Threat Roundup for March 24 to March 31

Today, Talos is publishing a glimpse into the most prevalent threats weve observed between March 24 and March 31. As with previous roundups, this post isnt meant to be an in-depth analysis. Instead, this post will summarize the threats weve observed by highlighting key behavioral characteristics,...

EINSTEIN Data Trends – 30-day Lookback

Summary Cybersecurity and Infrastructure Security Agency CISA analysts have compiled the top detection signatures that have been the most active over the month of May in our national Intrusion Detection System IDS, known as EINSTEIN. This information is meant to give the reader a closer look into...

Threat Roundup for February 7 to February 14

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Feb. 7 and Feb. 14. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

Threat Roundup for January 31 to February 7

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Jan. 31 and Feb. 7. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

Threat Roundup for November 1 to November 8

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Nov. 1 and Nov. 8. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

Threat Roundup for October 18 to October 25

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Oct. 18 and Oct. 25. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...

Threat Roundup for September 20 to September 27

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Sept. 20 and Sept. 27. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral...

Threat Roundup for July 19 to July 26

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between July 19 and July 26. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...

Threat Roundup for June 21 to June 28

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between June 21 and June 28. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...

Threat Roundup for May 24 to May 31

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between May 24 and May 31. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

Threat Roundup for May 17 to May 24

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between May 17 and May 24. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

Threat Roundup for May 3 to May 10

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between May 03 and May 10. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

Threat Roundup for March 8 to March 15

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between March 08 and March 15. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral...

FBI Sinkholes $38M Global Ad Fraud Operation

The FBI has taken control of 31 web domains in a widespread takedown of a multi-year, global ad fraud campaign, believed to have stolen at least $38 million, partly via a botnet strategy. In addition, eight defendants face a 13-count indictment from a federal court in Brooklyn in the case. The...

Warning: Millions Of P0rnHub Users Hit With Malvertising Attack

Researchers from cybersecurity firm Proofpoint have recently discovered a large-scale malvertising campaign that exposed millions of Internet users in the United States, Canada, the UK, and Australia to malware infections. Active for more than a year and still ongoing, the malware campaign is bei...

NemucodAES Ransomware, Kovter Click-Fraud Malware Spreading in Same Campaigns

Two malware families, NemucodAES and Kovter, are being packaged together in .zip attachments and delivered via active spam campaigns. Researcher Brad Duncan said, “together these two pieces of malware could deliver a nasty punch.” Duncan, a handler at the SANS Institute Internet Storm Center, sai...

Adware the series, part 6

In this series of posts, we will be using the flowchart below to follow the process of determining which adware we are dealing with. Our objective is to give you an idea of how many different types of adware are around for Windows systems. Though most are classified as PUPs, you will also see the...

Locky Ransomware, Kovter Click-Fraud Malware Spreading in Same Campaigns

Researchers at Microsoft’s Malware Protection Center have spotted malicious email campaigns using .lnk attachments to spread Locky ransomware and the Kovter click-fraud Trojan, the first time criminals have simultaneously distributed both pieces of malware. According to Microsoft, the .lnk file n...

Improved scripts in .lnk files now deliver Kovter in addition to Locky

Cybercriminals are using a combination of improved script and well-maintained download sites to attempt installing Locky and Kovter on more computers. A few months ago, we reported an email campaign distributing .lnk files with a malicious script that delivered Locky ransomware. Opening the...

Kovter becomes almost file-less, creates a new file type, and gets some new certificates

Trojan:Win32/Kovter is a well-known click-fraud malware which is challenging to detect and remove because of its file-less persistence on infected PCs. In this blog, we will share some technical details about the latest changes we have seen in Kovter’s persistence method and some updates on their...