Cisco Talos Blog

February 29, 2024 14:00

Why Apple added protection against quantum computing when quantum computing doesn’t even exist yet

Apple’s newest encryption technology, called PQ3, now secures iMessages with end-to-end encryption that is quantum-resistant.

February 28, 2024 12:00

Multiple vulnerabilities in Adobe Acrobat Reader could lead to remote code execution

Other potential code execution vulnerabilities are also present in Weston Embedded µC/HTTP-server, a web server component in Weston Embedded's in-house operating system and an open-source library that processes several types of potentially sensitive medical tests.

February 22, 2024 14:00

TikTok’s latest actions to combat misinformation shows it’s not just a U.S. problem

Fake news, disinformation, misinformation – whatever label you want to put on it – will not just go away if one election in the U.S. goes one way or the other.

February 21, 2024 08:54

How CVSS 4.0 changes (or doesn’t) the way we see vulnerability severity

While distilling risk down to a simple numerical score is helpful for many in the security space, it is also an imperfect system that can often leave out important context.

February 15, 2024 14:00

Why the toothbrush DDoS story fooled us all

There was about a 24-hour period where many news outlets reported on a reported DDoS attack that involved a botnet made up of thousands of internet-connected toothbrushes.

February 14, 2024 08:00

How are attackers using QR codes in phishing emails and lure documents?

QR code attacks are particularly dangerous because they move the attack vector off a protected computer and onto the target’s personal mobile device, which usually has fewer security protections in place and ultimately has the sensitive information that attackers are after.

February 13, 2024 13:59

First Microsoft Patch Tuesday zero-day of 2024 disclosed as part of group of 75 vulnerabilities

Although considered of moderate risk, one of the vulnerabilities is being actively exploited in the wild — CVE-2024-21351, a security feature bypass vulnerability in Windows SmartScreen.

February 8, 2024 14:00

Spyware isn’t going anywhere, and neither are its tactics

For their part, the U.S. did roll out new restrictions on the visas of any foreign individuals who misuse commercial spyware.

February 1, 2024 14:00

The many ways electric cars are vulnerable to hacks, and whether that matters in a real-world

Researchers recently discovered 49 zero-day vulnerabilities, including a two-vulnerability exploit chain in Tesla cars that could allow an attacker to take over the onboard infotainment system.