Microsoft: SesameOp malware abuses OpenAI Assistants API in attacks Microsoft security researchers have discovered a new backdoor malware named SesameOp that uses the OpenAI Assistants API as a covert command-and-control channel.

Microsoft security researchers have discovered a new backdoor malware named SesameOp that uses the OpenAI Assistants API as a covert command-and-control channel.

How SnortML Uses Machine Learning to Stop Zero-Day Attacks YouTube video by Cisco Talos Intelligence Group

SnortML, Cisco’s machine learning-powered detection engine, identifies patterns of exploit attempts — even those it hasn't seen before — without relying on static rules. Stop by the Cisco booth at Black Hat to learn more: www.youtube.com/watch?v=jkxn...

Jaeson, a qhite man with a moustache and beard, smiles at the camera.

Don’t miss Part 2 of last week's TTP! Talos' Jaeson Schultz breaks down how attackers are using large language models (LLMs) to usher in the next phase of cyber threats by manipulating the data these models rely on: http://cs.co/633204Cuoo

Jaeson, a white man with a moustache and beard, smiles at the camera. The "TTP" logo is on a black background on the right half of the screen.

Don't miss the newest TTP! Jaeson Schultz joins Hazel to explore the wild world of cybercriminals scamming each other with fake AI tools, inventing new ways to jailbreak large language models, and so much more: http://cs.co/633204IoEG

UNC6040 used voice-phishing to steal data from companies' Salesforce systems

cloud.google.com/blog/topics/...

While important to have, MFA isn’t an invincible shield. Ready to see how cybercriminals are bypassing MFA — and what it means for your security? Read our newest blog: blog.talosintelligence.com/state-of-the...

In 2024, the education sector faced the brunt of ransomware attacks. 📚 Explore our latest summary for more insights, including the methods ransomware actors are using to slip past defenses with minimal noise: blog.talosintelligence.com/year-in-revi...

Banner reading: "Threat Source newsletter: All the security news you need to know - hitting your inbox every Thursday."

In this week's Threat Source newsletter, Martin shares strategies to strengthen defenses against evolving email lures and frequently targeted vulnerabilities, even when budgets are tight. Read it here: http://cs.co/63325FLEAf

Part 2 of the latest Talos Threat Perspective is out now! This year's report authors dive into most prolific ransomware groups and what is contributing to their success. Watch the full video here: youtu.be/YFwMSxYd-Kk?...

Cisco Talos’ 2024 Year in Review is available now! With visibility into more than 886 billion security events per day, the report features our key insights. Read the full report here: http://cs.co/63320FzuMG

💡phisherman: A real fake social engineering app

Link: github.com/jfmaes/phish...

2025-02-25 (Tuesday): #VenomRAT from #malspam uses zip attachment containing a VHD file containing a VBS file. Calls Pastebin link for C2 server information. Details at github.com/malware-traf...

Nothing to see here. Just casually dropping a comprehensive list of banned books

docs.house.gov/meetings/GO/...

The Witcher 3: Wild Hunt

Cisco Talos Threat Source Newsletter logo

This week's newsletter is fresh in your inbox. William dives into security and efficiency, and the latest Talos research: http://cs.co/63329IhpJ3

2025-02-05 (Wednesday): #ClearFake / #ClickFix style fake CAPTCHA leads to possible #Vidar.

Vidar C2 using eteherealpath[.]top behind Cloudflare.

Details at github.com/malware-traf...

Screenshot of my blog post with analysis of the XLoader infection.

XLoader distributed as a RAR attachment to an email. The malware is a Windows executable file within that RAR archive.

Traffic from the XLoader infection filtered in Wireshark.

XLoader persistent on the infected Windows host through a Windows registry update.

2025-01-30 (Thursday): #XLoader infection. Unlike my previous XLoader infections, this one didn't run in my VM, so I used a physical host. A #pcap of the infection traffic, the associated malware samples, and more info is available at malware-traffic-analysis.net/2025/01/30/i...

2025-01-28 (Tues): A case of web injects--malicious script injected in pages of legit websites. In this example, a site has two instances of injected script, #KongTuke and #SocGholish. A #pcap of the resulting infection, malware samples & more info at www.malware-traffic-analysis.net/2025/01/28/i...

New TorNet backdoor seen in widespread campaign Cisco Talos discovered an ongoing malicious campaign operated by a financially motivated threat actor targeting users, predominantly in Poland and Germany.

We've discovered an ongoing malicious campaign operated by a financially motivated threat actor targeting users, predominantly in Poland and Germany. Read the blog on the new TorNet backdoor here:
blog.talosintelligence.com/new-tornet-b...

Recent changes in #LummaStealer - using ChaCha20 for C2 encryption, the new config extractor in C/C++. Courtesy of @russianpanda.bsky.social
github.com/RussianPanda...

Seasoning email threats with hidden text salting Hidden text salting is a simple yet effective technique for bypassing email parsers, confusing spam filters, and evading detection engines that rely on keywords. Cisco Talos has observed an increase i...

We observed an increase in the number of email threats leveraging hidden text salting, also known as "poisoning", in the second half of 2024. Read our latest blog to learn more: blog.talosintelligence.com/seasoning-em...

I'm teaching Machine Learning Security as an online class, free for anyone to attend (as all my classes are):
https://samsclass.info/ML/ML_S25.shtml

3 takeaways from red teaming 100 generative AI products | Microsoft Security Blog The growing sophistication of AI systems and Microsoft’s increasing investment in AI have made red teaming more important than ever. Learn more.

The Microsoft AI Red Team recently released both a blog and an in-depth whitepaper after red teaming 100+ different GenAI products.

Read the blog here - microsoft.com/en-us/securi...

And download the whitepaper here - airedteamwhitepapers.blob.core.windows.net/lessonswhite...

I wish more managers hear that.

Deepfake YouTube Ads of Celebrities Promise to Get You ‘Rock Hard’ Deepfakes of Arnold Schwarzenegger, Sylvester Stallone, Mike Tyson, and Terry Crews are selling erectile dysfunction supplements on YouTube.

New: YouTube is running hundreds of ads featuring deepfaked celebrities like Arnold Schwarzenegger, Sylvester Stallone, and Mike Tyson promising to get customers 'rock hard' (they're selling sketchy erectile dysfunction treatments)

www.404media.co/deepfake-you...

Sorry to hear that, injury?

GitHub - 0x90n/InfoSec-Black-Friday: All the deals for InfoSec related software/tools this Black Friday All the deals for InfoSec related software/tools this Black Friday - 0x90n/InfoSec-Black-Friday

Cyber Blackfriday tips is already ongoing on GitHub (via Thomas Roccia, fr0gger_)

github.com/0x90n/InfoSe...

Malicious QR Codes: How big of a problem is it, really? QR codes are disproportionately effective at bypassing most anti-spam filters. Talos discovered two effective methods for defanging malicious QR codes, a necessary step to make them safe for consumpti...

QR codes are disproportionately effective at bypassing most anti-spam filters. We discovered two effective methods for defanging malicious QR codes, a necessary step to make them safe for consumption. Find out how prevalent this attack is in our blog #QR #phishing cs.co/6012sxBa4

New PXA Stealer targets government and education sectors for sensitive information Cisco Talos discovered a new information stealing campaign operated by a Vietnamese-speaking threat actor targeting government and education entities in Europe and Asia.

We've recently published a blog on a new information stealing campaign, PXA Stealer, targeting government and education sectors. #malware #stealer #cybersecurity Read the blog here: cs.co/6019sqbWX