Cisco Talos Intelligence Group
@TalosSecurity
Followers
47,758
Following
171
Media
2,767
Statuses
8,627
The Official Twitter account of the Cisco Talos Intelligence Group. Support requests:
Joined December 2008
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
Pedro Sánchez
• 284969 Tweets
wonwoo
• 268162 Tweets
Wizkid
• 202294 Tweets
#SEVENTEEN_IS_MAESTRO
• 183868 Tweets
#마에스트로_세븐틴의_지휘에_맞춰
• 180605 Tweets
woozi
• 110631 Tweets
#CDTVライブライブ
• 71421 Tweets
大慶直胤
• 67879 Tweets
minghao
• 62493 Tweets
新刀剣男士
• 58493 Tweets
為替介入
• 41060 Tweets
Humza Yousaf
• 39093 Tweets
Don Jazzy
• 34472 Tweets
#SixTONES_音色
• 33980 Tweets
Twitter調子
• 32922 Tweets
Thiago Silva
• 32607 Tweets
CGPJ
• 27108 Tweets
スレイヤー
• 25354 Tweets
#Fes蓮ノ空オープニングライブ
• 22367 Tweets
Patrick Midterm Exam
• 19640 Tweets
Twitter不具合
• 17691 Tweets
청춘찬가
• 15214 Tweets
江戸三作
• 13681 Tweets
ライラック
• 13082 Tweets
正秀の友
• 12680 Tweets
Pinned Tweet
A new
#malware
called
#OfflRouter
is tricking some users in
#Ukraine
into uploading confidential information to the popular
#VirusTotal
website
2
10
18
CCleanup: A Vast Number of Machines at Risk
11
360
233
CCleaner Command and Control Causes Concern
9
234
214
Cisco Talos has discovered a new threat we're calling "Sea Turtle," which is targeting public and private entities across the globe. The attackers appear to be using DNS hijacking as their primary method of attack. Check out all the details here
3
177
208
Content-Type: Malicious - New Apache 0-day Under Attack
3
185
150
We have new tools we're excited to show off: GhIDA, an IDA Pro plugin that integrates the Ghidra decompiler in the IDA workflow, and Ghidraaas, a simple web server that exposes Ghidra analysis through REST APIs
7
87
150
PyREBox, a Python Scriptable Reverse Engineering Sandbox
3
105
148
Exploitable or Not Exploitable? Using REVEN to Examine a NULL Pointer Dereference.
2
100
137
Last day to register! Get the latest intel on Miners, Malspam, and Meltdowns from Talos Research Engineer Nick Biasini. The event is nearly full, so register now.
2
27
115
Cisco Talos is working around the clock on a global effort to protect customers and critical infrastructure in Ukraine. Find out how:
2
73
132
Malware debugging just got a lot easier. There's a new JavaScript bridge for
#WinDbg
. In this post, we'll walk through these new features
#malware
#debugging
#JavaScript
1
61
125
Advanced Mobile Malware Campaign in India uses Malicious MDM
3
110
120
Player 3 Has Entered the Game: Say Hello to 'WannaCry'
5
165
120
#MagicRAT
is the latest
#malware
from the well-known
#LazarusGroup
(a suspected North Korean APT). More on this new threat and Lazarus Group's overall goals here
3
60
120
We have released a new plugin for IDA that makes it easier to reverse-engineer malware. Here's our breakdown of how to use Dynamic Data Resolver
0
81
110
Olympic Destroyer Takes Aim At Winter Olympics
0
101
103
BlackMatter, BlackCat, DarkSide...it can be tough to keep up with all these
#ransomware
threat actors and their various names. But is there any real connection between these groups? We take a closer look in our newest blog post
1
48
104
The adversary behind WastedLocker is taking advantage of various "dual-use" toolsets like Cobalt Strike, Mimikatz, Empire and PowerSploit to move laterally across many victims' networks. Find out the full details of this threat here
1
59
101
It's here! Snort 3 is now in beta. Here's everything you need to know about what makes Snort 3 different from 2, and what changes we plan on making in the future. Let us know what you think!
0
86
98
Files Cannot Be Decrypted? Challenge Accepted. Talos Releases ThanatosDecryptor
1
74
96
Now on stage
@HITBSecConf
-
@infosec_nick
"if you have 445 open, you don't need to worry about 0-day. Go back to your basics and try again"
0
43
95
Cisco Talos has discovered a new malware we're calling
#DNSpionage
that's targeting governments in the Middle East and even one airline company. Here's a breakdown of the attacker's methods and the malicious documents they're spreading
1
87
91
New Ransomware Variant Compromises Systems Worldwide
0
136
89
Despite a recent takedown from the FBI, our research indicates that the actor behind
#Qakbot
is still active with its spamming operations, and is still delivering the
#RansomKnight
#malware
0
46
88
Cisco Talos recently discovered a new attack framework called "Manjusaka" that could be the next
#CobaltStrike
and grow in popularity in the coming months. Read all about this new threat here:
0
38
92
We recently discovered a new C2 framework called
#Alchimist
that's spreading the new
#Insekt
trojan, targeting Windows, Mac and Linux machines Windows, Linux and Mac machines
5
43
88
After years of partnership, we've decided to bring Cisco Incident Response and Talos under the same umbrella. Say hello to Talos Incident Response
1
48
90
we'll all be wearing pants and trousers next week at the office
1
31
85
Vulnerability Walkthrough: 7zip CVE-2016-2334 HFS+ Code Execution Vulnerability
0
79
83
Interview with a
#LockBit
#ransomware
operator: Over the course of several weeks, we conducted multiple interviews that gave us a rare, first-hand account of a ransomware operator’s cybercriminal activities. Read the full report here
2
75
85
#NorthKorea
's Lazarus Group is back again, this time with two new remote access trojans. The attacker continues to use the same infrastructure, but is changing up their eventual payloads. More here:
2
57
86
We have released a new, free decryptor tool for the PyLocky ransomware that can help victims recover their files
#PyLocky
#ransomware
3
71
83
FIN7 Group Uses JavaScript and Stealer DLL Variant in New Attacks
4
90
82
Check out this in-depth walkthrough of the development of a new tool we're releasing called Barbervisor, which makes fuzzing easier for researchers
0
49
84
“Cyber Conflict” Decoy Document Used In Real Cyber Conflict
3
79
76
The world is watching events unfold in Ukraine. Talos offers this guidance for ongoing cyber attacks in Ukraine and beyond.
2
55
77
2021 started off with the fallout of
#SolarWinds
. Now, somehow, we're dealing with
#Log4j
. Let's take a look back at the Year in Malware to see how we got here
1
30
75
The Talos Quarterly Threat Briefing is coming up next Tuesday - "Miners, Malspam, and Meltdowns"
Get the Talos take on a very active quarter in the threat landscape.
Spots are limited, register now:
1
23
64
Flash 0 Day In The Wild: Group 123 At The Controls
0
67
73
As the Russia-led invasion intensifies, Ukraine is being attacked by bombs and bytes. Cisco is working around the clock on a global, company-wide effort to protect our customers there and ensure that nothing goes dark
2
28
66
Recently, a new threat referred to as
#SQUIRRELWAFFLE
(unfortunately no, we didn't name it) is being spread more widely via spam campaigns, infecting systems with a new malware loader. Find out why you should be on the lookout
1
34
70
Join
@infosec_nick
on Tues Feb 27 for the Talos Quarterly Threat Briefing - "Miners, Malspam, and Meltdowns" - a look at the most insidious threats Talos has seen in the last quarter.
Spots are limited, register now:
1
43
66
We are actively tracking the
#MuddyWater
APT, as the Iranian-linked group targets
#Turkey
with
#malware
downloaders and, eventually,
#ransomware
0
53
68
We have more information to unveil regarding VPNFilter. There are seven new third-stage modules that we believe everyone needs to know about. Read about our updates here
1
65
65
VPNFilter Update - VPNFilter exploits endpoints, targets new devices
5
84
64
To no one's surprise, the
#Emotet
botnet is back, this time using OneNote documents to spread its malware and infect systems. Here's what we know about this latest reboot and how users can stay protected
0
29
65
Cisco Talos has been tracking several different sextortion spam campaigns over the past few months. Here are the connections we were able to draw, in addition to other spam campaigns that are hitting people's inboxes
4
42
67
Threat Spotlight: Follow the Bad Rabbit
0
85
65
Two VPN clients — ProtonVPN and NordVPN — have very similar privilege escalation vulnerabilities that could allow an attacker to execute code with administrator privileges. Here's what to watch out for, and how you can protect against them
3
60
63
We recently discovered a new point-of-sale malware available on some forums called "GlitchPOS." The malware is easy enough to set up and use that it could allow basically any user to establish their own botnet
#GlitchPOS
#malware
2
59
63
Blog Post Update to include Technical Functionality of Ransomware’s Lateral Movement:
0
87
64
Malware monitor - leveraging PyREBox for malware analysis
0
37
62
GravityRAT - The Two-Year Evolution Of An APT Targeting India
1
53
61
Another Apache Struts Vulnerability Under Active Exploitation
1
73
61
Attack on Critical Infrastructure Leverages Template Injection
0
48
58
We are live with our Talos Threat Research Summit keynote! Liz Wharton will share what we can learn from recent attacks on governments.
2
36
60
The
#Turla
APT is back with a new backdoor, very similar to its previous "TinyTurla" tool. Read more about what this Russian state-sponsored actor is up to now
1
31
61
SO THERE ARE THESE BAD GUYS IN CANADA WHO SEND YOUR GRANDMA MEAN EMAILS ASKING FOR $100 AMAZON GIFT CARDS AND YOU CLICK ON A BAD LINK THAT GIVES YOU BAD THINGS
1
15
58
Today, we are releasing the 1.0 beta version of Dynamic Data Resolver (DDR) — a plugin for IDA that makes reverse-engineering malware easier. Check out the full details here
0
31
59
Talos Blog: Vulnerability Deep Dive: Exploiting the Apple Graphics Driver and Bypassing KASLR
0
65
55
Update
#3
for today - Nyetya Malware -
Contains:
EternalRomance confirmation
Mitigation recommendations
Don’t pay!
0
78
58
File2pcap - The Talos Swiss Army Knife of Snort Rule Creation
0
30
58
Adversaries are increasingly relying on publishing sites to host lure documents to bypass traditional detection techniques. More on our blog about what Talos Incident Response is seeing in the wild with this tactic
5
27
57
#Ransomware
is not just financial extortion. It is crime that transcends business, academic and geographic boundaries. Talos was proud to assist with this
#RansomwareTaskForce
report that provides a path forward to mitigate this criminal enterprise
1
28
55
Cisco Talos is aware of CVE-2021-44228, an actively exploited vulnerability in
#Apache
#Log4j
. We are releasing coverage to defend against the exploitation of this
#vulnerability
2
35
57
A new variant of the
#Hawkeye
malware is active after a change in ownership. We've seen it be used against organizations to steal sensitive information and account credentials for use in additional attacks. Here's a rundown of all features and protections
1
36
55
We recently discovered several vulnerabilities in a smart air fryer that an attacker could use to change cooking settings. Here's more on these issues and a Snort rule to keep your chicken tenders safe
4
26
56
Слава Україні!
Today marks one year since Russia invaded Ukraine. Talos stays committed to our unwavering support of our colleagues, partners, and the people of Ukraine:
1
13
33
1
12
54
Forgot About Default Accounts? No Worries, GoScanSSH Didn’t
0
41
54
Our vulnerability analysts have developed a custom fuzzer using the popular snapshot fuzzer “WTF” which targets Direct Composition in
#Windows
. Learn more about this tool and how it could help other researchers here
0
22
54
We recently identified a series of documents that we believe are part of a coordinated series of cyber attacks that we are calling the "Frankenstein" campaign. Why should you be worried about this? And what can you do to keep your network safe?
2
49
52
Last night, we released the latest Snort rule update, which includes coverage for the highly publicized Microsoft vulnerability CVE-2019-0708. The vulnerability is wormable, meaning future malware that exploits this bug could spread from system to system
0
36
51
A new C2 platform called
#DarkUtilities
recently popped up, and attackers wasted no time in leveraging it for their
#malware
campaigns. Here's what we know about this "C2aaS"
0
30
53
[UPDATE]As part of our work analyzing malicious activity in Ukraine, we are tracking many actors, both state-sponsored and typical cybercriminals. One recent sample indicates a possible increase in threats targeting countries that are *NOT* Ukraine.
0
34
51
Regarding today’s outbreak, we are working directly with
@CyberpoliceUA
on the issue. More information is forthcoming.
1
59
50
Emotet is back again with a new campaign displaying many characteristics of older runs, including the use of Auto_Open macros inside XLS documents. Read Talos’ latest coverage of Emotet here:
0
21
50
We just pushed a heavy update about the Nyetya Ransomware into the post:
2
74
48
We recently discovered a new threat actor called
#YoroTrooper
that's primarily motivated by espionage-related activities. Find out what this group may be after and why.
1
27
49
We recently saw threat actors exploiting a
#Windows
policy loophole that allows the signing and loading of cross-signed kernel-mode drivers with older signature timestamps.
#Microsoft
just released an advisory on this activity, but more on our blog here:
2
25
48
Cisco has identified a critical vulnerability in the
#IOSXE
software. We urge customers to follow the guidance here
1
38
47
Shoutout to the many members of our team who worked on our DNS hijacking research that won the Peter Ször Award for outstanding research at the
@virusbtn
conference. Thanks to
@martijn_grooten
, as well!
0
12
48
A new malware campaign is distributing Agent Tesla and Loki, but traditional antivirus systems aren't picking it up. Find out why here, and dig more into our research
0
55
46
We have some exciting news to share! Cisco Talos, in partnership with the state of Maryland, is launching CyberVets USA, an industry partnership of cyber-focused companies offering free training and certifications to the military and veteran community
1
24
45
Spoofed SEC Emails Distribute Evolved DNSMessenger
1
63
43
.
@snort
was hard at work all last year protecting users on a day-to-day basis. Here's a look at which rules that were triggered the most in 2018, which paints a picture of what attackers used the most
2
36
45
Individuals and organizations often rely on secure messaging apps to keep their communications safe and encrypted. But there are usually ways to get around these apps' security protocols. We break down potential exploits in a few of these services here
1
31
44
Organizations around the U.S. were hit with phony bomb threats yesterday. Talos was able to connect these attacks to the same actors behind a sextortion campaign we recently reported on. Read about our new findings here.
0
41
44
Early research indicates a possible ransomware worm spreading by SMB; we recommend immediately blocking SMB. More as research continues.
0
73
43