Nick Biasini
@infosec-nick.bsky.social
Head of Outreach at Cisco Talos. These are my views not my employers. @infosec_nick on the other site.
Happy New Year from the arctic circle. Its natures fireworks in all their glory. 🤯
Happy 2025 y’all!!!!!
Happy 2025 y’all!!!!!
December 31, 2024 at 10:17 PM
Happy New Year from the arctic circle. Its natures fireworks in all their glory. 🤯
Happy 2025 y’all!!!!!
Happy 2025 y’all!!!!!
Success!! Incredible.
December 30, 2024 at 8:16 PM
Success!! Incredible.
Will be ringing in the new year in Tromsø, Norway. Going to try our best to finally see the aurora borealis. Regardless Norway is breathtaking. ❤️
December 29, 2024 at 12:30 AM
Will be ringing in the new year in Tromsø, Norway. Going to try our best to finally see the aurora borealis. Regardless Norway is breathtaking. ❤️
Taking it a bit deeper, we have a follow on specific to the actor behind WarmCookie, TA866 or Asylum Ambuscade. Great research tying a lot of data points together.
blog.talosintelligence.com/highlighting...
blog.talosintelligence.com/highlighting...
October 23, 2024 at 2:03 PM
Taking it a bit deeper, we have a follow on specific to the actor behind WarmCookie, TA866 or Asylum Ambuscade. Great research tying a lot of data points together.
blog.talosintelligence.com/highlighting...
blog.talosintelligence.com/highlighting...
Our latest is a deep dive into WarmCookie a new addition to the crimeware landscape. A new crimeware family emerges as another falls away, a pretty common narrative.
blog.talosintelligence.com/warmcookie-a...
blog.talosintelligence.com/warmcookie-a...
Threat Spotlight: WarmCookie/BadSpace
WarmCookie is a malware family that emerged in April 2024 and has been distributed via regularly conducted malspam and malvertising campaigns.
blog.talosintelligence.com
October 23, 2024 at 2:02 PM
Our latest is a deep dive into WarmCookie a new addition to the crimeware landscape. A new crimeware family emerges as another falls away, a pretty common narrative.
blog.talosintelligence.com/warmcookie-a...
blog.talosintelligence.com/warmcookie-a...
Early voted in Austin today. Took 15 mins and then I got a cheesesteak for lunch. Go vote and get yourself a treat. You deserve it for doing your part 🗳️
October 22, 2024 at 8:18 PM
Early voted in Austin today. Took 15 mins and then I got a cheesesteak for lunch. Go vote and get yourself a treat. You deserve it for doing your part 🗳️
Looks like deepfakes are becoming more prevalent. The future is going to be dark if people are already way down the misinformation hole without deepfakes. Scams are already everywhere, this is going to make it so much worse. It’s only a matter of time before this becomes widespread. 😔
She appeared to be a beautiful woman and in the minds of men across Asia, the video calls they spoke on confirmed their newfound love was real.
But Hong Kong police say the men had fallen prey to a romance scam that used deepfake AI to lure its victims into parting with more than $46 million.
But Hong Kong police say the men had fallen prey to a romance scam that used deepfake AI to lure its victims into parting with more than $46 million.
Deepfake romance scam raked in $46 million from men across Asia, police say | CNN
She appeared to be a beautiful woman and in the minds of men across Asia, the video calls they spoke on confirmed their newfound love was real.
www.cnn.com
October 15, 2024 at 12:28 PM
Looks like deepfakes are becoming more prevalent. The future is going to be dark if people are already way down the misinformation hole without deepfakes. Scams are already everywhere, this is going to make it so much worse. It’s only a matter of time before this becomes widespread. 😔
Unsuccessful trip to animal control for our lost cat, Franklin 😔
Only positive is animal control is close to Cuantas and I got eat some of the best tacos I’ve had in a while. It’s always the little things ❤️
Only positive is animal control is close to Cuantas and I got eat some of the best tacos I’ve had in a while. It’s always the little things ❤️
October 3, 2024 at 9:04 PM
Unsuccessful trip to animal control for our lost cat, Franklin 😔
Only positive is animal control is close to Cuantas and I got eat some of the best tacos I’ve had in a while. It’s always the little things ❤️
Only positive is animal control is close to Cuantas and I got eat some of the best tacos I’ve had in a while. It’s always the little things ❤️
Documentary on the incredible work we've done at Cisco Talos in #Ukraine to help keep the lights on is finally out. So much work went on behind the scenes to make this happen. Incredible to see the impact its had. Check it out. www.youtube.com/watch?v=5lio...
The Light We Keep: A Project PowerUp Story
YouTube video by Cisco Talos Intelligence Group
www.youtube.com
September 5, 2024 at 4:40 PM
Documentary on the incredible work we've done at Cisco Talos in #Ukraine to help keep the lights on is finally out. So much work went on behind the scenes to make this happen. Incredible to see the impact its had. Check it out. www.youtube.com/watch?v=5lio...
Reposted by Nick Biasini
I started looking at this because a document uploaded to VT was similar to documents with Picasso loader and I thought it could be a new variant. It turns out there is generator MacroPack generating these docs.
blog.talosintelligence.com/threat-actor...
blog.talosintelligence.com/threat-actor...
Threat actors using MacroPack to deploy Brute Ratel, Havoc and PhantomCore payloads
The threat of VBA macros has diminished since Microsoft prevented the execution of macros in Microsoft Office documents downloaded from the internet, but not all users are using the latest up-to-date ...
blog.talosintelligence.com
September 3, 2024 at 6:12 PM
I started looking at this because a document uploaded to VT was similar to documents with Picasso loader and I thought it could be a new variant. It turns out there is generator MacroPack generating these docs.
blog.talosintelligence.com/threat-actor...
blog.talosintelligence.com/threat-actor...
One of the things I love about #Austin. My neighbor already has their full #Halloween decorations out. I love where I live, and wish I had that kind of initiative. 🎃👻 #lifegoals
September 2, 2024 at 8:07 PM
One of the things I love about #Austin. My neighbor already has their full #Halloween decorations out. I love where I live, and wish I had that kind of initiative. 🎃👻 #lifegoals
Happy blue bonnet season y’all. 🪻🪻
March 6, 2024 at 11:49 PM
Happy blue bonnet season y’all. 🪻🪻
Latest research from my team on Turla activity targeting NGOs supporting Ukraine. Great work as always, full details 👇
TinyTurla Next Generation - Turla APT spies on Polish NGOs
This new backdoor we’re calling “TinyTurla-NG” (TTNG) is similar to Turla’s previously disclosed implant, TinyTurla, in coding style and functionality implementation.
blog.talosintelligence.com
February 15, 2024 at 2:41 PM
Latest research from my team on Turla activity targeting NGOs supporting Ukraine. Great work as always, full details 👇
It’s New Year’s Day morning which means it’s time for my favorite holiday tradition. Watching the best, mostly forgotten, new years movie ever made. 200 Cigarettes. Paul Rudd at his best. Here we go 2024.
January 1, 2024 at 3:39 PM
It’s New Year’s Day morning which means it’s time for my favorite holiday tradition. Watching the best, mostly forgotten, new years movie ever made. 200 Cigarettes. Paul Rudd at his best. Here we go 2024.
To me the biggest risk from AI was never how are the bad guys going to abuse it to create malware, it's how they are going to abuse it to steal the training data and models worth millions.
New: asking ChatGPT to repeat words "forever" is now a terms of service violation.
This comes after Google researchers used the tactic to get ChatGPT to reveal its training data, including peoples' personal information www.404media.co/asking-chatg...
This comes after Google researchers used the tactic to get ChatGPT to reveal its training data, including peoples' personal information www.404media.co/asking-chatg...
Asking ChatGPT to Repeat Words ‘Forever’ Is Now a Terms of Service Violation
A technique used by Google researchers to reveal ChatGPT training data is now banned by OpenAI.
www.404media.co
December 4, 2023 at 5:29 PM
To me the biggest risk from AI was never how are the bad guys going to abuse it to create malware, it's how they are going to abuse it to steal the training data and models worth millions.
Latest research from our team. Great work as always uncovering a network of seemingly related dating apps as well as the analysis of the malicious apps we found from AridViper. Details 👇
Arid Viper disguising mobile spyware as updates for non-malicious Android applications
Since April 2022, Cisco Talos has been tracking a malicious campaign operated by the espionage-motivated Arid Viper advanced persistent threat (APT) group targeting Arabic-speaking Android users.
blog.talosintelligence.com
October 31, 2023 at 3:49 PM
Latest research from our team. Great work as always uncovering a network of seemingly related dating apps as well as the analysis of the malicious apps we found from AridViper. Details 👇
My wife and I like to go big for Halloween. We really enjoy handing out treats and take it seriously. This year’s bag includes fun dip, an airhead, Rice Krispie treat, chocolate, and two dum dums. Made ~100 this year. Last year we ran out 🙃
October 31, 2023 at 1:47 PM
My wife and I like to go big for Halloween. We really enjoy handing out treats and take it seriously. This year’s bag includes fun dip, an airhead, Rice Krispie treat, chocolate, and two dum dums. Made ~100 this year. Last year we ran out 🙃
Score of the day from Austin Record Convention. 🎶🎶🤘
September 30, 2023 at 8:31 PM
Score of the day from Austin Record Convention. 🎶🎶🤘
Reposted by Nick Biasini
(1/13) Do you know Geena Davis? This is Geena Davis. She's, in my opinion, the most impressive actress alive and not because of the excellent roles she played... but because of the one role that changed the direction of her life. Geena Davis started her career in the classic Tootsie as April Page.
August 31, 2023 at 8:01 AM
(1/13) Do you know Geena Davis? This is Geena Davis. She's, in my opinion, the most impressive actress alive and not because of the excellent roles she played... but because of the one role that changed the direction of her life. Geena Davis started her career in the classic Tootsie as April Page.
Team published two blogs about some new Lazarus activity, including a new exploit added to their arsenal as well as a pivot to more open source tooling. Details
blog.talosintelligence.com/lazarus-quit...
blog.talosintelligence.com/lazarus-coll...
blog.talosintelligence.com/lazarus-quit...
blog.talosintelligence.com/lazarus-coll...
Lazarus Group exploits ManageEngine vulnerability to deploy QuiteRAT
This is the third documented campaign attributed to this actor in less than a year, with the actor reusing the same infrastructure throughout these operations.
blog.talosintelligence.com
August 25, 2023 at 3:57 PM
Team published two blogs about some new Lazarus activity, including a new exploit added to their arsenal as well as a pivot to more open source tooling. Details
blog.talosintelligence.com/lazarus-quit...
blog.talosintelligence.com/lazarus-coll...
blog.talosintelligence.com/lazarus-quit...
blog.talosintelligence.com/lazarus-coll...
Finally made it to Vegas and headed straight to Vesta. The only decent coffee in Vegas. Getting ready for the chaos ahead at hacker summer camp. 😬
August 8, 2023 at 4:55 PM
Finally made it to Vegas and headed straight to Vesta. The only decent coffee in Vegas. Getting ready for the chaos ahead at hacker summer camp. 😬
Commercial spyware gets most of the attention, but the mercenary landscape in general (i.e. hack for hire) is going to have increasing impacts on the overall landscape as time goes on, not just mobile platforms with commercial spyware. As long as there is a need, these groups are going to flourish.
July 31, 2023 at 8:31 PM
Commercial spyware gets most of the attention, but the mercenary landscape in general (i.e. hack for hire) is going to have increasing impacts on the overall landscape as time goes on, not just mobile platforms with commercial spyware. As long as there is a need, these groups are going to flourish.
Great research from @g0jirasan.bsky.social on driver abuse. Allowed actors to legitimately sign drivers with expired certificates. Follow on blog on malicious activity he found as well. Take a read below.
Red Driver activity details - https://blog.talosintelligence.com/undocumented-reddriver/
Red Driver activity details - https://blog.talosintelligence.com/undocumented-reddriver/
Old certificate, new signature: open-source tools forge signature timestamps on Windows drivers
* Cisco Talos has observed threat actors taking advantage of a Windows policy loophole that allows the signing and loading of cross-signed kernel mode drivers with signature timestamp prior to July 29...
blog.talosintelligence.com
July 11, 2023 at 5:20 PM
Great research from @g0jirasan.bsky.social on driver abuse. Allowed actors to legitimately sign drivers with expired certificates. Follow on blog on malicious activity he found as well. Take a read below.
Red Driver activity details - https://blog.talosintelligence.com/undocumented-reddriver/
Red Driver activity details - https://blog.talosintelligence.com/undocumented-reddriver/