Jaeson Schultz
@jaesons.bsky.social
Malicious QR Codes: How big of a problem is it, really?
blog.talosintelligence.com/malicious_qr...
blog.talosintelligence.com/malicious_qr...
Malicious QR Codes: How big of a problem is it, really?
QR codes are disproportionately effective at bypassing most anti-spam filters. Talos discovered two effective methods for defanging malicious QR codes, a necessary step to make them safe for consumpti...
blog.talosintelligence.com
November 20, 2024 at 11:40 PM
Malicious QR Codes: How big of a problem is it, really?
blog.talosintelligence.com/malicious_qr...
blog.talosintelligence.com/malicious_qr...
Reposted by Jaeson Schultz
In order to save democracy, Biden needs to threaten to assassinate all 6 conservatives on the Supreme Court as an official act of his presidency. It’s what FDR would have done.
February 28, 2024 at 10:33 PM
In order to save democracy, Biden needs to threaten to assassinate all 6 conservatives on the Supreme Court as an official act of his presidency. It’s what FDR would have done.
McAfee products are so shitty they need to fake finding viruses on your computer to generate sales
February 8, 2024 at 2:02 PM
McAfee products are so shitty they need to fake finding viruses on your computer to generate sales
Reposted by Jaeson Schultz
Reposted by Jaeson Schultz
This is a lie, and it's always been a lie. Something like ChatGPT needs a TON of text in the language you're targeting to train the model. You get it by licensing it, or you by paying people to write it for you, or by stealing it. What they're saying is it's impossible to create CHEAPLY.
‘Impossible’ to create AI tools like ChatGPT without copyrighted material, OpenAI says
‘Impossible’ to create AI tools like ChatGPT without copyrighted material, OpenAI says
Pressure grows on artificial intelligence firms over the content used to train their productsBusiness live – latest updatesThe developer OpenAI has said it would be impossible to create tools like its groundbreaking chatbot ChatGPT without access to copyrighted material, as pressure grows on artificial intelligence firms over the content used to train their products.Chatbots such as ChatGPT and image generators like Stable Diffusion are “trained” on a vast trove of data taken from the internet, with much of it covered by copyright – a legal protection against someone’s work being used without permission. Continue reading...
www.theguardian.com
January 8, 2024 at 3:26 PM
This is a lie, and it's always been a lie. Something like ChatGPT needs a TON of text in the language you're targeting to train the model. You get it by licensing it, or you by paying people to write it for you, or by stealing it. What they're saying is it's impossible to create CHEAPLY.
At Talos, we fight the good fight every day to protect others. Read an account of how Talos worked with several other Cisco teams to help the Ukrainian people, who are struggling to maintain civilization in an invaded country, and keep the lights on.
blog.talosintelligence.com/project-powe...
blog.talosintelligence.com/project-powe...
Project PowerUp – Helping to keep the lights on in Ukraine in the face of electronic warfare
Project PowerUp is the story of how Cisco Talos worked with a multi-national, multi-company coalition of volunteers and experts to help “keep the lights on” in Ukraine, by injecting a measure of s...
blog.talosintelligence.com
December 4, 2023 at 8:14 PM
At Talos, we fight the good fight every day to protect others. Read an account of how Talos worked with several other Cisco teams to help the Ukrainian people, who are struggling to maintain civilization in an invaded country, and keep the lights on.
blog.talosintelligence.com/project-powe...
blog.talosintelligence.com/project-powe...
SugarGh0st RAT is a new customized variant of Gh0st RAT, an infamous trojan that’s been active for more than a decade
blog.talosintelligence.com/new-sugargh0...
blog.talosintelligence.com/new-sugargh0...
New SugarGh0st RAT targets Uzbekistan government and South Korea
Cisco Talos recently discovered a malicious campaign that likely started as early as August 2023, delivering a new remote access trojan (RAT) we dubbed “SugarGh0st.”
blog.talosintelligence.com
November 30, 2023 at 2:24 PM
SugarGh0st RAT is a new customized variant of Gh0st RAT, an infamous trojan that’s been active for more than a decade
blog.talosintelligence.com/new-sugargh0...
blog.talosintelligence.com/new-sugargh0...
Many organizations are curious about the idea of threat hunting, but what does this really entail? In this video, we try to address the many answers to the question, "What is threat hunting?"
blog.talosintelligence.com/what-is-thre...
blog.talosintelligence.com/what-is-thre...
What is threat hunting?
Many organizations are curious about the idea of threat hunting, but what does this really entail? In this video, four experienced security professionals from across Cisco recently sat down to discus...
blog.talosintelligence.com
November 28, 2023 at 8:47 PM
Many organizations are curious about the idea of threat hunting, but what does this really entail? In this video, we try to address the many answers to the question, "What is threat hunting?"
blog.talosintelligence.com/what-is-thre...
blog.talosintelligence.com/what-is-thre...
Learn how a team of experts from Talos and others at Cisco are helping to protect #Ukraine's power grid with a line of specially crafted devices.
www.cnn.com/2023/11/21/p...
www.cnn.com/2023/11/21/p...
Exclusive: This pizza box-sized equipment could be key to Ukraine keeping the lights on this winter ...
Staring down another frigid winter and desperate to keep the lights on, Ukraine’s power grid operator has surreptitiously imported custom-built equipment designed to withstand Russian electronic w...
www.cnn.com
November 21, 2023 at 11:20 PM
Learn how a team of experts from Talos and others at Cisco are helping to protect #Ukraine's power grid with a line of specially crafted devices.
www.cnn.com/2023/11/21/p...
www.cnn.com/2023/11/21/p...
A threat actor known as #AridViper (likely operating out of #Gaza) has been targeting users in the #MiddleEast with #spyware disguised as dating apps, dating back to November 2022.
blog.talosintelligence.com/arid-viper-m...
blog.talosintelligence.com/arid-viper-m...
Arid Viper disguising mobile spyware as updates for non-malicious Android applications
Since April 2022, Cisco Talos has been tracking a malicious campaign operated by the espionage-motivated Arid Viper advanced persistent threat (APT) group targeting Arabic-speaking Android users.
blog.talosintelligence.com
October 31, 2023 at 3:34 PM
A threat actor known as #AridViper (likely operating out of #Gaza) has been targeting users in the #MiddleEast with #spyware disguised as dating apps, dating back to November 2022.
blog.talosintelligence.com/arid-viper-m...
blog.talosintelligence.com/arid-viper-m...
Attacks on web applications spike in third quarter, new Talos IR data shows
blog.talosintelligence.com/talos-ir-tre...
blog.talosintelligence.com/talos-ir-tre...
Attacks on web applications spike in third quarter, new Talos IR data shows
We observed the BlackByte ransomware group’s new variant, BlackByte NT, for the first time in addition to the previously seen LockBit ransomware, which continues to be the top observed ransomware fa...
blog.talosintelligence.com
October 24, 2023 at 3:06 PM
Attacks on web applications spike in third quarter, new Talos IR data shows
blog.talosintelligence.com/talos-ir-tre...
blog.talosintelligence.com/talos-ir-tre...
"ShroudedSnooper" is actively targeting telecommunications companies in the Middle East using a previously undiscovered #malware family. More details on this threat and how users can stay protected.
blog.talosintelligence.com/introducing-...
blog.talosintelligence.com/introducing-...
New ShroudedSnooper actor targets telecommunications firms in the Middle East with novel Implants
Cisco Talos has discovered a new intrusion set we're calling "ShroudedSnooper" consisting of two new implants "HTTPSnoop" and "PipeSnoop" targeting telecommunications firms in the middle-east.
blog.talosintelligence.com
October 3, 2023 at 10:08 PM
"ShroudedSnooper" is actively targeting telecommunications companies in the Middle East using a previously undiscovered #malware family. More details on this threat and how users can stay protected.
blog.talosintelligence.com/introducing-...
blog.talosintelligence.com/introducing-...
Not all Top Level Domains are created equal. Some TLDs do some pretty strange things in DNS.
blog.talosintelligence.com/whats-in-a-n...
blog.talosintelligence.com/whats-in-a-n...
What's in a name? Strange behaviors at top-level domains creates uncertainty in DNS
Google introduced the new “.zip” Top Level Domain (TLD) on May 3, 2023, igniting a firestorm of controversy as security organizations warned against the confusion that was certain to occur.
When ...
blog.talosintelligence.com
August 29, 2023 at 2:31 PM
Not all Top Level Domains are created equal. Some TLDs do some pretty strange things in DNS.
blog.talosintelligence.com/whats-in-a-n...
blog.talosintelligence.com/whats-in-a-n...
Lazarus Group is using a new remote access trojan called “CollectionRAT.” CollectionRAT appears to be connected to Jupiter/EarlyRAT, another malware family Kaspersky recently wrote about and attributed to Andariel, a subgroup within the Lazarus Group.
blog.talosintelligence.com/lazarus-coll...
blog.talosintelligence.com/lazarus-coll...
Lazarus Group's infrastructure reuse leads to discovery of new malware
Lazarus Group appears to be changing its tactics, increasingly relying on open-source tools and frameworks in the initial access phase of their attacks, as opposed to strictly employing them in the po...
blog.talosintelligence.com
August 24, 2023 at 3:46 PM
Lazarus Group is using a new remote access trojan called “CollectionRAT.” CollectionRAT appears to be connected to Jupiter/EarlyRAT, another malware family Kaspersky recently wrote about and attributed to Andariel, a subgroup within the Lazarus Group.
blog.talosintelligence.com/lazarus-coll...
blog.talosintelligence.com/lazarus-coll...
Cisco Talos discovered the North Korean state-sponsored actor Lazarus Group targeting internet backbone infrastructure and healthcare entities in Europe and the United States.
blog.talosintelligence.com/lazarus-quit...
blog.talosintelligence.com/lazarus-quit...
Lazarus Group exploits ManageEngine vulnerability to deploy QuiteRAT
This is the third documented campaign attributed to this actor in less than a year, with the actor reusing the same infrastructure throughout these operations.
blog.talosintelligence.com
August 24, 2023 at 3:43 PM
Cisco Talos discovered the North Korean state-sponsored actor Lazarus Group targeting internet backbone infrastructure and healthcare entities in Europe and the United States.
blog.talosintelligence.com/lazarus-quit...
blog.talosintelligence.com/lazarus-quit...
On the latest Security Stories podcast, we cover how Cisco Talos Incident Response helped one healthcare customer avoid the worst with retainer services.
www.cisco.com/c/en/us/prod...
www.cisco.com/c/en/us/prod...
August 23, 2023 at 6:49 PM
On the latest Security Stories podcast, we cover how Cisco Talos Incident Response helped one healthcare customer avoid the worst with retainer services.
www.cisco.com/c/en/us/prod...
www.cisco.com/c/en/us/prod...
Reposted by Jaeson Schultz
Holger wrote an amazing blog over on hexrays - digging in to generating signatures for Nim and other non-C programming languages.
Plugin focus: Generating signatures for Nim and other non-C programming languages – Hex Rays
hex-rays.com
August 22, 2023 at 2:11 PM
Holger wrote an amazing blog over on hexrays - digging in to generating signatures for Nim and other non-C programming languages.
The rise of AI-powered criminals
https://blog.talosintelligence.com/the-rise-of-ai-powered-criminals/
https://blog.talosintelligence.com/the-rise-of-ai-powered-criminals/
The rise of AI-powered criminals: Identifying threats and opportunities
A major area of impact of AI tools in cybercrime is the reduced need for human involvement in certain aspects of cybercriminal organizations.
blog.talosintelligence.com
August 15, 2023 at 4:33 PM
The rise of AI-powered criminals
https://blog.talosintelligence.com/the-rise-of-ai-powered-criminals/
https://blog.talosintelligence.com/the-rise-of-ai-powered-criminals/
There have been multiple leaks of ransomware source code and builders, giving unsophisticated attackers the ability to easily generate their own ransomware with little effort or knowledge.
https://blog.talosintelligence.com/code-leaks-new-ransomware-actors/
https://blog.talosintelligence.com/code-leaks-new-ransomware-actors/
Code leaks are causing an influx of new ransomware actors
Cisco Talos is seeing an increasing number of ransomware variants emerge, since 2021, leading to more frequent attacks and new challenges for cybersecurity professionals, particularly regarding actor...
blog.talosintelligence.com
August 8, 2023 at 4:54 PM
There have been multiple leaks of ransomware source code and builders, giving unsophisticated attackers the ability to easily generate their own ransomware with little effort or knowledge.
https://blog.talosintelligence.com/code-leaks-new-ransomware-actors/
https://blog.talosintelligence.com/code-leaks-new-ransomware-actors/
Between new ransomware groups, a growing mercenary space, espionage campaigns, supply chain attacks, and new “as a service” tools popping up, there's a lot to talk about already in the first half of 2023.
Half-Year in Review: Recapping the top threats and security trends so far in 2023
We've seen threat actors utilize every chance they get to steal sensitive data, to be used in future attacks and/or to manipulate victims into paying up before their data ends up on the dark web.
blog.talosintelligence.com
August 3, 2023 at 4:03 PM
Between new ransomware groups, a growing mercenary space, espionage campaigns, supply chain attacks, and new “as a service” tools popping up, there's a lot to talk about already in the first half of 2023.
The many vulnerabilities Talos discovered in SOHO and industrial wireless routers post-VPNFilter
https://blog.talosintelligence.com/router-researcher-vulnerability-spotlight-23/
https://blog.talosintelligence.com/router-researcher-vulnerability-spotlight-23/
The many vulnerabilities Talos discovered in SOHO and industrial wireless routers post-VPNFilter
Given the privileged position these devices occupy on the networks they serve, they are prime targets for attackers, so their security posture is of paramount importance.
blog.talosintelligence.com
August 2, 2023 at 2:57 PM
The many vulnerabilities Talos discovered in SOHO and industrial wireless routers post-VPNFilter
https://blog.talosintelligence.com/router-researcher-vulnerability-spotlight-23/
https://blog.talosintelligence.com/router-researcher-vulnerability-spotlight-23/
Data theft extortion rose as the threat Talos Incident Response saw the most last quarter. Want to learn more about what we're seeing in the wild, and what you can learn from it? Read our latest Quarterly Report.
https://blog.talosintelligence.com/talos-ir-q2-2023-quarterly-recap/
https://blog.talosintelligence.com/talos-ir-q2-2023-quarterly-recap/
Incident Response trends Q2 2023: Data theft extortion rises, while healthcare is still most-targete...
Ransomware was the second most-observed threat this quarter, accounting for 17 percent of engagements, a slight increase from last quarter’s 10 percent.
blog.talosintelligence.com
July 31, 2023 at 8:10 PM
Data theft extortion rose as the threat Talos Incident Response saw the most last quarter. Want to learn more about what we're seeing in the wild, and what you can learn from it? Read our latest Quarterly Report.
https://blog.talosintelligence.com/talos-ir-q2-2023-quarterly-recap/
https://blog.talosintelligence.com/talos-ir-q2-2023-quarterly-recap/
As the internet starts to pivot away from passwords as a primary login method, what might future #phishing attacks look like? We address this future in our latest post
https://blog.talosintelligence.com/what-might-authentication-attacks-look-like-in-a-phishing-resistant-future/
https://blog.talosintelligence.com/what-might-authentication-attacks-look-like-in-a-phishing-resistant-future/
July 25, 2023 at 3:43 PM
As the internet starts to pivot away from passwords as a primary login method, what might future #phishing attacks look like? We address this future in our latest post
https://blog.talosintelligence.com/what-might-authentication-attacks-look-like-in-a-phishing-resistant-future/
https://blog.talosintelligence.com/what-might-authentication-attacks-look-like-in-a-phishing-resistant-future/
Cisco Talos recently saw threat actors exploiting a #Windows policy loophole that allows the signing and loading of cross-signed kernel-mode drivers with older signature timestamps. #Microsoft just released an advisory on this activity, but more on our blog here: http://cs.co/6011PzaVd
Old certificate, new signature: Open-source tools forge signature timestamps on Windows drivers
Actors are leveraging multiple open-source tools that alter the signing date of kernel mode drivers to load malicious and unverified drivers signed with expired certificates.
cs.co
July 12, 2023 at 10:22 AM
Cisco Talos recently saw threat actors exploiting a #Windows policy loophole that allows the signing and loading of cross-signed kernel-mode drivers with older signature timestamps. #Microsoft just released an advisory on this activity, but more on our blog here: http://cs.co/6011PzaVd
#Spyware and the "mercenary" groups that make these tools aren't going anywhere. Here's what makes these groups so dangerous and what other steps the #cybersecurity community should still be taking.
https://blog.talosintelligence.com/the-growth-of-commercial-spyware/
https://blog.talosintelligence.com/the-growth-of-commercial-spyware/
July 6, 2023 at 6:10 PM
#Spyware and the "mercenary" groups that make these tools aren't going anywhere. Here's what makes these groups so dangerous and what other steps the #cybersecurity community should still be taking.
https://blog.talosintelligence.com/the-growth-of-commercial-spyware/
https://blog.talosintelligence.com/the-growth-of-commercial-spyware/