malware

March 6, 2020

THREAT RESEARCH

Threat Roundup for February 28 to March 6

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between Feb 28 and Mar 6. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral cha…

March 3, 2020

SECURITY

Security’s Vicious Cycle

Security Reimagined — Solving an Old Problem with a New Approach A decade ago this January, Steve Jobs challenged the conventional wisdom about tablets, unveiling the iPad with the words, “What this device has done is extraordinary.” Coming on the heels of iPhone’s smashing success three years earli…

February 28, 2020

THREAT RESEARCH

Threat Roundup for February 21 to February 28

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between Feb 21 and Feb 28. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral ch…

February 25, 2020

THREAT RESEARCH

New Research Paper: Prevalence and Impact of Low-Entropy Packing Schemes in the Malware Ecosystem

Detection of malware is a constant battle between the technologies designed to detect and prevent malware and the authors creating them. One common technique adversaries leverage is packing binaries. Packing an executable is similar to applying compression or encryption and can inhibit the ability o…

February 21, 2020

THREAT RESEARCH

Threat Roundup for February 14 to February 21

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between Feb 14 and Feb 21. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral ch…

February 18, 2020

THREAT RESEARCH

Building a bypass with MSBuild

By Vanja Svajcer. In one of our previous posts, we discussed the usage of default operating system functionality and other legitimate executables to execute the so-called “living-off-the-land” approach to the post-compromise phase of an attack. We called those binaries LoLBins. Since the…

February 14, 2020

THREAT RESEARCH

Threat Roundup for February 7 to February 14

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between Feb 7 and Feb 14. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral cha…

February 13, 2020

THREAT RESEARCH

Threat actors attempt to capitalize on coronavirus outbreak

By Nick Biasini and Edmund Brumaghin. Coronavirus is dominating the news and threat actors are taking advantage. Cisco Talos has found multiple malware families being distributed with Coronavirus lures and themes. This includes emotet and several RAT variants. Executive Summary Using the news to t…

February 12, 2020

THREAT RESEARCH

Loda RAT Grows Up

By Chris Neal. Over the past several months, Cisco Talos has observed a malware campaign that utilizes websites hosting a new version of Loda, a remote access trojan (RAT) written in AutoIT. These websites also host malicious documents that begin a multi-stage infection chain which ultimately serves…