Articles
Bitcoin Bomb Scare Associated with Sextortion Scammers
Organizations across the country are on edge today after a flurry of phony bomb threats hit several public entities Thursday, such as universities, schools and news outlets, among others. The attackers distributed malicious emails claiming to have placed some type of explosive materials in the recip…
in(Secure) messaging apps — How side-channel attacks can compromise privacy in WhatsApp, Telegram, and Signal
Messaging applications have been around since the inception of the internet. But recently, due to the increased awareness around mass surveillance in some countries, more users are installing end-to-end encrypted apps dubbed “secure instant messaging applications.” These apps claim to en…
Threat Roundup for Nov. 30 to Dec. 7
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between Nov. 30 and Dec. 7. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral c…
An introduction to offensive capabilities of Active Directory on UNIX
Tim Wadhwa-Brown of Portcullis Labs authored this post. In preparation for our talk at Black Hat Europe, Security Advisory EMEAR would like to share the background on our recent research into some common Active Directory integration solutions. Just as with Windows, these solutions can be utilized to…
DNSpionage Campaign Targets Middle East
This blog post was authored by Warren Mercer and Paul Rascagneres. Executive Summary Cisco Talos recently discovered a new campaign targeting Lebanon and the United Arab Emirates (UAE) affecting .gov domains, as well as a private Lebanese airline company. Based on our research, it’s clear that…
Vulnerability Spotlight: Multiple remote vulnerabilities in TP-Link TL-R600VPN
Cisco Talos is disclosing multiple vulnerabilities in the TP-Link TL-R600VPN router. TP-Link produces a number of different types of small and home office (SOHO) routers. Talos discovered several bugs in this particular router model that could lead to remote code execution. There are two root causes…
Threat Roundup for November 9 to November 16
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between Nov. 09 and Nov. 16. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral…
Threat Roundup for November 2 to November 9
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between Nov. 02 and Nov. 09. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral…
Metamorfo Banking Trojan Keeps Its Sights on Brazil
This blog post was authored by Edmund Brumaghin, Warren Mercer, Paul Rascagneres, and Vitor Ventura. Executive Summary Financially motivated cybercriminals have used banking trojans for years to steal sensitive financial information from victims. They are often created to gather credit card informat…