Author | Lightnews

Jaeson Schultz @jaesons.bsky.social · Nov 20

Malicious QR Codes: How big of a problem is it, really?
blog.talosintelligence.com/malicious_qr...

Malicious QR Codes: How big of a problem is it, really?

QR codes are disproportionately effective at bypassing most anti-spam filters. Talos discovered two effective methods for defanging malicious QR codes, a necessary step to make them safe for consumpti...

blog.talosintelligence.com

2

Reposted by Jaeson Schultz

Richard @renuvian.bsky.social · Feb 28

In order to save democracy, Biden needs to threaten to assassinate all 6 conservatives on the Supreme Court as an official act of his presidency. It’s what FDR would have done.

4 32

Jaeson Schultz @jaesons.bsky.social · Feb 8

McAfee products are so shitty they need to fake finding viruses on your computer to generate sales

Jaeson Schultz @jaesons.bsky.social · Feb 6

Happy birthday Bob Marley

1

Reposted by Jaeson Schultz

Brendel @brendelbored.bsky.social · Jan 17

Headline: Kentucky Republican introduces bill to legalize sex with first cousins: report and then I put in a picture of the guy who founded Shelbyville that was really horny for his cousins because they are so attractive

7 18 200

Reposted by Jaeson Schultz

Ryan North @ryannorth.ca · Jan 8

This is a lie, and it's always been a lie. Something like ChatGPT needs a TON of text in the language you're targeting to train the model. You get it by licensing it, or you by paying people to write it for you, or by stealing it. What they're saying is it's impossible to create CHEAPLY.

Please Follow the Official Guardian Account @guardian-world-rss.bsky.social · Jan 8

‘Impossible’ to create AI tools like ChatGPT without copyrighted material, OpenAI says

Pressure grows on artificial intelligence firms over the content used to train their productsBusiness live – latest updatesThe developer OpenAI has said it would be impossible to create tools like its groundbreaking chatbot ChatGPT without access to copyrighted material, as pressure grows on artificial intelligence firms over the content used to train their products.Chatbots such as ChatGPT and image generators like Stable Diffusion are “trained” on a vast trove of data taken from the internet, with much of it covered by copyright – a legal protection against someone’s work being used without permission. Continue reading...

www.theguardian.com

49 970 2.8K

Jaeson Schultz @jaesons.bsky.social · Dec 4

At Talos, we fight the good fight every day to protect others. Read an account of how Talos worked with several other Cisco teams to help the Ukrainian people, who are struggling to maintain civilization in an invaded country, and keep the lights on.

blog.talosintelligence.com/project-powe...

Project PowerUp – Helping to keep the lights on in Ukraine in the face of electronic warfare

Project PowerUp is the story of how Cisco Talos worked with a multi-national, multi-company coalition of volunteers and experts to help “keep the lights on” in Ukraine, by injecting a measure of s...

blog.talosintelligence.com

1

Jaeson Schultz @jaesons.bsky.social · Nov 30

SugarGh0st RAT is a new customized variant of Gh0st RAT, an infamous trojan that’s been active for more than a decade

blog.talosintelligence.com/new-sugargh0...

New SugarGh0st RAT targets Uzbekistan government and South Korea

Cisco Talos recently discovered a malicious campaign that likely started as early as August 2023, delivering a new remote access trojan (RAT) we dubbed “SugarGh0st.”

blog.talosintelligence.com

Jaeson Schultz @jaesons.bsky.social · Nov 28

Many organizations are curious about the idea of threat hunting, but what does this really entail? In this video, we try to address the many answers to the question, "What is threat hunting?"

blog.talosintelligence.com/what-is-thre...

What is threat hunting?

Many organizations are curious about the idea of threat hunting, but what does this really entail? In this video, four experienced security professionals from across Cisco recently sat down to discus...

blog.talosintelligence.com

Jaeson Schultz @jaesons.bsky.social · Nov 21

Learn how a team of experts from Talos and others at Cisco are helping to protect #Ukraine's power grid with a line of specially crafted devices.

www.cnn.com/2023/11/21/p...

Exclusive: This pizza box-sized equipment could be key to Ukraine keeping the lights on this winter ...

Staring down another frigid winter and desperate to keep the lights on, Ukraine’s power grid operator has surreptitiously imported custom-built equipment designed to withstand Russian electronic w...

www.cnn.com

1 1

Jaeson Schultz @jaesons.bsky.social · Oct 31

A threat actor known as #AridViper (likely operating out of #Gaza) has been targeting users in the #MiddleEast with #spyware disguised as dating apps, dating back to November 2022.

blog.talosintelligence.com/arid-viper-m...

Arid Viper disguising mobile spyware as updates for non-malicious Android applications

Since April 2022, Cisco Talos has been tracking a malicious campaign operated by the espionage-motivated Arid Viper advanced persistent threat (APT) group targeting Arabic-speaking Android users.

blog.talosintelligence.com

1 1

Jaeson Schultz @jaesons.bsky.social · Oct 24

Attacks on web applications spike in third quarter, new Talos IR data shows

blog.talosintelligence.com/talos-ir-tre...

Attacks on web applications spike in third quarter, new Talos IR data shows

We observed the BlackByte ransomware group’s new variant, BlackByte NT, for the first time in addition to the previously seen LockBit ransomware, which continues to be the top observed ransomware fa...

blog.talosintelligence.com

Jaeson Schultz @jaesons.bsky.social · Oct 3

"ShroudedSnooper" is actively targeting telecommunications companies in the Middle East using a previously undiscovered #malware family. More details on this threat and how users can stay protected.

blog.talosintelligence.com/introducing-...

New ShroudedSnooper actor targets telecommunications firms in the Middle East with novel Implants

Cisco Talos has discovered a new intrusion set we're calling "ShroudedSnooper" consisting of two new implants "HTTPSnoop" and "PipeSnoop" targeting telecommunications firms in the middle-east.

blog.talosintelligence.com

Jaeson Schultz @jaesons.bsky.social · Aug 29

Not all Top Level Domains are created equal. Some TLDs do some pretty strange things in DNS.

blog.talosintelligence.com/whats-in-a-n...

What's in a name? Strange behaviors at top-level domains creates uncertainty in DNS

Google introduced the new “.zip” Top Level Domain (TLD) on May 3, 2023, igniting a firestorm of controversy as security organizations warned against the confusion that was certain to occur. When ...

blog.talosintelligence.com

2 4

Jaeson Schultz @jaesons.bsky.social · Aug 24

Lazarus Group is using a new remote access trojan called “CollectionRAT.” CollectionRAT appears to be connected to Jupiter/EarlyRAT, another malware family Kaspersky recently wrote about and attributed to Andariel, a subgroup within the Lazarus Group.

blog.talosintelligence.com/lazarus-coll...

Lazarus Group's infrastructure reuse leads to discovery of new malware

Lazarus Group appears to be changing its tactics, increasingly relying on open-source tools and frameworks in the initial access phase of their attacks, as opposed to strictly employing them in the po...

blog.talosintelligence.com

Jaeson Schultz @jaesons.bsky.social · Aug 24

Cisco Talos discovered the North Korean state-sponsored actor Lazarus Group targeting internet backbone infrastructure and healthcare entities in Europe and the United States.

blog.talosintelligence.com/lazarus-quit...

Lazarus Group exploits ManageEngine vulnerability to deploy QuiteRAT

This is the third documented campaign attributed to this actor in less than a year, with the actor reusing the same infrastructure throughout these operations.

blog.talosintelligence.com

1

Jaeson Schultz @jaesons.bsky.social · Aug 23

On the latest Security Stories podcast, we cover how Cisco Talos Incident Response helped one healthcare customer avoid the worst with retainer services.

www.cisco.com/c/en/us/prod...

Reposted by Jaeson Schultz

William Largent @securitywill.bsky.social · Aug 22

Holger wrote an amazing blog over on hexrays - digging in to generating signatures for Nim and other non-C programming languages.

Plugin focus: Generating signatures for Nim and other non-C programming languages – Hex Rays

hex-rays.com

1

Jaeson Schultz @jaesons.bsky.social · Aug 15

The rise of AI-powered criminals

https://blog.talosintelligence.com/the-rise-of-ai-powered-criminals/

The rise of AI-powered criminals: Identifying threats and opportunities

A major area of impact of AI tools in cybercrime is the reduced need for human involvement in certain aspects of cybercriminal organizations.

blog.talosintelligence.com

Jaeson Schultz @jaesons.bsky.social · Aug 8

There have been multiple leaks of ransomware source code and builders, giving unsophisticated attackers the ability to easily generate their own ransomware with little effort or knowledge.

https://blog.talosintelligence.com/code-leaks-new-ransomware-actors/

Code leaks are causing an influx of new ransomware actors

Cisco Talos is seeing an increasing number of ransomware variants emerge, since 2021, leading to more frequent attacks and new challenges for cybersecurity professionals, particularly regarding actor...

blog.talosintelligence.com

Jaeson Schultz @jaesons.bsky.social · Aug 3

Between new ransomware groups, a growing mercenary space, espionage campaigns, supply chain attacks, and new “as a service” tools popping up, there's a lot to talk about already in the first half of 2023.

Half-Year in Review: Recapping the top threats and security trends so far in 2023

We've seen threat actors utilize every chance they get to steal sensitive data, to be used in future attacks and/or to manipulate victims into paying up before their data ends up on the dark web.

blog.talosintelligence.com

Jaeson Schultz @jaesons.bsky.social · Aug 2

The many vulnerabilities Talos discovered in SOHO and industrial wireless routers post-VPNFilter

https://blog.talosintelligence.com/router-researcher-vulnerability-spotlight-23/

The many vulnerabilities Talos discovered in SOHO and industrial wireless routers post-VPNFilter

Given the privileged position these devices occupy on the networks they serve, they are prime targets for attackers, so their security posture is of paramount importance.

blog.talosintelligence.com

1

Jaeson Schultz @jaesons.bsky.social · Jul 31

Data theft extortion rose as the threat Talos Incident Response saw the most last quarter. Want to learn more about what we're seeing in the wild, and what you can learn from it? Read our latest Quarterly Report.

https://blog.talosintelligence.com/talos-ir-q2-2023-quarterly-recap/

Incident Response trends Q2 2023: Data theft extortion rises, while healthcare is still most-targete...

Ransomware was the second most-observed threat this quarter, accounting for 17 percent of engagements, a slight increase from last quarter’s 10 percent.

blog.talosintelligence.com

Jaeson Schultz @jaesons.bsky.social · Jul 25

As the internet starts to pivot away from passwords as a primary login method, what might future #phishing attacks look like? We address this future in our latest post
https://blog.talosintelligence.com/what-might-authentication-attacks-look-like-in-a-phishing-resistant-future/

1

Jaeson Schultz @jaesons.bsky.social · Jul 12

Cisco Talos recently saw threat actors exploiting a #Windows policy loophole that allows the signing and loading of cross-signed kernel-mode drivers with older signature timestamps. #Microsoft just released an advisory on this activity, but more on our blog here: http://cs.co/6011PzaVd

Old certificate, new signature: Open-source tools forge signature timestamps on Windows drivers

Actors are leveraging multiple open-source tools that alter the signing date of kernel mode drivers to load malicious and unverified drivers signed with expired certificates.

cs.co

1