Articles
JavaScript bridge makes malware analysis with WinDbg easier
As malware researchers, we spend several days a week debugging malware in order to learn more about it. For that, we have several powerful and popular user mode tools to choose from, such as OllyDbg, x64dbg, IDA Pro and Immunity Debugger. All these debuggers utilize some scripting language to automa…
Threat Roundup for Feb. 8 to Feb. 15
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between Feb. 8 and Feb. 15. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral c…
Microsoft Patch Tuesday — February 2019: Vulnerability disclosures and Snort coverage
Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 69 vulnerabilities, 20 of which are rated “critical,” 46 that are considered “important” and three that are “moderate.” This release also includes…
What you can learn from Cisco Talos’ new oil pumpjack workshop
Paul Rascagneres wrote this blog post with contributions from Patrick DeSantis from Cisco Talos ARES (Advanced Research/Embedded Systems). Executive summary Every day, more industrial control systems (ICS) become vulnerable to cyber attacks. As these massive, critical machines become more interconne…
Threat Roundup for Feb. 1 to Feb. 8
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between Feb. 1 and Feb. 8. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral ch…
2018 in Snort Signatures
The cybersecurity field shifted quite a bit in 2018. With the boom of cryptocurrency, we saw a transition from ransomware to cryptocurrency miners. Talos researchers identified APT campaigns including VPNFilter, predominantly affecting small business and home office networking equipment, as well as…
ExileRAT shares C2 with LuckyCat, targets Tibet
Cisco Talos recently observed a malware campaign delivering malicious Microsoft PowerPoint document using a mailing list run by the Central Tibetan Administration (CTA), an organization officially representing the Tibetan government-in-exile. The document used in the attack was a PPSX file, a file f…
Threat Roundup for Jan. 25 to Feb. 1
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between Jan. 25 and Feb. 1. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral…
Cisco Job Posting Targets Korean Candidates
Edmund Brumaghin and Paul Rascagneres authored this post, with contributions from Jungsoo An. Executive summary Cisco Talos recently observed a targeted malware campaign being leveraged in an attempt to compromise specific organizations. The infection vector associated with this campaign was a Micro…