TALOS

It’s important to be vigilant about tax-related scams any time these deadlines roll around, regardless of what country you’re in, but it’s not like you need to be particularly more skeptical in March and April.

We discuss three of the most common post-compromise tactics that Talos has observed in our threat telemetry and Cisco Talos Incident Response (Talos IR) engagements. These include modifying the device’s firmware, uploading customized/weaponized firmware, and bypassing security measures.

Analysis of the traffic between networked devices has always been of interest since devices could even communicate with one another.  As the complexity of networks grew, the more useful dedicated traffic analysis tools became. Major advancements have been made over the years with tools like Snort or Wireshark, but

Cisco Talos observed a surge in GhostSec, a hacking group’s malicious activities since this past year. GhostSec has evolved with a new GhostLocker 2.0 ransomware, a Golang variant of the GhostLocker ransomware.

. The bulk of her career was with a manufacturing company working as a security and email administrator, but she uses her criminal justice degree daily now with Talos IR helping to track down bad actors or helping customers understand adversaries’ motivation and tactics.

Apple’s newest encryption technology, called PQ3, now secures iMessages with end-to-end encryption that is quantum-resistant.

Other potential code execution vulnerabilities are also present in Weston Embedded µC/HTTP-server, a web server component in Weston Embedded's in-house operating system and an open-source library that processes several types of potentially sensitive medical tests.

As we begin a new year, we wanted to address one of the biggest issues we consistently see in our investigations: passive security.  Incident response engagements are an important part of our work and the intelligence-gathering process and their associated reports can be a treasure trove of tactics, techniques

Talos has observed a phishing spam campaign targeting potential victims in Mexico, luring users to download a new obfuscated information stealer we’re calling TimbreStealer, which has been active since at least November 2023.

Fake news, disinformation, misinformation – whatever label you want to put on it – will not just go away if one election in the U.S. goes one way or the other.