Articles
Threat Roundup for July 19 to July 26
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between July 19 and July 26. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral…
Let’s Destroy Democracy
Election security through an adversary’s eyes This post was authored by Matt Olney. Executive summary Over the past few years, Cisco Talos has increasingly been involved in election security research and support, most recently supporting the Security Service of Ukraine in their efforts to secure th…
Threat Roundup for July 12 to July 19
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between July 12 and July 19. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral…
SWEED: Exposing years of Agent Tesla campaigns
By Edmund Brumaghin and other Cisco Talos researchers. Executive summary Cisco Talos recently identified a large number of ongoing malware distribution campaigns linked to a threat actor we’re calling “SWEED,” including such notable malware as Formbook, Lokibot and Agent Tesla. Bas…
Threat Roundup for July 5 to July 12
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between July 5 and July 12. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral c…
Should governments pay extortion payments after a ransomware attack?
When it comes to ransomware attacks this year, it’s been a tale of three cities. In May, the city of Baltimore suffered a massive ransomware attack that took many of its systems down for weeks — restricting employees’ access to email, closing online payment portals and even preventing parking enforc…
Sea Turtle Keeps on Swimming
By Danny Adamitis with contributions from Paul Rascagneres. Executive summary After several months of activity, the actors behind the “Sea Turtle” DNS hijacking campaign are not slowing down. Cisco Talos recently discovered new details that suggest they regrouped after we published our i…
Threat Roundup for June 28 to July 5
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between June 28 and July 5. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral c…
Vulnerability Spotlight: Remote code execution vulnerabilities in Simple DirectMedia Layer
Simple DirectMedia Layer contains two vulnerabilities that could an attacker to remotely execute code on the victim’s machine. Both bugs are present in the SDL2_image library, which is used for loading images in different formats. There are vulnerabilities in the function responsible for loading PCX…