Jaeson Schultz - Cisco Talos Blog

Cisco Talos Blog

November 20, 2024 06:00

Malicious QR Codes: How big of a problem is it, really?

QR codes are disproportionately effective at bypassing most anti-spam filters. Talos discovered two effective methods for defanging malicious QR codes, a necessary step to make them safe for consumption.

September 26, 2024 09:00

Simple Mail Transfer Pirates: How threat actors are abusing third-party infrastructure to send spam

Many spammers have elected to attack web pages and mail servers of legitimate organizations, so they may use these “pirated” resources to send unsolicited email.

November 9, 2023 08:00

Spammers abuse Google Forms’ quiz to deliver scams

Cisco Talos has recently observed an increase in spam messages abusing a feature of quizzes created within Google Forms.

August 29, 2023 08:00

What's in a name? Strange behaviors at top-level domains creates uncertainty in DNS

Confusion over whether some name is a public DNS name or another private resource can cause sensitive data to fall into the hands of unintended recipients.

April 13, 2023 00:48

How threat actors are using AI and other modern tools to enhance their phishing attempts

Tools like ChatGPT aren't making social engineering attacks any more effective, but it does make it faster for actors to write up phishing emails.

March 22, 2023 15:41

Emotet resumes spam operations, switches to OneNote

Since returning, Emotet has leveraged several distinct infection chains, indicating that they are modifying their approach based on their perceived success in infecting new systems.

December 13, 2022 15:30

HTML smugglers turn to SVG images

* HTML smuggling is a technique attackers use to hide an encoded malicious script within an HTML email attachment or webpage. * Once a victim receives the email and opens the attachment, their browser decodes and runs the script, which then assembles a malicious payload directl

October 4, 2022 08:51

Developer account body snatchers pose risks to the software supply chain

Cisco Talos examined several frequently used code repositories. We looked specifically at the security afforded to developer accounts, and how difficult it would be for an attacker to take over a developer account.

July 21, 2022 08:00

Attackers target Ukraine using GoMet backdoor

Executive summary Since the Russian invasion of Ukraine began, Ukrainians have been under a nearly constant barrage of cyber attacks. Working jointly with Ukrainian organizations, Cisco Talos has discovered a fairly uncommon piece of malware targeting Ukraine — this time aimed a