Cisco Talos Blog

Featured

GhostSec’s joint ransomware operation and evolution of their arsenal

Cisco Talos observed a surge in GhostSec, a hacking group’s malicious activities since this past year. GhostSec has evolved with a new GhostLocker 2.0 ransomware, a Golang variant of the GhostLocker ransomware.

March 15, 2024 10:00

The LockBit story: Why the ransomware affiliate model can turn takedowns into disruptions

Talos explores the recent law enforcement takedown of LockBit, a prolific ransomware group that claimed to resume their operations 7 days later.

March 13, 2024 08:00

Threat actors leverage document publishing sites for ongoing credential and session token theft

Talos IR has responded to several recent incidents in which threat actors used legitimate digital document publishing sites such as Publuu and Marq to host phishing documents as part of ongoing credential and session harvesting attacks.

March 4, 2024 08:00

Heather Couk is here to keep your spirits up during a cyber emergency, even if it takes the “Rocky” music

. The bulk of her career was with a manufacturing company working as a security and email administrator, but she uses her criminal justice degree daily now with Talos IR helping to track down bad actors or helping customers understand adversaries’ motivation and tactics.

Recent
March 14, 2024 14:00

Not everything has to be a massive, global cyber attack

There are a few reasons why we’re so ready to jump to the “it’s a cyber attack!”

March 12, 2024 14:07

Another Patch Tuesday with no zero-days, only two critical vulnerabilities disclosed by Microsoft

March’s Patch Tuesday is relatively light, containing 60 vulnerabilities — only two labeled “critical.”

March 7, 2024 14:00

You’re going to start seeing more tax-related spam, but remember, that doesn’t actually mean there’s more spam

It’s important to be vigilant about tax-related scams any time these deadlines roll around, regardless of what country you’re in, but it’s not like you need to be particularly more skeptical in March and April.

March 7, 2024 10:00

The 3 most common post-compromise tactics on network infrastructure

We discuss three of the most common post-compromise tactics that Talos has observed in our threat telemetry and Cisco Talos Incident Response (Talos IR) engagements. These include modifying the device’s firmware, uploading customized/weaponized firmware, and bypassing security measures.

March 5, 2024 15:30

Badgerboard: A PLC backplane network visibility module

Analysis of the traffic between networked devices has always been of interest since devices could even communicate with one another.  As the complexity of networks grew, the more useful dedicated traffic analysis tools became. Major advancements have been made over the years wit