phishing

May 3, 2017

THREAT RESEARCH

Gmail Worm Requiring You To Give It A Push And Apparently You All Are Really Helpful

This post authored Sean Baird and Nick Biasini Attackers are always looking for creative ways to send large amount of spam to victims. A short-lived, but widespread Google Drive themed phishing campaign has affected a large number of users across a variety of verticals. This campaign would be bcc…

October 6, 2016

5

SECURITY

Phishing for Threat Intelligence: Using Your Spam Quarantine for the Greater Good

Effectively protecting your assets increasingly involves effective threat intelligence to better understand the types of attackers targeting your sector, and what your vulnerabilities are. Lack of any threat intelligence at all, or even the foresight to use Google and Twitter to spot fake scams tren…

August 3, 2016

EDUCATION

Cybersecurity in Education: Threats Impacting K-12 and Higher Education

As schools, colleges, and universities become more connected, it opens up a world of possibilities for students. The IT market suggests today we have around 15 billion devices utilizing an IP address, and that number is expected to grow to approximately 500 billion devices by 2030. Everything from t…

June 13, 2016

RETAIL AND HOSPITALITY

How to Build a Retail Culture of Security

Hello! My name is Teresa Devine, and I am a business transformation advisor here at Cisco. I help large enterprises in retail and hospitality define and execute digital transformation strategies. A key area of interest of mine is security: As a former Fortune 500 CIO and acting CISO, I understand th…

May 10, 2016

1

FINANCIAL SERVICES

Hackers Are Challenging Banks Every Day

$81 million is what was stolen, undetected, out of a Bangladesh Bank account at the Federal Reserve Bank of New York. Unbelievable how the malware modified the SWIFT software and bypassed validity checks. This Bangladesh Bank breach highlights the wide range and new, creative ways hackers are innova…

July 31, 2015

17

THREAT RESEARCH

Your Files Are Encrypted with a “Windows 10 Upgrade”

This post was authored by Nick Biasini with contributions from Craig Williams & Alex Chiu Update 8/1: To see a video of this threat in action click here Adversaries are always trying to take advantage of current events to lure users into executing their malicious payload. These campaigns are usu…

June 24, 2015

1

THREAT RESEARCH

Hook, Line & Sinker: Catching Unsuspecting Users Off Guard

This post was authored by Earl Carter. Attackers are constantly looking for ways to monetize their malicious activity. In many instances this involves targeting user data and accounts. Talos continues to see phishing attacks targeting customers of multiple high profile financial institutions.  In th…

March 12, 2015

14

THREAT RESEARCH

Talos Discovery Spotlight: Hundreds of Thousands of Google Apps Domains’ Private WHOIS Information Disclosed

This post was authored by Nick Biasini, Alex Chiu, Jaeson Schultz, and Craig Williams. Special thanks to William McVey for his contributions to this post. Table of Contents Overview WHOIS Privacy Protection Why Does This Exist The Issue Implications for the Good/Bad Guys Current State and Mitigatio…

March 3, 2015

1

SECURITY

The Seven Deadly Sins of User Access Controls: Part I

2014 was a terrible year for corporate data breaches. If there is to be any silver lining, information security professionals must draw lessons from the carnage. A good place to start is to identify common denominators. Several of the most damaging incidents started with phishing emails into office…