credit card numbers and immediately use that information for financial gain. This type of malware is gene…
Threat Roundup for Mar. 1 to Mar. 8
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between March 01 and March 08. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behaviora…
Cisco, Talos tout importance of IoT security at RSA keynote
By 2020, Gartner predicts 20 billion connected devices will be online — and more devices mean more security threats. Connected devices have exploded into the public and corporate landscape, rattling the bars of the cyber security cage. In a keynote address at the RSA Conference in San Francisco, Mat…
Threat Roundup for Feb. 22 to March 1
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between Feb. 8 and Feb. 15. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral c…
Cisco Talos Honeypot Analysis Reveals Rise in Attacks on Elasticsearch Clusters
Cisco Talos warns users that they need to keep a close eye on unsecured Elasticsearch clusters. We have recently observed a spike in attacks from multiple threat actors targeting these clusters. These attackers are targeting clusters using versions 1.4.2 and lower, and are leveraging old vulnerabili…
Threat Roundup for Feb. 15 to Feb. 22
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between Feb. 8 and Feb. 15. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral c…
Combing Through Brushaloader Amid Massive Detection Uptick
Nick Biasini and Edmund Brumaghin authored this blog post with contributions from Matthew Molyett. Executive Summary Over the past several months, Cisco Talos has been monitoring various malware distribution campaigns leveraging the malware loader Brushaloader to deliver malware payloads to systems…