Threat Roundup for January 14 to January 21

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between Jan. 14 and Jan. 21. As with previous roundups, this post isn’t meant to be an…

Threat Roundup for January 7 to January 14

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between Jan. 7 and Jan. 14. As with previous roundups, this post isn’t meant to be an…

Talos Takes Ep. #82: Log4j followed us in 2022

By Jon Munshaw. The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. It’s…

Beers with Talos, Ep. #114: And then there were two…

Beers with Talos (BWT) Podcast episode No. 114 is now available. Download this episode and subscribe to Beers with Talos: Apple Podcasts  Google Podcasts  Spotify  Stitcher Recorded Dec. 9, 2021.If iTunes and Google…

NSO zero-click iMessage exploit hacks iPhone without need to click links

The IT security researchers at Google have declared the NSO zero-click iMessage exploit as “Terrifying.” Google Project Zero’s (GPZ) Ian Beer and Samuel Groß have shared details on a new…

‘DarkWatchman’ RAT Shows Evolution in Fileless Malware

The new tool manipulates Windows Registry in unique ways to evade security detections and is likely being used by ransomware groups for initial network access. A novel remote access trojan…

Log4j flaw: This new threat is going to affect cybersecurity for a long time

If there ever was any doubt over the severity of the Log4j vulnerability, director of US cybersecurity and infrastructure agency CISA, Jen Easterly, immediately quashed those doubts when she described…

Google: This zero-click iPhone attack was incredible and terrifying

Google has explained how surveillance company NSO Group developed an exploit that would allow users of its software to gain access to an iPhone and install spyware – without a…

Variant of Phorpiex botnet used for cryptocurrency attacks in Ethopia, Nigeria, India and more

Check Point Research has discovered new attacks targeting cryptocurrency users in Ethiopia, Nigeria, India and 93 other countries. The cybercriminals behind the attacks are using a variant of the Phorpiex…

Malicious Exchange Server Module Hoovers Up Outlook Credentials

“Owowa” stealthily lurks on IIS servers, waiting to harvest successful logins when an Outlook Web Access (OWA) authentication request is made. Researchers have uncovered a previously unknown malicious IIS module,…