Articles
Threat Roundup for September 13 to September 20
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between Sep. 13 to Sep 20. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral ch…
Emotet is back after a summer break
This blog post was written by Colin Grady, William Largent, and Jaeson Schultz. Emotet is still evolving, five years after its debut as a banking trojan. It is one of the world’s most dangerous botnets and malware droppers-for-hire. The malware payloads dropped by Emotet serve to more fully mo…
Cryptocurrency miners aren’t dead yet: Documenting the voracious but simple “Panda”
By Christopher Evans and David Liebenberg. Executive summary A new threat actor named “Panda” has generated thousands of dollars worth of the Monero cryptocurrency through the use of remote access tools (RATs) and illicit cryptocurrency-mining malware. This is far from the most sophisticated actor w…
Threat Roundup for September 6 to September 13
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between Sep. 6. to Sep 13. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral ch…
Watchbog and the Importance of Patching
By Luke DuCharme and Paul Lee. What Happened? Cisco Incident Response (CSIRS) recently responded to an incident involving the Watchbog cryptomining botnet. The attackers were able to exploit CVE-2018-1000861 to gain a foothold and install the Watchbog malware on the affected systems. This Linux-base…
Threat Roundup for August 30 to September 6
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between Aug. 30 and Sep. 6. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral c…
GhIDA: Ghidra decompiler for IDA Pro
Cisco Talos is releasing two new tools for IDA Pro: GhIDA and Ghidraaas. GhIDA is an IDA Pro plugin that integrates the Ghidra decompiler in the IDA workflow, giving users the ability to rename and highlight symbols and improved navigation and comments. GhIDA assists the reverse-engineering process…
The latest on BlueKeep and DejaBlue vulnerabilities — Using Firepower to defend against encrypted DejaBlue
Over the past few months, Microsoft has released several security updates for critical Remote Desktop Protocol (RDP)-related security bugs. These bugs are significant for IT infrastructure because they are classified as “wormable,” meaning future malware that exploits them could spread f…
Threat Roundup for August 23 to August 30
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between Aug. 23 and Aug. 30. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral…