Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-02-24Cisco TalosTalos
@online{talos:20220224:threat:cdf8dd3, author = {Talos}, title = {{Threat Advisory: Cyclops Blink}}, date = {2022-02-24}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2022/02/threat-advisory-cyclops-blink.html}, language = {English}, urldate = {2022-03-01} } Threat Advisory: Cyclops Blink
VPNFilter
2022-02-13The RecordCatalin Cimpanu
@online{cimpanu:20220213:san:4feaacb, author = {Catalin Cimpanu}, title = {{San Francisco 49ers confirm ransomware attack}}, date = {2022-02-13}, organization = {The Record}, url = {https://therecord.media/san-francisco-49ers-confirm-ransomware-attack/}, language = {English}, urldate = {2022-02-14} } San Francisco 49ers confirm ransomware attack
BlackByte
2022-02-11Cisco TalosTalos
@online{talos:20220211:threat:fcad762, author = {Talos}, title = {{Threat Roundup for February 4 to February 11}}, date = {2022-02-11}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2022/02/threat-roundup-0204-0211.html}, language = {English}, urldate = {2022-02-14} } Threat Roundup for February 4 to February 11
DarkComet Ghost RAT Loki Password Stealer (PWS) Tinba Tofsee Zeus
2022-02-09CiscoVanja Svajcer, Vitor Ventura
@online{svajcer:20220209:whats:91fb2d8, author = {Vanja Svajcer and Vitor Ventura}, title = {{What’s with the shared VBA code between Transparent Tribe and other threat actors?}}, date = {2022-02-09}, organization = {Cisco}, url = {https://blog.talosintelligence.com/2022/02/whats-with-shared-vba-code.html}, language = {English}, urldate = {2022-02-14} } What’s with the shared VBA code between Transparent Tribe and other threat actors?
2022-02-02CiscoAsheer Malhotra, Vitor Ventura
@online{malhotra:20220202:arid:420217a, author = {Asheer Malhotra and Vitor Ventura}, title = {{Arid Viper APT targets Palestine with new wave of politically themed phishing attacks, malware}}, date = {2022-02-02}, organization = {Cisco}, url = {https://blog.talosintelligence.com/2022/02/arid-viper-targets-palestine.html}, language = {English}, urldate = {2022-02-04} } Arid Viper APT targets Palestine with new wave of politically themed phishing attacks, malware
Micropsia
2022-01-31CiscoAsheer Malhotra, Vitor Ventura
@online{malhotra:20220131:iranian:8eb6c17, author = {Asheer Malhotra and Vitor Ventura}, title = {{Iranian APT MuddyWater targets Turkish users via malicious PDFs, executables}}, date = {2022-01-31}, organization = {Cisco}, url = {https://blog.talosintelligence.com/2022/01/iranian-apt-muddywater-targets-turkey.html}, language = {English}, urldate = {2022-02-02} } Iranian APT MuddyWater targets Turkish users via malicious PDFs, executables
2022-01-12CiscoChetan Raghuprasad, Vanja Svajcer
@online{raghuprasad:20220112:nanocore:938e93c, author = {Chetan Raghuprasad and Vanja Svajcer}, title = {{Nanocore, Netwire and AsyncRAT spreading campaign uses public cloud infrastructure}}, date = {2022-01-12}, organization = {Cisco}, url = {https://blog.talosintelligence.com/2022/01/nanocore-netwire-and-asyncrat-spreading.html}, language = {English}, urldate = {2022-01-18} } Nanocore, Netwire and AsyncRAT spreading campaign uses public cloud infrastructure
AsyncRAT Nanocore RAT NetWire RC
2021-12-02CiscoTiago Pereira
@online{pereira:20211202:magnat:15dcabb, author = {Tiago Pereira}, title = {{Magnat campaigns use malvertising to deliver information stealer, backdoor and malicious Chrome extension}}, date = {2021-12-02}, organization = {Cisco}, url = {https://blog.talosintelligence.com/2021/12/magnat-campaigns-use-malvertising-to.html}, language = {English}, urldate = {2021-12-07} } Magnat campaigns use malvertising to deliver information stealer, backdoor and malicious Chrome extension
Azorult RedLine Stealer
2021-11-18CiscoJosh Pyorre
@online{pyorre:20211118:blackmatter:e9e9bbf, author = {Josh Pyorre}, title = {{BlackMatter, LockBit, and THOR}}, date = {2021-11-18}, organization = {Cisco}, url = {https://umbrella.cisco.com/blog/cybersecurity-threat-spotlight-blackmatter-lockbit-thor}, language = {English}, urldate = {2022-03-28} } BlackMatter, LockBit, and THOR
BlackMatter LockBit PlugX
2021-11-16CiscoChetan Raghuprasad, Vanja Svajcer, Asheer Malhotra
@online{raghuprasad:20211116:attackers:c31ad77, author = {Chetan Raghuprasad and Vanja Svajcer and Asheer Malhotra}, title = {{Attackers use domain fronting technique to target Myanmar with Cobalt Strike}}, date = {2021-11-16}, organization = {Cisco}, url = {https://blog.talosintelligence.com/2021/11/attackers-use-domain-fronting-technique.html}, language = {English}, urldate = {2021-11-17} } Attackers use domain fronting technique to target Myanmar with Cobalt Strike
Cobalt Strike
2021-11-10Cisco TalosJungsoo An, Asheer Malhotra, Kendall McKay
@online{an:20211110:north:feab945, author = {Jungsoo An and Asheer Malhotra and Kendall McKay}, title = {{North Korean attackers use malicious blogs to deliver malware to high-profile South Korean targets}}, date = {2021-11-10}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2021/11/kimsuky-abuses-blogs-delivers-malware.html}, language = {English}, urldate = {2021-11-17} } North Korean attackers use malicious blogs to deliver malware to high-profile South Korean targets
GoldDragon
2021-11-09Cisco TalosClaudio Bozzato, Lilith Wyatt
@online{bozzato:20211109:cisco:2f6a349, author = {Claudio Bozzato and Lilith Wyatt}, title = {{Cisco Talos finds 10 vulnerabilities in Azure Sphere’s Linux kernel, Security Monitor and Pluton}}, date = {2021-11-09}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2021/11/cisco-talos-finds-10-vulnerabilities-in.html}, language = {English}, urldate = {2021-11-11} } Cisco Talos finds 10 vulnerabilities in Azure Sphere’s Linux kernel, Security Monitor and Pluton
2021-11-03Cisco TalosChetan Raghuprasad, Vanja Svajcer, Caitlin Huey
@online{raghuprasad:20211103:microsoft:2b6de43, author = {Chetan Raghuprasad and Vanja Svajcer and Caitlin Huey}, title = {{Microsoft Exchange vulnerabilities exploited once again for ransomware, this time with Babuk}}, date = {2021-11-03}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2021/11/babuk-exploits-exchange.html}, language = {English}, urldate = {2021-11-03} } Microsoft Exchange vulnerabilities exploited once again for ransomware, this time with Babuk
Babuk CHINACHOPPER
2021-10-26Cisco TalosEdmund Brumaghin, Mariano Graziano, Nick Mavis
@online{brumaghin:20211026:squirrelwaffle:88c5943, author = {Edmund Brumaghin and Mariano Graziano and Nick Mavis}, title = {{SQUIRRELWAFFLE Leverages malspam to deliver Qakbot, Cobalt Strike}}, date = {2021-10-26}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2021/10/squirrelwaffle-emerges.html}, language = {English}, urldate = {2021-11-02} } SQUIRRELWAFFLE Leverages malspam to deliver Qakbot, Cobalt Strike
Cobalt Strike QakBot Squirrelwaffle
2021-10-19Cisco TalosAsheer Malhotra
@online{malhotra:20211019:malicious:6889662, author = {Asheer Malhotra}, title = {{Malicious campaign uses a barrage of commodity RATs to target Afghanistan and India}}, date = {2021-10-19}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2021/10/crimeware-targets-afghanistan-india.html}, language = {English}, urldate = {2021-11-02} } Malicious campaign uses a barrage of commodity RATs to target Afghanistan and India
DCRat Quasar RAT
2021-10-19CiscoArtsiom Holub
@online{holub:20211019:strrat:4522f11, author = {Artsiom Holub}, title = {{STRRAT, ZLoader, and HoneyGain}}, date = {2021-10-19}, organization = {Cisco}, url = {https://umbrella.cisco.com/blog/cybersecurity-threat-spotlight-strrat-zloader-honeygain}, language = {English}, urldate = {2021-10-26} } STRRAT, ZLoader, and HoneyGain
STRRAT Zloader
2021-10-04CiscoTiago Pereira
@online{pereira:20211004:threat:9f493e1, author = {Tiago Pereira}, title = {{Threat hunting in large datasets by clustering security events}}, date = {2021-10-04}, organization = {Cisco}, url = {https://blog.talosintelligence.com/2021/10/threat-hunting-in-large-datasets-by.html}, language = {English}, urldate = {2021-10-20} } Threat hunting in large datasets by clustering security events
BazarBackdoor TrickBot
2021-09-30CiscoVitor Ventura, Arnaud Zobec
@online{ventura:20210930:wolf:5617c7f, author = {Vitor Ventura and Arnaud Zobec}, title = {{A wolf in sheep's clothing: Actors spread malware by leveraging trust in Amnesty International and fear of Pegasus}}, date = {2021-09-30}, organization = {Cisco}, url = {https://blog.talosintelligence.com/2021/09/fakeantipegasusamnesty.html}, language = {English}, urldate = {2021-10-20} } A wolf in sheep's clothing: Actors spread malware by leveraging trust in Amnesty International and fear of Pegasus
2021-09-16CiscoTiago Pereira, Vitor Ventura
@online{pereira:20210916:operation:133992d, author = {Tiago Pereira and Vitor Ventura}, title = {{Operation Layover: How we tracked an attack on the aviation industry to five years of compromise}}, date = {2021-09-16}, organization = {Cisco}, url = {https://blog.talosintelligence.com/2021/09/operation-layover-how-we-tracked-attack.html}, language = {English}, urldate = {2021-09-19} } Operation Layover: How we tracked an attack on the aviation industry to five years of compromise
AsyncRAT Houdini NjRAT
2021-08-31Cisco TalosEdmund Brumaghin, Vitor Ventura
@online{brumaghin:20210831:attracting:5d141c1, author = {Edmund Brumaghin and Vitor Ventura}, title = {{Attracting flies with Honey(gain): Adversarial abuse of proxyware}}, date = {2021-08-31}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2021/08/proxyware-abuse.html}, language = {English}, urldate = {2021-09-02} } Attracting flies with Honey(gain): Adversarial abuse of proxyware