Jaeson Schultz

Malicious QR Codes: How big of a problem is it, really? QR codes are disproportionately effective at bypassing most anti-spam filters. Talos discovered two effective methods for defanging malicious QR codes, a necessary step to make them safe for consumpti...

Malicious QR Codes: How big of a problem is it, really?
blog.talosintelligence.com/malicious_qr...

In order to save democracy, Biden needs to threaten to assassinate all 6 conservatives on the Supreme Court as an official act of his presidency. It’s what FDR would have done.

McAfee products are so shitty they need to fake finding viruses on your computer to generate sales

Happy birthday Bob Marley

This is a lie, and it's always been a lie. Something like ChatGPT needs a TON of text in the language you're targeting to train the model. You get it by licensing it, or you by paying people to write it for you, or by stealing it. What they're saying is it's impossible to create CHEAPLY.

Project PowerUp – Helping to keep the lights on in Ukraine in the face of electronic warfare Project PowerUp is the story of how Cisco Talos worked with a multi-national, multi-company coalition of volunteers and experts to help “keep the lights on” in Ukraine, by injecting a measure of s...

At Talos, we fight the good fight every day to protect others. Read an account of how Talos worked with several other Cisco teams to help the Ukrainian people, who are struggling to maintain civilization in an invaded country, and keep the lights on.

blog.talosintelligence.com/project-powe...

New SugarGh0st RAT targets Uzbekistan government and South Korea Cisco Talos recently discovered a malicious campaign that likely started as early as August 2023, delivering a new remote access trojan (RAT) we dubbed “SugarGh0st.”

SugarGh0st RAT is a new customized variant of Gh0st RAT, an infamous trojan that’s been active for more than a decade

blog.talosintelligence.com/new-sugargh0...

What is threat hunting? Many organizations are curious about the idea of threat hunting, but what does this really entail? In this video, four experienced security professionals from across Cisco recently sat down to discus...

Many organizations are curious about the idea of threat hunting, but what does this really entail? In this video, we try to address the many answers to the question, "What is threat hunting?"

blog.talosintelligence.com/what-is-thre...

Exclusive: This pizza box-sized equipment could be key to Ukraine keeping the lights on this winter ... Staring down another frigid winter and desperate to keep the lights on, Ukraine’s power grid operator has surreptitiously imported custom-built equipment designed to withstand Russian electronic w...

Learn how a team of experts from Talos and others at Cisco are helping to protect #Ukraine's power grid with a line of specially crafted devices.

www.cnn.com/2023/11/21/p...

Arid Viper disguising mobile spyware as updates for non-malicious Android applications Since April 2022, Cisco Talos has been tracking a malicious campaign operated by the espionage-motivated Arid Viper advanced persistent threat (APT) group targeting Arabic-speaking Android users.

A threat actor known as #AridViper (likely operating out of #Gaza) has been targeting users in the #MiddleEast with #spyware disguised as dating apps, dating back to November 2022.

blog.talosintelligence.com/arid-viper-m...

Attacks on web applications spike in third quarter, new Talos IR data shows We observed the BlackByte ransomware group’s new variant, BlackByte NT, for the first time in addition to the previously seen LockBit ransomware, which continues to be the top observed ransomware fa...

Attacks on web applications spike in third quarter, new Talos IR data shows

blog.talosintelligence.com/talos-ir-tre...

New ShroudedSnooper actor targets telecommunications firms in the Middle East with novel Implants Cisco Talos has discovered a new intrusion set we're calling "ShroudedSnooper" consisting of two new implants "HTTPSnoop" and "PipeSnoop" targeting telecommunications firms in the middle-east.

"ShroudedSnooper" is actively targeting telecommunications companies in the Middle East using a previously undiscovered #malware family. More details on this threat and how users can stay protected.

blog.talosintelligence.com/introducing-...

What's in a name? Strange behaviors at top-level domains creates uncertainty in DNS Google introduced the new “.zip” Top Level Domain (TLD) on May 3, 2023, igniting a firestorm of controversy as security organizations warned against the confusion that was certain to occur. When ...

Not all Top Level Domains are created equal. Some TLDs do some pretty strange things in DNS.

blog.talosintelligence.com/whats-in-a-n...

Lazarus Group's infrastructure reuse leads to discovery of new malware Lazarus Group appears to be changing its tactics, increasingly relying on open-source tools and frameworks in the initial access phase of their attacks, as opposed to strictly employing them in the po...

Lazarus Group is using a new remote access trojan called “CollectionRAT.” CollectionRAT appears to be connected to Jupiter/EarlyRAT, another malware family Kaspersky recently wrote about and attributed to Andariel, a subgroup within the Lazarus Group.

blog.talosintelligence.com/lazarus-coll...

Lazarus Group exploits ManageEngine vulnerability to deploy QuiteRAT This is the third documented campaign attributed to this actor in less than a year, with the actor reusing the same infrastructure throughout these operations.

Cisco Talos discovered the North Korean state-sponsored actor Lazarus Group targeting internet backbone infrastructure and healthcare entities in Europe and the United States.

blog.talosintelligence.com/lazarus-quit...

On the latest Security Stories podcast, we cover how Cisco Talos Incident Response helped one healthcare customer avoid the worst with retainer services.

www.cisco.com/c/en/us/prod...

Holger wrote an amazing blog over on hexrays - digging in to generating signatures for Nim and other non-C programming languages.

The rise of AI-powered criminals: Identifying threats and opportunities A major area of impact of AI tools in cybercrime is the reduced need for human involvement in certain aspects of cybercriminal organizations.

The rise of AI-powered criminals

https://blog.talosintelligence.com/the-rise-of-ai-powered-criminals/

Code leaks are causing an influx of new ransomware actors Cisco Talos is seeing an increasing number of ransomware variants emerge, since 2021, leading to more frequent attacks and new challenges for cybersecurity professionals, particularly regarding actor...

There have been multiple leaks of ransomware source code and builders, giving unsophisticated attackers the ability to easily generate their own ransomware with little effort or knowledge.

https://blog.talosintelligence.com/code-leaks-new-ransomware-actors/

Half-Year in Review: Recapping the top threats and security trends so far in 2023 We've seen threat actors utilize every chance they get to steal sensitive data, to be used in future attacks and/or to manipulate victims into paying up before their data ends up on the dark web.

Between new ransomware groups, a growing mercenary space, espionage campaigns, supply chain attacks, and new “as a service” tools popping up, there's a lot to talk about already in the first half of 2023.

The many vulnerabilities Talos discovered in SOHO and industrial wireless routers post-VPNFilter Given the privileged position these devices occupy on the networks they serve, they are prime targets for attackers, so their security posture is of paramount importance.

The many vulnerabilities Talos discovered in SOHO and industrial wireless routers post-VPNFilter

https://blog.talosintelligence.com/router-researcher-vulnerability-spotlight-23/

Incident Response trends Q2 2023: Data theft extortion rises, while healthcare is still most-targete... Ransomware was the second most-observed threat this quarter, accounting for 17 percent of engagements, a slight increase from last quarter’s 10 percent.

Data theft extortion rose as the threat Talos Incident Response saw the most last quarter. Want to learn more about what we're seeing in the wild, and what you can learn from it? Read our latest Quarterly Report.

https://blog.talosintelligence.com/talos-ir-q2-2023-quarterly-recap/

As the internet starts to pivot away from passwords as a primary login method, what might future #phishing attacks look like? We address this future in our latest post
https://blog.talosintelligence.com/what-might-authentication-attacks-look-like-in-a-phishing-resistant-future/

Old certificate, new signature: Open-source tools forge signature timestamps on Windows drivers Actors are leveraging multiple open-source tools that alter the signing date of kernel mode drivers to load malicious and unverified drivers signed with expired certificates.

Cisco Talos recently saw threat actors exploiting a #Windows policy loophole that allows the signing and loading of cross-signed kernel-mode drivers with older signature timestamps. #Microsoft just released an advisory on this activity, but more on our blog here: http://cs.co/6011PzaVd

#Spyware and the "mercenary" groups that make these tools aren't going anywhere. Here's what makes these groups so dangerous and what other steps the #cybersecurity community should still be taking.

https://blog.talosintelligence.com/the-growth-of-commercial-spyware/

Cisco Talos—Threat Intelligence Research Team Cisco Talos, a proven threat intelligence team of researchers, analysts, and incident responders, provides leading security research and response globally.

Talos Threat Hunters are the front lines of #cybersecurity. They actively keep businesses, countries, and the whole internet safer. 💻🌎🔐

Discover how Talos identifies new and evolving threats in the wild, and how their intel helps organizations build strong defenses.

Video: How Talos’ open-source tools can assist anyone looking to improve their security resilience A rundown of Talos open-source software tools, which anyone in the security community can download for free, and use for research, skills, training, or integration into existing security infrastructur...

Did you know Talos has 27 #opensource tools for anyone to use? These range from our world-class IPS #Snort, to free #ransomware decryptors. Learn more with this video

https://blog.talosintelligence.com/how-talos-open-source-tools-can-assist-anyone-looking-to-improve-their-security-resilience/