Cisco Talos Intelligence Blog

September 28, 2023 14:09

The security pitfalls of social media sites offering ID-based authentication

Two notable vulnerabilities in Google Chrome should be patched asap, and an allegedly new ransomware-as-a-service group.

September 27, 2023 12:09

10 new vulnerabilities disclosed by Talos, including use-after-free issue in Google Chrome

Talos disclosed 10 vulnerabilities over the past two weeks affecting a range of software, including the popular Google Chrome web browser.

September 21, 2023 14:09

What’s the point of press releases from threat actors?

It reads as if ALPHV really wants to come across as the “good guys” in this case, but I’m not sure who outside of dark web circles would be willing to feel sorry for them.

September 14, 2023 14:09

Turns out even the NFL is worried about deepfakes

With the popularity of pay-for-shoutout services like Cameo, it’d be fairly easy for someone to develop a convincing enough deepfake of a player and try to steal someone’s money by saying they could prank their fantasy football league for $50.

September 12, 2023 16:09

Microsoft Patch Tuesday for September 2023 — Unusually low 5 critical vulnerabilities included in Microsoft Patch Tuesday, along with two zero-days

Microsoft disclosed 65 vulnerabilities across its suite of products and software Tuesday, only five of which are considered critical, which is very low compared to Microsoft’s usual security updates.

September 11, 2023 08:09

You can try to hide your firmware from Kelly Patterson, but she’ll find it (and break it)

Patterson and her teammates are responsible for helping to disclose and patch more than 200 security vulnerabilities a year, some of which affect devices used in thousands of households around the world.

September 7, 2023 14:09

A secondhand account of the worst possible timing for a scammer to strike

Cybercriminals are abusing Advanced Installer, a legitimate Windows tool used for creating software packages, to drop cryptocurrency-mining malware on infected machines, new Cisco Talos research shows.

August 24, 2023 14:08

Years into these games’ histories, attackers are still creating “Fortnite” and “Roblox”-related scams

The latest activity from Lazarus Groups, .gov domains scamming people out of "V-Bucks" and more in this week's edition.

August 17, 2023 14:08

Recapping the top stories from Black Hat and DEF CON

Unsurprisingly, it seems like AI was the talk of the town.