|
|
| CARVIEW |
Family group chats: Your (very last) line of cyber defense
Amy gives an homage to parents in family group chats everywhere who want their children to stay safe in this wild world.
Great Scott, I’m tired
Hazel celebrates unseen effort in cybersecurity and shares some PII. Completely unrelated, but did you know “Back to the Future” turns 40 this year?
Put together an IR playbook — for your personal mental health and wellbeing
This edition pulls the curtain aside to show the realities of the VPN Filter campaign. Joe reflects on the struggle to prevent burnout in a world constantly on fire.
Beaches and breaches
Thor examines why supply chain and identity attacks took center stage in this week’s headlines, rather than AI and ransomware.
From summer camp to grind season
Bill takes thoughtful look at the transition from summer camp to grind season, explores the importance of mental health and reflects on AI psychiatry.
Link up, lift up, level up
This week, Joe encourages you to find your community in cybersecurity and make the effort to grow, network and hack stuff together.
Cherry pie, Douglas firs and the last trip of the summer
Amy (ahem, Special Agent Dale Cooper) shares lessons from their trip to the Olympic Peninsula and cybersecurity travel tips for your last-minute adventures.
What happened in Vegas (that you actually want to know about)
Hazel braves Vegas, overpriced water and the Black Hat maze to bring you Talos’ latest research — including a deep dive into the PS1Bot malware campaign.
AI wrote my code and all I got was this broken prototype
Can AI really write safer code? Martin dusts off his software engineer skills to put it it to the test. Find out what AI code failed at, and what it was surprisingly good at. Also, we discuss new research on how AI LLM models can be used to assist in the reverse engineering of malware.
The Booker Prize Longlist and Hacker Summer Camp
This week Bill connects the hype of literary awards to cybersecurity conference season. We highlight key insights from the Q2 2025 IR Trends report, including phishing trends, new ransomware strains, and top targeted sectors. Finally, check out all the places Talos will be at Black Hat.
BRB, pausing for a "Sanctuary Moon" marathon
Get to know the real people behind cybersecurity’s front lines. In this week’s newsletter, sci-fi meets reality, humanity powers technology and a few surprises are waiting to be discovered.
This is your sign to step away from the keyboard
This week, Martin shows how stepping away from the screen can make you a stronger defender, alongside an inside scoop on emerging malware threats.
Patch, track, repeat
Thorsten takes stock of a rapidly evolving vulnerability landscape: record-setting CVE publication rates, the growing fragmentation of reporting systems, and why consistent tracking and patching remain critical as we move through 2025.
A message from Bruce the mechanical shark
This Fourth of July, Bruce, the 25-foot mechanical shark from Jaws, shares how his saltwater struggles mirror the need for real-world cybersecurity stress testing.
Getting a career in cybersecurity isn’t easy, but this can help
This week, Joe reflects on his unique path into cybersecurity and shares honest advice for breaking into the field. Plus, learn how cybercriminals are abusing AI to launch more sophisticated attacks and what you can do to stay protected.
A week with a "smart" car
In this edition, Thor shares how a week off with a new car turned into a crash course in modern vehicle tech. Surprisingly, it offers many parallels to cybersecurity usability.
Know thyself, know thy environment
In this week's edition, Bill explores the importance of self-awareness and building repeatable processes to better secure your environment.
Everyone's on the cyber target list
In this week's newsletter, Martin emphasizes that awareness, basic cyber hygiene and preparation are essential for everyone, and highlights Talos' discovery of the new PathWiper malware.
A new author has appeared
Talos Content Manager Amy introduces themself, shares her unconventional journey into cybersecurity and reports on threats masquerading as AI installers.
Ghosted by a cybercriminal
Hazel observes that cybercriminals often fumble teamwork, with fragile alliances crumbling over missed messages. Plus, how UAT-6382 is exploiting Cityworks and what you can do to stay secure.
Xoxo to Prague
In this week’s newsletter, Thor inspects the LockBit leak, finding $10,000 “security tips,” ransom negotiations gone wrong and a rare glimpse into the human side of cybercrime.
The IT help desk kindly requests you read this newsletter
How do attackers exploit authority bias to manipulate victims? Martin shares proactive strategies to protect yourself and others in this must-read edition of the Threat Source newsletter.
Understanding the challenges of securing an NGO
Joe talks about how helping the helpers can put a fire in you and the importance of keeping nonprofits cybersecure.
Lessons from Ted Lasso for cybersecurity success
In this edition, Bill explores how intellectual curiosity drives success in cybersecurity, shares insights on the IAB ToyMaker’s tactics, and covers the top security headlines you need to know.
Care what you share
In this week’s newsletter, Thorsten muses on how search engines and AI quietly gather your data while trying to influence your buying choices. Explore privacy-friendly alternatives and get the scoop on why it's important to question the platforms you interact with online.
Threat actors thrive in chaos
Martin delves into how threat actors exploit chaos, offering insights from Talos' 2024 Year in Review on how to fortify defenses against evolving email lures and frequently targeted vulnerabilities, even amidst economic disruption.
One mighty fine-looking report
Hazel highlights the key findings within Cisco Talos’ 2024 Year in Review (now available for download) and details our active tracking of an ongoing campaign targeting users in Ukraine with malicious LNK files.
Money Laundering 101, and why Joe is worried
In this blog post, Joe covers the very basics of money laundering, how it facilitates ransomware cartels, and what the regulatory future holds for cybercrime.
Tomorrow, and tomorrow, and tomorrow: Information security and the Baseball Hall of Fame
In this week’s Threat Source newsletter, William pitches a fun comparison between baseball legend Ichiro Suzuki and the unsung heroes of information security, highlights newly released UAT-5918 research, and shares an exciting new Talos video.
Patch it up: Old vulnerabilities are everyone’s problems
Thorsten picks apart some headlines, highlights Talos’ report on an unknown attacker predominantly targeting Japan, and asks, “Where is the victim, and does it matter?”
Who is Responsible and Does it Matter?
Martin Lee dives into to the complexities of defending our customers from threat actors and covers the latest Talos research in this week's newsletter.
Sellers can get scammed too, and Joe goes off on a rant about imposter syndrome
Joe has some advice for anyone experiencing self doubt or wondering about their next career move. Plus, catch up on the latest Talos research on scams targeting sellers, and the Lotus Blossom espionage group.
Efficiency? Security? When the quest for one grants neither.
William discusses what happens when security is an afterthought rather than baked into processes and highlights the latest of Talos' security research.
Changing the narrative on pig butchering scams
Hazel discusses Interpol’s push to rename pig butchering scams as ‘romance baiting’. Plus, catch up on the latest vulnerability research from Talos, and why a recent discovery is a “rare industry win”.
Changing the tide: Reflections on threat data from 2024
Thorsten examines last year’s CVE list and compares it to recent Talos Incident Response trends. Plus, get all the details on the new vulnerabilities disclosed by Talos’ Vulnerability Research Team.
Defeating Future Threats Starts Today
Martin discusses how defenders can use threat intelligence to equip themselves against AI-based threats. Plus check out his introductory course to threat intelligence.
Everything is connected to security
Joe shares his recent experience presenting at the 32nd Crop Insurance Conference and how it's important to stay curious, be a forever student, and keep learning.
Find the helpers
Bill discusses how to find 'the helpers' and the importance of knowledge sharing. Plus, there's a lot to talk about in our latest vulnerability roundup.
Do we still have to keep doing it like this?
Hazel gets inspired by watching Wendy Nather’s recent keynote, and explores ways to challenge security assumptions.
Welcome to the party, pal!
In the last newsletter of the year, Thorsten recalls his tech-savvy gift to his family and how we can all incorporate cybersecurity protections this holiday season.
Something to Read When You Are On Call and Everyone Else is at the Office Party
Its mid-December, if you’re on-call or working to defend networks, this newsletter is for you. Martin discusses the widening gap between threat and defences as well as the growing problem of home devices being recruited to act as proxy servers for criminals.
The adventures of an extroverted cyber nerd and the people Talos helps to fight the good fight
Ever wonder what an extroverted strategy security nerd does? Wonder no longer! This week, Joe pontificates on his journey at Talos, and then is inspired by the people he gets to meet and help.
Bidirectional communication via polyrhythms and shuffles: Without Jon the beat must go on
The Threat Source Newsletter is back! William Largent discusses bidirectional communication in the SOC, and highlights new Talos research including the discovery of PXA Stealers.
What I’ve learned in my first 7-ish years in cybersecurity
Plus, a zero-day vulnerability in Qualcomm chips, exposed health care devices, and the latest on the Salt Typhoon threat actor.
What NIST’s latest password standards mean, and why the old ones weren’t working
Rather than setting a regular cadence for changing passwords, users only need to change their passwords if there is evidence of a breach.
CISA is warning us (again) about the threat to critical infrastructure networks
Despite what lessons we thought we learned from Colonial Pipeline, none of those lessons have been able to be put into practice.
Are hardware supply chain attacks “cyber attacks?”
It shouldn’t just be viewed as a cybersecurity issue, because for a hardware supply chain attack, an adversary would likely need to physically infiltrate or tamper with the manufacturing process.
Talk of election security is good, but we still need more money to solve the problem
This year, Congress only allocated $55 million in federal grant dollars to states for security and other election improvements.
We can try to bridge the cybersecurity skills gap, but that doesn’t necessarily mean more jobs for defenders
A June report from CyberSeek found that there are only enough skilled workers to fill 85 percent of cybersecurity jobs in America.
The best and worst ways to get users to improve their account security
In my opinion, mandatory enrollment is best enrollment.
What kind of summer has it been?
As we head into the final third of 2024, we caught up with Talos' Nick Biasini to ask him about the biggest shifts and trends in the threat landscape so far. Turns out, he has two major areas of concern.
No, not every Social Security number in the U.S. was stolen
It’s not unusual for a threat actor to exaggerate the extent of a hack or breach to drum up interest, and hopefully, the eventual purchase or ransom price.
AI, election security headline discussions at Black Hat and DEF CON
Voting Village co-founder Harri Hursti told Politico the list of vulnerabilities ran “multiple pages.”
The top stories coming out of the Black Hat cybersecurity conference
As with everything nowadays, politics are sure to come into play.
There is no real fix to the security issues recently found in GitHub and other similar software
The lesson for users, especially if you’re a private company that primarily uses GitHub, is just to understand the inherent dangers of using open-source software.
The massive computer outage over the weekend was not a cyber attack, and I’m not sure why we have to keep saying that
Seeing a “blue screen of death,” often with code that looks indecipherable, has been ingrained into our heads that it’s a “hack."
It's best to just assume you’ve been involved in a data breach somehow
Telecommunications provider AT&T disclosed earlier this month that adversaries stole a cache of data that contained the phone numbers and call records of “nearly all” of its customers.
Checking in on the state of cybersecurity and the Olympics
Even if a threat actor isn’t successful in some widespread breach that makes international headlines, even smaller-scale threats and actors are just hoping to cause chaos.
We’re not talking about cryptocurrency as much as we used to, but there are still plenty of scammers out there
A report in March found that 72% of cryptocurrency projects had died since 2020, with crypto trading platform FTX’s downfall taking out many of them in one fell swoop.
Tabletop exercises are headed to the next frontier: Space
More on the recent Snowflake breach, MFA bypass techniques and more.
How we can separate botnets from the malware operations that rely on them
A botnet is a network of computers or other internet-connected devices that are infected by malware and controlled by a single threat actor or group.
The sliding doors of misinformation that come with AI-generated search results
AI’s integration into search engines could change the way many of us interact with the internet.
Attackers are impersonating a road toll payment processor across the U.S. in phishing attacks
Drivers from New York to Georgia and Pennsylvania have received these types of texts with equally convincing phishing text messages and lure pages.
Apple and Google are taking steps to curb the abuse of location-tracking devices — but what about others?
Plus, SS7 vulnerabilities are being exploited and BreachForums is taken down again.
Rounding up some of the major headlines from RSA
Here’s a rundown of some things you may have missed if you weren’t able to stay on top of the things coming out of the conference.
A new alert system from CISA seems to be effective — now we just need companies to sign up
Under a pilot program, CISA has sent out more than 2,000 alerts to registered organizations regarding the existence of any unpatched vulnerabilities in CISA’s KEV catalog.
What can we learn from the passwords used in brute-force attacks?
There are some classics on this list — the ever-present “Password” password, Passw0rd (with a zero, not an “O”) and “123456.”
The private sector probably isn’t coming to save the NVD
Plus, new details emerge on the Scattered Spider cybercrime network and ArcaneDoor.
Could the Brazilian Supreme Court finally hold people accountable for sharing disinformation?
At most, someone who intentionally or repeatedly shares information on their social platform that’s misleading or downright false may have their account blocked, suspended or deleted.
The internet is already scary enough without April Fool’s jokes
The security community is still reflecting on the “What If” of the XZ backdoor.
There are plenty of ways to improve cybersecurity that don’t involve making workers return to a physical office
An April 2023 study from Kent State University found that remote workers are more likely to be vigilant of security threats and take actions to ward them off than their in-office counterparts.
Enter the substitute teacher
Welcome to this week’s threat source newsletter with Jon out, you’ve got me as your substitute teacher. I’m taking you back to those halcyon days of youth and that moment when you found out that you had a sub that day...
“Pig butchering” is an evolution of a social engineering tactic we’ve seen for years
In the case of pig butchering scams, it’s not really anything that can be solved by a cybersecurity solution or sold in a package.
Not everything has to be a massive, global cyber attack
There are a few reasons why we’re so ready to jump to the “it’s a cyber attack!”
You’re going to start seeing more tax-related spam, but remember, that doesn’t actually mean there’s more spam
It’s important to be vigilant about tax-related scams any time these deadlines roll around, regardless of what country you’re in, but it’s not like you need to be particularly more skeptical in March and April.
Why Apple added protection against quantum computing when quantum computing doesn’t even exist yet
Apple’s newest encryption technology, called PQ3, now secures iMessages with end-to-end encryption that is quantum-resistant.
TikTok’s latest actions to combat misinformation shows it’s not just a U.S. problem
Fake news, disinformation, misinformation – whatever label you want to put on it – will not just go away if one election in the U.S. goes one way or the other.
Why the toothbrush DDoS story fooled us all
There was about a 24-hour period where many news outlets reported on a reported DDoS attack that involved a botnet made up of thousands of internet-connected toothbrushes.
Spyware isn’t going anywhere, and neither are its tactics
For their part, the U.S. did roll out new restrictions on the visas of any foreign individuals who misuse commercial spyware.
The many ways electric cars are vulnerable to hacks, and whether that matters in a real-world
Researchers recently discovered 49 zero-day vulnerabilities, including a two-vulnerability exploit chain in Tesla cars that could allow an attacker to take over the onboard infotainment system.
Why is the cost of cyber insurance rising?
Cyber insurance premiums are expected to rise this year after leveling out in 2023.
What to do with that fancy new internet-connected device you got as a holiday gift
There are many examples of WiFi-enabled home cameras, assistants and doorbells vulnerable to a wide range of security issues.
A personal Year in Review to round out 2023
Everyone's New Year's Resolution should be to stop using passwords altogether.
Cybersecurity considerations to have when shopping for holiday gifts
When searching for holiday gifts online, make sure you’re buying from a trusted vendor, or if you haven’t heard of the vendor before, take a few extra minutes just to look them up and read their app’s privacy policy.
$19 Stanely cups, fake Amazon Prime memberships all part of holiday shopping scams circulating
Fake Facebook ads seem to be the flavor of the month for scammers.
We all just need to agree that ad blockers are good
YouTube’s new rules may not be around for long anyway, because they might run afoul of European Union regulations
A new video series, Google Forms spam and the various gray areas of cyber attacks
It can be easy to get caught up in the “big” questions in cybersecurity, like how to stop ransomware globally or keep hospitals up and running when they’re targeted by data theft extortion.
You’d be surprised to know what devices are still using Windows CE
The Arid Viper threat actor is actively trying to install spyware on targeted devices in the Middle East, using fake dating apps as lures.
How helpful are estimates about how much cyber attacks cost?
New YoroTrooper research, the latest on the Cisco IOS vulnerability, and more.
More helpful resources for users of all skill levels to help you Take a Security Action
Taking a “Security Action” of any kind — whether it be simply enabling multi-factor authentication for your online banking login or marking that weird email as spam — can go a long way toward you and any organizations you’re a part of be more security resilient.
Top resources for Cybersecurity Awareness Month
Plus, many of the world’s largest cloud providers are warning of a vulnerability that attackers exploited in August to launch the largest distributed denial-of-service attack on record.
Is it bad to have a major security incident on your résumé? (Seriously I don’t know)
Plus, Qakbot appears to be still active, despite efforts from the FBI and other international law enforcement agencies to disrupt the massive botnet.
The security pitfalls of social media sites offering ID-based authentication
Two notable vulnerabilities in Google Chrome should be patched asap, and an allegedly new ransomware-as-a-service group.
What’s the point of press releases from threat actors?
It reads as if ALPHV really wants to come across as the “good guys” in this case, but I’m not sure who outside of dark web circles would be willing to feel sorry for them.
Turns out even the NFL is worried about deepfakes
With the popularity of pay-for-shoutout services like Cameo, it’d be fairly easy for someone to develop a convincing enough deepfake of a player and try to steal someone’s money by saying they could prank their fantasy football league for $50.
A secondhand account of the worst possible timing for a scammer to strike
Cybercriminals are abusing Advanced Installer, a legitimate Windows tool used for creating software packages, to drop cryptocurrency-mining malware on infected machines, new Cisco Talos research shows.
New open-source infostealer, and reflections on 2023 so far
A new open-source information stealer called ‘SapphireStealer’ has been observed across public malware repositories with increasing frequency. Plus, watch a new series of videos on the year so far in the threat landscape.
Years into these games’ histories, attackers are still creating “Fortnite” and “Roblox”-related scams
The latest activity from Lazarus Groups, .gov domains scamming people out of "V-Bucks" and more in this week's edition.
Recapping the top stories from Black Hat and DEF CON
Unsurprisingly, it seems like AI was the talk of the town.
Reflecting on supply chain attacks halfway through 2023
With BlackHat and “Hacker Summer Camp” going on over the next few weeks, this seems like the right time to step back and reflect on what’s happened so far this year.
Previewing Talos at BlackHat 2023
Cisco Talos will be well-represented at BlackHat and DEF CON over the course of the next few weeks with a slew of presentations, demos and appearances to speak to the security community.
Every company has its own version of ChatGPT now
Meta most recently entered the AI race with Llama 2, an open-source version of their chatbot. IBM has also re-branded its watson tool (formerly known as capital “W” Watson who was really good at “Jeopardy”) to be a ChatGPT-like.
The federal government’s cybersecurity policies are falling into place just in time to be stalled again
Last week, the Biden administration released its formal roadmap for its national cybersecurity initiative meant to encourage greater investment in cybersecurity and strengthen the U.S.’s critical infrastructure security (and more).
QR codes are relevant again for everyone from diners to threat actors
QR codes have always served as a way for bad actors to spread malware or even your friendly neighborhood prankster to share Rick Astley’s most famous music video.
DDoS attacks want to make sure you haven’t forgotten about them
The economic damage of DDoS attacks is tough to measure — who can really say how much money Blizzard missed out on by not having players in “Diablo IV” for a few hours spending money on microtransactions or choosing to buy the game?
New video provides a behind-the-scenes look at Talos ransomware hunters
Apple's emergency patch, AI-generated art and more security headlines from the past week.
Cybersecurity hotlines at colleges could go a long way toward filling the skills gap
These clinics offers pro-bono cybersecurity services — like incident response, general advice and ransomware defense — to community organizations, non-profits and small businesses that normally couldn’t afford to pay a private company for these same services.
URLs have always been a great hiding place for threat actors
The information leak threats are certainly new, but the education and messaging from security evangelists (and even just anyone trying to educate an older or less security-savvy family member) doesn’t change.
Now’s not the time to take our foot off the gas when it comes to fighting disinformation online
YouTube released a statement that “we will stop removing content that advances false claims that widespread fraud, errors, or glitches occurred in the 2020 and other past US Presidential elections.”
Legislation alone isn’t enough to stop spyware
The latest on a newly discovered phishing botnet and the latest headlines regarding how countries use spyware.
It’s apparently hip to still be using Windows 7
Steam, the most popular video game storefront on PCs, only recently announced that it was ending support for Windows 7 and 8, and even then, it won’t be official until January.
It’s really OK to take a break sometimes, especially in security
The work is always going to be there, whether you take a day or a week off. Unfortunately, the cybersecurity community at large is not going to stop cybercrime overnight.
Threat Source newsletter (May 11, 2023) — So much for that ransomware decline
A ransomware attack on the city of Dallas, Texas is still disrupting many social services as of Wednesday, including hampering police communications and operations and potentially putting personal information at risk.
Threat Source newsletter (May 4, 2023) — Recapping the biggest headlines to come out of RSA
Unsurprisingly, it seems like AI was brought up anywhere and everywhere.
Threat Source newsletter (April 27, 2023) — New Cisco Secure offerings and extra security from Duo
AI-generated spam comments on Amazon, the latest on the 3CX supply chain attack and more security headlines from the past week.
Threat Source newsletter (April 20, 2023) — Preview of Cisco and Talos at RSA
Heading to San Francisco next week? Here are all the Talos and Cisco Secure talks and events you won't want to miss.
Threat Source newsletter (April 13, 2023) — Dark web forum whac-a-mole
Microsoft zero-days, dark web forum takedowns and Pentagon leaks on Discord in this week's newsletter.
Threat Source newsletter (April 6, 2023) — Another friendly reminder about supply chain attacks
Be prepared to discuss difficult topics with potential new third-party software vendors, such as incident notification requirements, access to logs during a security incident and who the important emergency contacts are.
Threat Source newsletter (March 30, 2023) — It’s impossible to tell if your home security camera or doorbell is truly safe
Very few of us looking to buy these pieces of equipment are qualified to say if these products are even secure, and those among us who are are probably smart enough to know not to buy these products in the first place.
Threat Source newsletter (March 23, 2023) — Meta is threatening to ban news sharing in Canada. Good.
Facebook users are notoriously the biggest offenders for sharing fake news and misinformation.
Threat Source newsletter (March 16, 2023) — A deep dive into Talos' work in Ukraine
The latest episode of ThreatWise TV from Hazel Burton is the closest look yet at the team Talos assembled in the days after Russia invaded Ukraine.
Threat Source newsletter (March 9, 2023) — Stop freaking out about ChatGPT
Don't expect AI to suddenly start stealing jobs or making malware more powerful.
Threat Source newsletter (March 2, 2023) — Little victories in the fight against ransomware
Serious sanctions and legal consequences may be slowing ransomware groups down, but it's still unclear if this is a permanent shift.
Threat Source newsletter (Feb. 23, 2023) — Social media sites are making extra security a paid feature
App-based multi-factor authentication — which is still free on Twitter — is safer than SMS MFA. So in theory, forcing people to pay for it would make them less likely to use it and switch to the free option.
Threat Source newsletter (Feb. 16, 2023) — Recapping what we may have missed so far this year
Jon is back from parental leave and recapping the top security stories from late 2022 and early 2023 that totally blew by him.
Threat Source newsletter (Feb. 9, 2023): Don't let criminals exploit your empathy
Our hearts are with the people of Turkey and Syria and all those impacted by the tragic earthquake. The Cisco Foundation has launched a matching campaign to support local disaster relief organizations.
Threat Source newsletter (Feb. 2, 2023): I bid you all adieu
Next week will be our final installment of our 2022 Year in Review report coverage. We’ll be publishing a final topic summary on Ransomware and Commodity Loaders and follow up these reports with a livestream on LinkedIn and Twitter with report and subject matter experts.
What Old is New Again and What's Old is Me?
Knowing what Talos IR is responding to this quarter gives you a direct view into what needs to be most secured and most analyzed to ensure your own environment remains secure.
Threat Source newsletter (Jan. 19, 2023): Talent retention and institutional knowledge
Talent retention and institutional knowledge go hand in hand. Both are critical to ensuring the security of your network environment.
Threat Source newsletter (Jan. 12, 2023): Did ChatGPT write our newsletter?
We tried to get ChatGPT to write this week’s newsletter but it was at capacity, so you’ll have to stick with us for another week. Or maybe that’s just what the robots want you to think, you be the judge
Threat Source newsletter (Jan. 5, 2023): Digging out of our inboxes
Happy New Year and welcome to this week's edition of the Threat Source newsletter. We can’t tell if it’s the fog from Lurene’s deadly eggnog or dare we say pure rest and relaxation but we’re still digging out of our inboxes, trying to remember logins, and circle back on all
Threat Source newsletter (Dec. 15, 2022): Talos Year in Review is here
The inaugural 2022 Talos Year in Review is here! And it’s taking over the final Threat Source newsletter of the year.
Threat Source newsletter (Dec. 8, 2022): Your uncle clicked every link
Welcome to this week’s edition of the Threat Source newsletter. As we hurtle toward the end of another year I get that tightness in my chest – that feeling that I think most, if not all, Threat Source readers get at this time of year. That's right, it’s once again the time o
Threat Source newsletter (Nov. 17, 2022): Hot off the press! The Snort 2023 Calendar is here
The Snort 2023 calendar is finally here, and y’all, it’s a good one. Packed full of classic memes and punny Snorties, the calendar is sure to delight all year long.
Threat Source newsletter (Nov. 10, 2022): Vulnerability research, movies in class, and Emotet once again
Welcome to this week’s edition of the Threat Source newsletter. Tuesday was an absolute hammer for the infosec community. Not only did we have the US elections but we had Emotet returning and a regular Microsoft Tuesday release. That release always leads me to think about the bu
Threat Source newsletter (Nov. 3, 2022): Mastodon, evolution, and LiveJournal oh my!
Welcome to this week’s edition of the Threat Source newsletter. I’m fascinated by how things live and die on the internet. Things that are ubiquitous to our daily lives are simply gone the next. LiveJournal and Myspace we hardly knew you. Elon Musk’s purchase of Twitter and the
Threat Source newsletter (Oct. 27, 2022): I thought we were already aware of supply chain attacks?
Supply chain attacks were all the rage in 2020 after SolarWinds, but we seem to have forgotten how important they are.
Threat Source newsletter (Oct. 20, 2022) — Shields Up! No seriously, Shields Waaaaay Up
State-sponsored actors have been busy over the past month, including the Killnet group, which recently targeted several U.S. local elections offices and major airports.
Threat Source newsletter (Oct. 6, 2022) — Continuing down the Privacy Policy rabbit hole
Any time we welcome this software and hardware into our homes and on our devices, it’s worth considering what sacrifices we might be making elsewhere.
Threat Source newsletter (Sept. 29, 2022) — Personal health apps are currently under a spotlight, but their warning signs have always been there
A report from the Washington Post also released last week found that this app, as well as popular health sites like WebMD, “gave advertisers the information they’d need to market to people, or groups of consumers based on their health concerns.”
Threat Source newsletter (Sept. 22, 2022) — Attackers are already using student loan relief for scams
The Better Business Bureau and the U.S. Federal Trade Commission both released warnings over the past few weeks around fake offers, scams and website links related to the debt forgiveness plan, with which some borrowers will have up to $20,000 worth of loans forgiven.
Threat Source newsletter (Sept. 15, 2022) — Teachers have to be IT admins now, too
Public schools in the United States already rely on our teachers for so much — they have to be educators, occasional parental figures, nurses, safety officers, law enforcement and much more.
Threat Source newsletter (Sept. 8, 2022) — Why there is no one-stop-shop solution for protecting passwords
Everyone has their own method for storing their passwords, and some of you may even rely on pen and paper.
Threat Source newsletter (Sept. 1, 2022) — Conversations about an unborn baby's privacy
Is it ethical to post your baby's picture on Instagram, even if your profile is private?
Threat Source newsletter (Aug. 18, 2022) — Why aren't Lockdown modes the default setting on phones?
Welcome to this week’s edition of the Threat Source newsletter. As the data privacy landscape gets increasingly murky, app developers and device manufacturers are finding new ways to sure up users’ personal information. Of course, all users have to do is go out of their way to o
Threat Source newsletter (Aug. 11, 2022) — All of the things-as-a-service
Welcome to this week’s edition of the Threat Source newsletter. Everyone seems to want to create the next “Netflix” of something. Xbox’s Game Pass is the “Netflix of video games.” Rent the Runway is a “Netflix of fashion” where customers subscribe to a rotation of fancy clothes.
Threat Source newsletter (Aug. 4, 2022) — BlackHat 2022 preview
Welcome to this week’s edition of the Threat Source newsletter. After what seems like forever and honestly has been a really long time, we’re heading back to BlackHat in-person this year. We’re excited to see a lot of old friends again to commiserate, hang out, trade stories and
Threat Source newsletter (July 28, 2022) — What constitutes an "entry-level" job in cybersecurity?
Welcome to this week’s edition of the Threat Source newsletter. Between the White House’s recent meeting, countless conference talks and report after report warning of cybersecurity burnout, there’s been a ton of talk recently around the cybersecurity skills gap and hiring. Eve
Threat Source newsletter (July 21, 2022) — No topic is safe from being targeted by fake news and disinformation
Welcome to this week’s edition of the Threat Source newsletter. I could spend time in this newsletter every week talking about fake news. There are always so many ridiculous memes, headlines, misleading stories, viral Facebook posts and manipulated media that I see come across m
Threat Source newsletter (July 14, 2022) — Are virtual IDs worth the security risk of saving a few seconds in the TSA line?
Welcome to this week’s edition of the Threat Source newsletter. I’ve started flying again on a somewhat regular basis now that work conferences and out-of-state vacations are becoming a thing again. I took about 18 months or so off flying during the peak of the pandemic, but now
Threat Source newsletter (July 7, 2022) — Teamwork makes the dream work
Welcome to this week’s edition of the Threat Source newsletter. I’ve been thinking a lot recently about the pros and cons of the way we publicize our threat research. I had a few conversations at Cisco Live with people — who are more generally IT-focused than hyper-focused on cy
Threat Source newsletter (June 30, 2022) — AI voice cloning is somehow more scary than deepfake videos
Welcome to this week’s edition of the Threat Source newsletter. We took a week off for summer vacation but are back in the thick of security things now. My first exposure to deepfake videos was when Jordan Peele worked with BuzzFeed News to produce this video of former Presiden
Threat Source newsletter (June 16, 2022) — Three top takeaways from Cisco Live
Welcome to this week’s edition of the Threat Source newsletter. I’m still decompressing from Cisco Live and the most human interaction I’ve had in a year and a half. But after spending a few days on the show floor and interacting with everyone, there are a few things that stand
Threat Source newsletter (June 9, 2022) — Get ready for Cisco Live
Welcome to this week’s edition of the Threat Source newsletter. Another week, another conference. We’re heading a few miles southeast from San Francisco to Las Vegas for Cisco Live. I hope everyone had a safe, healthy and enjoyable RSA, but the fun isn’t over just yet. We’ve go
Threat Source newsletter (June 2, 2022) — An RSA Conference primer
Welcome to this week’s edition of the Threat Source newsletter. Many of you readers may be gearing up for a West Coast swing over the next few weeks through San Francisco and Las Vegas for RSA and Cisco Live, respectively. And we’re right behind you! Talos will have plenty of r
Threat Source newsletter (May 26, 2022) — BlackByte adds itself to the grocery list of big game hunters
Welcome to this week’s edition of the Threat Source newsletter. Given the recent tragedies in the U.S., I don’t feel it’s appropriate to open by being nostalgic or trying to be witty — let’s just stick to some security news this week. The one big thing The BlackByte ransomwar
Threat Source newsletter (May 19, 2022) — Why I'm missing the days of iPods and LimeWire
Welcome to this week’s edition of the Threat Source newsletter. I will openly admit that I still own a “classic” iPod — the giant brick that weighed down my skinny jeans in high school and did nothing except play music. There are dozens of hours of music on there that I always t
Threat Source newsletter (May 12, 2022) — Mandatory MFA adoption is great, but is it too late?
Welcome to this week’s edition of the Threat Source newsletter. Mandatory multi-factor authentication is all the rage nowadays. GitHub just announced that all contributors would have to enroll in MFA by 2023 to log into their accounts. And Google announced as part of World Passw
Threat Source newsletter (May 5, 2022) — Emotet is using up all of its nine lives
Welcome to this week’s edition of the Threat Source newsletter. Emotet made headlines last week for being “back” after a major international law enforcement takedown last year. But I’m here to argue that Emotet never left, and honestly, I’m not sure it ever will. As Nick Biasin
Threat Source newsletter (April 28, 2022) — The 2022 Cybersecurity Mock Draft
Welcome to this week’s edition of the Threat Source newsletter that’s going to be a little different, but bear with me. In honor of the NFL Draft starting this evening — an event that Cisco is helping to secure — I thought it’d be appropriate to look at building a cybersecurity
Threat Source newsletter (April 21, 2022) — Sideloading apps is as safe as you make it
Welcome to this week’s edition of the Threat Source newsletter. If you pay attention to the video game community as much as I do, you’ve been closely following the ongoing legal battle between Apple and Epic over the sale of “Fortnite” on the Apple App Store. (I promise I won’t
Threat Source newsletter (April 14, 2022) — It's Tax Day, and you know what that means
Welcome to this week’s edition of the Threat Source newsletter. The deadline to file taxes in the United States is Monday. That means a few things: everyone should probably make sure their liquor cabinet is fully stocked, your spam filters are all turned on in your email and the
Threat Source newsletter (April 7, 2022) — More money for cybersecurity still doesn't solve the skills gap problem
Welcome to this week’s edition of the Threat Source newsletter. U.S. President Joe Biden’s proposed budget would include an 11 percent increase in the federal government’s IT budget, including a total of $10.9 billion for cybersecurity. On the surface — this is all great (we can
Threat Source newsletter (March 31, 2022) — Is "Fortnite" a Metaverse?
Welcome to this week’s edition of the Threat Source newsletter. By now, anyone on the internet has pondered the question: “Is a hot dog a sandwich?” (My two cents: Yes, absolutely.) Now as we move into the new internet age and onto Web 3.0 and NFTs instead of classic memes, I’v
Threat Source newsletter (March 24, 2022) — Of course the deepfake videos are here
Welcome to this week’s edition of the Threat Source newsletter. The war in Ukraine has involved misinformation since before Russia’s ground forces invaded the country. So, it’s not really a shock that we’ve reached the stage of information warfare where deepfake videos are invol
Threat Source newsletter (March 17, 2022) — Channelling productive worry to help Ukraine
Welcome to this week’s edition of the Threat Source newsletter. Cisco Talos continues to be heads-down working on the current Ukraine situation. This is incredibly difficult for everyone across the globe, especially for those directly affected. But that doesn’t mean those of us w
Talos Threat Source newsletter (March 10, 2022) — Fake social media posts spread in wake of Ukraine invasion
Welcome to this week’s edition of the Threat Source newsletter — complete with a new format and feel. First off, it goes without saying, but we’re all heartbroken by the crisis happening in Ukraine. Our hearts are with the people of Ukraine, our employees and their families, as
Threat Source Newsletter (Jan. 27, 2022)
Good afternoon, Talos readers. It's great to have New Year's resolutions and all. But we don't want you taking the wrong lessons away from 2021, either. Like just because Log4j happened doesn't mean you should stop logging or stop using open-source software. The
Threat Source Newsletter (Jan. 20, 2022)
Good afternoon, Talos readers. Even though we're nearly a month into 2022, we're still not quite ready to move on from 2021. That's why next week, we'll be going live on social media to talk about some of the top cybersecurity stories from the past year. Liz Wad
Threat Source Newsletter (Jan. 13, 2022)
Good afternoon, Talos readers. Move out of the way, Log4j! Traditional malware is back with a bang in 2022. While Log4j is likely still occupying many defenders' minds, the bad guys are still out there doing not-Log4j things. We have new research out on a campaign spreading
Threat Source Newsletter (Jan. 6, 2022)
Good afternoon, Talos readers. We hope everyone had some well-deserved, relaxing time off over the holidays. Unfortunately, we are all back now and Log4j is still an issue. And even though it seems like Log4j has already been in the news for a year, it's actually only been
Threat Source Newsletter (Dec. 16, 2021)
Good afternoon, Talos readers. I'm just going to cut to the chase since I know all anyone wants to read about is Log4J. For the latest Talos research, continually check back on our blog post here. Above is the live stream we recorded Monday morning updating everyone on the s
Threat Source Newsletter (Dec. 9, 2021)
Good afternoon, Talos readers. The good news keeps rolling in for our Incident Response team, who received another accolade by being featured in Forrester's recent quarterly report on the incident readiness industry. This comes on the heels of the team also being named a lea
Threat Source Newsletter (Dec. 2, 2021)
Good afternoon, Talos readers. The Thanksgiving holiday in the U.S. didn't slow us down at all, even though we were all still trying to sleep off the food coma from the long weekend. But we came back this week with lots of fun content. Cisco received an early Christmas pres
Threat Source Newsletter (Nov. 18, 2021)
Good afternoon, Talos readers. This is our last newsletter before Thanksgiving in the U.S. next week, so now's as good of a time as any to remind you: If a deal seems too good to be true, it probably is. To prep online shoppers for the upcoming Cyber Monday and Black Friday
Threat Source newsletter (Nov. 11, 2021)
Good afternoon, Talos readers. It's important to be proactive, and not reactive, with your security. It's always better to see the worst coming and block it than have to scramble to deal with the worst-case scenario in the moment. That's why it's so important to
Threat Source newsletter (Nov. 4, 2021)
Good afternoon, Talos readers. A series of vulnerabilities in Microsoft Exchange Server made waves earlier this year for coming under attack. And while they've come and gone from the headlines since then, attackers are still very much paying attention. Attackers spreading t
Threat Source newsletter (Oct. 28, 2021)
Good afternoon, Talos readers. Most people know about chicken and waffles. But what about squirrel and waffles? They may not be the most appetizing brunch, but they are teaming up for one heck of a spam campaign. We have new research out detailing this threat and examining whet
Threat Source newsletter (Oct. 21, 2021)
Good afternoon, Talos readers. We're writing this on Wednesday for PTO reasons, so apologies if we miss any major news that happens after Wednesday afternoon. Above, you can watch our awesome live stream from Monday with Brad Garnett from Cisco Talos Incident Response. Brad
Threat Source newsletter (Oct. 14, 2021)
Good afternoon, Talos readers. It's still Cybersecurity Awareness Month, and what better way to celebrate by patching and then patching some more? This week was Microsoft Patch Tuesday, which only included two critical vulnerabilities, but still requires patching diligence.
Threat Source newsletter (Oct. 7, 2021)
Good afternoon, Talos readers. Every day, we see mountains and mountains of data. So how do we comb through all of it to find out what's important to customers and users? Well, there are many ways, but we wanted to give readers and researchers a look into at least one option
Threat Source newsletter (Sept. 30, 2021)
Good afternoon, Talos readers. In the latest example of attackers trying to capitalize on current headlines, we've spotted a group using the recent fervor around the Pegasus spyware to spread malware. We've detailed a campaign in which the attackers have copied (nearly
Threat Source newsletter (Sept. 23, 2021)
Good afternoon, Talos readers. The Russian APT Turla is one of the most notorious threat actors out there today. And they aren't stopping, recently adding a new backdoor to their arsenal that serves as a "last chance" to retain a foothold on victim machines, even a
Threat Source newsletter (Sept. 16, 2021)
Good afternoon, Talos readers. It's a bird, it's a plane, it's a rat! We've been tracking a series of trojans targeting the aviation industry, and trying to lure victims in by sending them spam related to flight itineraries and other transportation news. In our
Threat Source newsletter (Sept. 9, 2021)
Good afternoon, Talos readers. The biggest security news this week is no doubt another Microsoft zero-day. On the heels of PrintNightmare and multiple Exchange Server vulnerabilities comes a code execution vulnerability in MSHTML, the rendering engine in Internet Explorer. We h
Threat Source newsletter (Sept. 2, 2021)
Good afternoon, Talos readers. If you haven't seen already, our blog has a lot of cool and new stuff this week. We first dove into the world of proxyware on Tuesday (aka internet-sharing applications). Attackers are hiding in this newly popular software to steal users'
Threat Source newsletter (Aug. 26, 2021)
Good afternoon, Talos readers. We have RATs on RATs on RATs over the past few weeks. And last week, we found a few more heading to Latin America to target users and try to steal their login credentials. The threat actor in this case has some compelling connections to the Aggah
Threat Source newsletter (Aug. 19, 2021)
Good afternoon, Talos readers. I'm writing this on Tuesday morning on account of vacation (again), so apologies if we miss any major stories. You certainly don't want to miss our latest blog post on the Neurevt remote access trojan that's targeting users in Mexico.
Threat Source newsletter (Aug. 12, 2021)
Good afternoon, Talos readers. No, that's not Ratatouille. It's ServHelper, who is much more dangerous (albeit just as cute) as the cartoon chef. We have a new blog post out today detailing this RAT, run by the threat actor Group TA505, that is stealing credit card data
Threat Source newsletter (Aug. 5, 2021)
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. We hope everyone is enjoying BlackHat and/or DEFCON this week, regardless of if you're attending virtually or in person. In case you missed any of our talks from BlackHat, you can check them out here, along
Threat Source newsletter (July 29, 2021)
Good afternoon, Talos readers. Thanks to everyone who joined us live yesterday for our talk on business email compromise. If you missed us live, the recording is up on our YouTube page now. Nick Biasini from Talos Outreach provided some great advice on avoiding business email co
Threat Source newsletter (July 22, 2021)
Good afternoon, Talos readers. I'm compiling this Tuesday for vacation reasons, so apologies for any major stories I'm missing here. This week's Beers with Talos podcast hits the seas again. And although we've covered sea shanties in the past, this week we'r
Threat Source newsletter (July 15, 2021)
Good afternoon, Talos readers. The value of cryptocurrency is all over the place. Elon Musk's tweets can send Dogecoin rising and falling. And Monero, the most popular currency for cryptominers, has gone all over the place this year. So does that have any effect on the rate
Threat Source newsletter (July 8, 2021)
Good afternoon, Talos readers. Just like everyone else in the security world, our week's been dominated by the Kaseya supply chain attack. We went live on pretty much every social media platform we could think of yesterday to update everyone on the current situation and prov
Threat Source newsletter (July 1, 2021)
Good afternoon, Talos readers. There's been a lot of talk recently around how to address America's infrastructure cybersecurity. After attacks like Colonial Pipeline and JBS, everyone across the public and private sectors are wondering what they should be doing to avoid
Threat Source newsletter (June 24, 2021)
Good afternoon, Talos readers. Even though spam emails asking for gift cards may seem like the oldest trick in the book, they're still effective in 2021. The FBI estimates that business email compromise cost victims around $1.8 billion in 2020, and we've seen recent camp
Threat Source newsletter (June 17, 2021)
Good afternoon, Talos readers. Although the Colonial Pipeline attack is largely behind us now, its potential repercussions are not. This was just the latest in a string of attacks against American critical infrastructure over the past few years, and we don't expect them to s
Threat Source newsletter (June 10, 2021)
Good afternoon, Talos readers. We seriously can't escape from ransomware. It's in the headlines constantly and has now drawn the full attention of the federal government. But we at Talos recognize that is going to take far more than just words to address this global thre
Threat Source newsletter (June 3, 2021)
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. If you didn't catch us live yesterday, we've uploaded the full version of our stream on Discord and Slack malware to our YouTube page. Chris Neal from Talos Outreach walked through his recent research in
Threat Source newsletter (May 27, 2021)
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. We're used to referring to attackers as either APTs or not APTs. And when something is an APT, it sounds a lot scarier and sexier. But it's our belief that that isn't going to cut it anymore. Theref
Threat Source newsletter (May 20, 2021)
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. We know a lot of you may be tired of "content" after RSA week. But we have some more for you! And specifically related to RSA, Cisco Talos Incident Response has new case studies out detailing a few re
Threat Source Newsletter (May 13, 2021)
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. In case you missed the Friday news drop last week, we have an update on the Lemon Duck cryptocurrency miner. It's not as eye-catching as the ransomware attacks that make the news, but Lemon Duck's exploi
Threat Source Newsletter (May 6, 2021)
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. COVID-19 has changed everything about our lives — no surprise there. So it also shouldn't be shocking that it's changing the way Americans view Tax Day this year. The deadline to file taxes is about a m
Threat Source Newsletter (April 29, 2021)
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. Ransomware is not just financial extortion. It is crime that transcends business, academic and geographic boundaries. Talos was proud to assist with a newly released report from the international Ransomware Task
Threat Source Newsletter (April 22, 2021)
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. We went viral this week! Everyone seemed to love to joke about these vulnerabilities we discovered in a WiFi-connected air fryer. An attacker, if they had physical access to the device, could exploit these vulne
Threat Source Newsletter (April 15, 2021)
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. If you missed our webinar last week, we've got you covered. We've uploaded an extended version to our YouTube page that includes the scripts used in the presentation. This video will show you how to reve
Threat Source Newsletter (April 8, 2021)
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. We've all heard about spam coming through your email or those robocalls we all hate. But during the COVID-19 pandemic, attackers are now turning to chat rooms and gaming servers to spread spam. Talos researc
Threat Source Newsletter (April 1, 2021)
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. We hope you’re enjoying Cisco Live this week and only reading this after you’ve caught up on your sessions for the day. No April Fool’s jokes here (thankfully) — we are just excited to tell you that application
Threat Source Newsletter (March 25, 2021)
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. The Cisco Talos Incident Response team has several new, valuable insights into the threat landscape in the latest Quarterly Trends report. This post highlights the malware families our researchers are seeing mos
Threat Source newsletter (March 18, 2021)
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. Start spreading the word now, the Snort scholarship is back for 2021! This year, we’re giving away two $10,000 awards to two college students who are studying cybersecurity or another IT-related field. Applicati
Threat Source newsletter (March 11, 2021) — Featuring new SolarWinds roundtable
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. We have a special edition of the Threat Source newsletter to bring you this week, because we’re premiering a new video for you right now! Below, you’ll find a full roundtable we put together discussing the Sola
Threat Source newsletter (March 4, 2021)
Newsletter compiled by Jon Munshaw. Of course, we will start things off talking about the Microsoft Exchange Server zero-day vulnerabilities disclosed earlier this week. Microsoft said in a statement that a threat actor is exploiting these vulnerabilities in the wild to steal us
Threat Source newsletter (Feb. 25, 2021)
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. We all think of APTs as these wide-reaching, silent threat groups who are backed by a nation-state. But our recent research into Gamaredon shows that not all APTs are created equal. We’ve spotted this actor car
Threat Source newsletter (Feb. 18, 2021)
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. Whether you want to read Talos’ research or listen to it, we’ve got plenty of options for you this week. Beers with Talos hit its 100th episode last week. To celebrate, we brought Nigel back out of retirement t
Threat Source newsletter (Feb. 11, 2021)
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. We have an update on LodaRAT, a trojan we’ve been following for years. This threat has a new version targeting Android devices, looking to infect devices and steal user’s credentials and monitor things like thei
Threat Source newsletter (Feb. 4, 2021)
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. We are excited to finally share this LockBit research paper with you all after months of work. Some of our researchers spoke to a ransomware operator, which provided us insight into a threat actor’s day-to-day g
Threat Source newsletter (Jan. 28, 2021)
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. Unfortunately, I don’t have any stock tips to give you to help you get rich overnight. But I do have two Vulnerability Spotlights you should read so your network can stay safer. We disclosed multiple vulnerabili
Threat Source newsletter (Jan. 21, 2021)
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. We know it’s hard to focus on anything happening outside of Washington, D.C. this week. But we would be remiss if we didn’t mention the exciting news that the Snort 3 GA is officially out now! This update has be
Threat Source newsletter (Jan. 14, 2021)
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. Microsoft released its monthly security update this week, disclosing 83 vulnerabilities across its suite of products to kickoff 2021. Our blog post has the most important vulnerabilities you need to know about,
Threat Source newsletter (Jan. 7, 2021)
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers and welcome to the first Threat Source newsletter of 2021. We hit the ground running already this year with a new Beers with Talos episode. It was recorded back in 2020, but the lessons regarding ransomware attac
Threat Source newsletter (Dec. 17, 2020)
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. This will be our last Threat Source newsletter of the year. We’ll be on a few-week break for the holidays until Jan. 7. Of course, all anyone wants to talk about this week is the SolarWinds supply chain attack.
Threat Source newsletter (Dec. 10, 2020)
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. Cyber security firm FireEye recently disclosed an incident that was reported to have resulted in the inadvertent disclosure of various internally developed offensive security tools (OSTs) that were used across F
Threat Source newsletter (Dec. 3, 2020)
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. While ransomware has made all the headlines this year, that doesn’t mean cryptocurrency miners are going anywhere. We recently discovered a new actor we’re calling “Xanthe” that’s mining Monero on targets’ machi
Threat Source newsletter (Nov. 19, 2020)
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. In case you hadn’t already realized, Snort somehow became a meme this week, so that was fun. As 2020 (finally...or already...I can’t decide which) comes to an end, we’re going to start doing a look back at the
Threat Source newsletter (Nov. 12, 2020)
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. We’re back after a few-week hiatus! And to celebrate, we just dropped some new research on the CRAT trojan that’s bringing some ransomware friends along with it. This blog post has all the details of this threat
Threat Source newsletter (Oct. 15, 2020)
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. In our latest entry into our election security series, we’re turning our attention to the professionals who are responsible for securing our elections. After months of research, we’ve compiled a series of rec
Threat Source newsletter for Oct. 8, 2020
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. We’ve been writing and talking about election security a ton lately. And as the U.S. presidential election draws closer, we decided it was time to summarize some things. So, we released this blog post with our f
Threat Source newsletter for Oct. 1, 2020
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. In the past, we’ve covered what disinformation (otherwise known as “fake news”) is and who spreads it. Now, we’re diving into why it works, and why it’s so easy for people to spread. Check out our full paper her
Threat Source newsletter for Sept. 24, 2020
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. After months (years?) in beta, an official release candidate is out now for Snort 3. Stay tuned for an officially official release in about a month. In other Snort rules, we also have a deep dive into our detec
Threat Source newsletter for Sept. 17, 2020
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. We’ve got a couple of vulnerabilities you should know about. Monday, we disclosed a bug in Google Chrome’s PDFium feature that opens the door for an adversary to execute remote code. Our researchers also discov
Threat Source newsletter for Sept. 10, 2020
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. In our continued research on election security, we have a new video roundtable discussion up on our YouTube page. In this Q&A-style format, I ask our researchers questions about the work they’ve done researc
Threat Source newsletter for Sept. 3, 2020
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. We recently uncovered a series of email campaigns utilizing links to malicious documents hosted on legitimate file-sharing platforms to spread malware. The campaigns distributed various malware payloads includin
Threat Source newsletter for Aug. 27, 2020
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. As part of our continued look at election security ahead of the November election, we have another research paper out this week. This time, we’re taking a closer look at disinformation campaigns, popularly known
Threat Source newsletter for Aug. 20, 2020
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. Hactivism always seems to cool and noble in the movies. Video games and TV shows have no shortage of their “hacker heroes,” too. But what are the real-world consequences of users who release sensitive informatio
Threat Source newsletter for Aug. 13, 2020
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. It’s really tough to attribute cyber attacks. We know it. You know it. But why is that, exactly? And why do we want to attribute attacks so badly anyway? In our latest blog post, we look at why attribution is ch
Threat Source newsletter for Aug. 6, 2020
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. We spend a lot of time talking about what you should do to keep your data safe, and how other organizations should be prepared for the worst. But what happens if the worst happens to you? In the latest Beers w
Threat Source newsletter for July 30, 2020
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. Adversaries love to use headlines as part of their spam campaigns. From COVID-19, to Black Lives Matter and even Black Friday every year, the bad guys are wanting to capitalize on current events. Why is this th
Threat Source newsletter for July 23, 2020
Good afternoon, Talos readers. While ransomware attacks continue to hog all the headlines, cryptocurrency miners are still running the background, sapping computing power from unsuspecting victims. We have what we believe is the first documentation of a new botnet we're calli
Threat Source newsletter for July 16, 2020
Good afternoon, Talos readers. If you haven’t already, we highly recommend you read our in-depth research paper on election security. This paper represents four years of hands-on research, interviews and insight into how things have changed since 2016, and what hurdles remain to
Threat Source newsletter for July 2, 2020
Good afternoon, Talos readers. Our latest research you should catch up on is the Valak malware. This information-stealer sneaks its way onto victim machines by hijacking legitimate email threads. The threat actors send their phishing emails and attachments in email threads, hop
Threat Source newsletter for June 25, 2020
Good afternoon, Talos readers. We recently decided to replace our use of the terms "blacklist" and "whitelist" with "block list" and "allow list.” Even though these terms are commonly in use in the security industry, we will not go along with c
Threat Source newsletter for June 18, 2020
Good afternoon, Talos readers. Now that Cisco Live is over, you can access both of Talos’ talks on-demand here if you registered for the online event. The latest Beers with Talos episode covers how to push your career in cyber security forward when you feel like you’re stuck i
Threat Source newsletter for June 11, 2020
Good afternoon, Talos readers. We are back this week with new content, mainly around Microsoft Patch Tuesday. We have our complete breakdown of all the vulns here, as well as in-depth information on two remote code execution vulnerabilities one of our researchers discovered in E
Threat Source newsletter for June 4, 2020
Our social media content and promotion are on pause this week as there are more important issues being discussed and other voices that need to be heard. However, we still wanted to provide users with the latest IOCs and threats we’re seeing. Upcoming public engagements Event:
Threat Source newsletter for May 28, 2020
Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. We need to start things off by wishing a Happy Birthday to Beers with Talos! The first episode was released on May 12, 2017. To celebrate, we have a new e
Threat Source newsletter for May 21, 2020
Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. Beers with Talos chugs on during quarantine with the latest episode of “The In-Between.” Once again, the hosts talk about everything but security, answeri
Threat Source newsletter for May 14, 2020
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. Our main focus this week is on Astaroth. This is a malware family that has been targeting Brazil with a variety of l
Threat Source newsletter for May 7, 2020
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. With all of us working from home, Beers with Talos episodes are coming out faster than ever. This week, we have an a
Threat Source newsletter for April 30, 2020
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. Our newest research post focuses on the Aggah campaign. Threat actors are pushing Aggah to victims via malicious Mic
Threat Source newsletter for April 23, 2020
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. There’s a new Beers with Talos podcast out now. And guess what? They actually talk about security this time! The guy
Threat Source newsletter for April 16, 2020
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. It’s what — week 5 of this quarantine in the U.S.? Week 6? We’ve lost count. And so did the Beers with Talos guys. B
Threat Source newsletter for April 9, 2020
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. Nearly all devices have some sort of fingerprint scanner now, used to log users in. But these scanners prevent their
Threat Source newsletter (April 2, 2020)
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. As long as COVID-19 is in the headlines (which is going to be a long time) actors are going to try and capitalize. W
Threat Source newsletter (March 26, 2020)
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. Just because we’re all still working from home doesn’t mean you can stop patching. We’ve been busy this week with a
Threat Source newsletter (March 19, 2020)
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. We hope everyone is staying home (if possible) and staying safe. Unfortunately, the bad guys aren’t going anywhere,
Threat Source newsletter (March 12, 2020)
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. Obviously, COVID-19 is dominating headlines everywhere, and for good reason. We hope everyone out there is staying s
Threat Source newsletter (March 5, 2020)
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. Sure, all anyone wants to talk about is coronavirus. But what about cyber security? We’ve still got cool stuff, like
Threat Source newsletter (Feb. 27, 2020)
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. We know we’ve kept you waiting for a while, but the new Snort Resources page is finally here. We’ve got new and impr
Threat Source newsletter (Feb. 20, 2020)
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. We’ve got more ways than ever for you to get Talos content. We continue to grow our YouTube page with the second ent
Threat Source newsletter (Feb. 13, 2020)
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. This month’s Microsoft Patch Tuesday was particularly hefty, with the company disclosing nearly 100 vulnerabilities
Threat Source newsletter (Feb. 6, 2020)
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. There’s never been a better time to be into cyber security podcasts. Our Podcasts page on TalosIntelligence.com got
Threat Source newsletter (Jan. 30, 2020)
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. Be sure to pay close attention Tuesday for some changes we have coming to Snort.org. We’ll spare you the details for
Threat Source newsletter (Jan. 23, 2020)
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. Despite tensions starting to fizzle between the U.S. and Iran, people are still worried about cyber conflict. What w
Threat Source newsletter (Jan. 16, 2019)
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. This wasn’t your average Patch Tuesday. Microsoft’s monthly security update was notable for a few reasons. For start
Threat Source newsletter (Jan. 9, 2019)
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. We’re back after a long break for the holidays. And 2020 is already off to a fast start as tensions continue to rise
Threat Source newsletter (Dec. 19, 2019)
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. We have an early holiday present for you! This week, we introduced a new podcast to the Talos family. Talos Takes, a
Threat Source newsletter (Dec. 12, 2019)
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. We’re entering our Year in Review period. Now’s the time to look back on the top stories from 2019 and think about w
Threat Source newsletter (Dec. 5, 2019)
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. We hope everyone had a safe and happy Thanksgiving in the U.S. The holiday shopping season is now in full swing, and
Threat Source newsletter (Nov. 21, 2019)
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. It’s nearly holiday shopping season, which means it’s prime scam season. On the latest Beers with Talos episode, we
Threat Source newsletter (Nov. 14, 2019)
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. It was all about the bugs this week. Patch Tuesday was especially busy for us, including our usual recap of all the
Threat Source newsletter (Nov. 7, 2019)
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. The only news we’re going to cover this week is the biggest news we’ve had in a while. Tuesday, we announced that Ci
Threat Source newsletter (Oct. 31, 2019)
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. We’re scared of stalkerware, and you should be, too. These spyware apps are becoming more popular among everyone fro
Threat Source newsletter (Oct. 24, 2019)
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. Never assume that a malware family is really dead. We’ve done it time and time again with things like Emotet, and Gu
Threat Source newsletter (Oct. 17, 2019)
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. It’s rare that iOS jailbreaks make it onto the scene. Apple is usually able to patch them out quickly. But a recent
Threat Source newsletter (Oct. 10, 2019)
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. It’s that time again to update all your Microsoft products. The company released its monthly update Tuesday, disclos
Threat Source newsletter (Sept. 26)
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. An attacker known as “Tortoiseshell” is using a phony, malicious website to deliver malware. The site specifically t
Threat Source newsletter (Sept. 19, 2019)
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. We’re all still trying to shake off the summer. Gone are the early Fridays, beach vacations and days by the pool. Tu
Threat Source newsletter (Sept. 12, 2019)
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. You’ve heard it a million times: Always patch. But in case you needed another example that it’s important, Cisco Inc
Threat Source newsletter (Sept. 5, 2019)
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. By now, nearly everyone has heard of BlueKeep. It definitely sounds scary, with of this talk of wormable bugs and Wa
Threat Source newsletter (Aug. 22)
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. What’s old is new again. Our research this week centers around a series of long-lasting threat actors and malware t
Threat Source newsletter (Aug. 22)
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. A lot of people may think that cyber insurance is this new, unexplored field that carries a lot of questions. But di
Threat Source newsletter (Aug. 15)
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. Sorry we missed you last week, we were all away at Hacker Summer Camp. If you missed us at Black Hat, we have a roun
Threat Source newsletter (Aug. 1, 2019)
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. Are you heading to Vegas next week for Hacker Summer Camp? Talos will. We’ll be at Black Hat and DEFCON holding a se
Threat Source newsletter (July 25, 2019)
Newsletter compiled by Jonathan Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. No one really likes talking about election security. It’s a sticky subject, costs lots of money and doesn’t com
Threat Source newsletter (July 18, 2019)
Threat Source newsletter (July 11, 2019)
Threat Source newsletter (July 3, 2019)
Threat Source newsletter (June 27, 2019)
Threat Source newsletter (June 20, 2019)
Threat Source newsletter (June 6)
Threat Source newsletter (May 30)
Threat Source newsletter (May 23)
Threat Source newsletter (May 16)
Threat Source newsletter (May 9)
Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. If you haven’t yet, there’s still time to register for this year’s Talos Threat Research Summit — our second annual conference by defenders, for defenders
Threat Source (May 2, 2019)
Threat Source (April 25)
Threat Source (April 18): New attacks distribute Formbook, LokiBot
Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. If you haven’t yet, there’s still time to register for this year’s Talos Threat Research Summit — our second annual conference by defenders, for defenders
Threat Source (April 11)
Threat Source (April 4)
Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. If you haven’t yet, there’s still time to register for this year’s Talos Threat Research Summit — our second annual conference by defenders, for defenders