Cisco Talos Blog

November 14, 2023 14:46

Microsoft discloses only three critical vulnerabilities in November’s Patch Tuesday update, three other zero-days

In all, this set of vulnerabilities Microsoft patched includes 57 vulnerabilities, 54 of which are considered “important.”

November 9, 2023 14:00

A new video series, Google Forms spam and the various gray areas of cyber attacks

It can be easy to get caught up in the “big” questions in cybersecurity, like how to stop ransomware globally or keep hospitals up and running when they’re targeted by data theft extortion.

November 2, 2023 14:00

You’d be surprised to know what devices are still using Windows CE

The Arid Viper threat actor is actively trying to install spyware on targeted devices in the Middle East, using fake dating apps as lures.

October 26, 2023 14:00

How helpful are estimates about how much cyber attacks cost?

New YoroTrooper research, the latest on the Cisco IOS vulnerability, and more.

October 19, 2023 14:00

More helpful resources for users of all skill levels to help you Take a Security Action

Taking a “Security Action” of any kind — whether it be simply enabling multi-factor authentication for your online banking login or marking that weird email as spam — can go a long way toward you and any organizations you’re a part of be more security resilient.

October 12, 2023 14:00

Top resources for Cybersecurity Awareness Month

Plus, many of the world’s largest cloud providers are warning of a vulnerability that attackers exploited in August to launch the largest distributed denial-of-service attack on record.

October 11, 2023 12:00

10 zero-day vulnerabilities in industrial cell router could lead to code execution, buffer overflows

Attackers could exploit these vulnerabilities in the Yifan YF325 to carry out a variety of attacks, in some cases gaining the ability to execute arbitrary shell commands on the targeted device.

October 11, 2023 07:48

Microsoft patches 12 critical vulnerabilities, nine of which are in Layer 2 Tunneling Protocol

Two other vulnerabilities that Microsoft is fixing Tuesday — CVE-2023-36563 in Microsoft WordPad and CVE-2023-41763 in the Skype communication platform — have already been publicly exploited in the wild and have proof-of-concept code available.

October 9, 2023 08:00

How looking at decades of spam led Jaeson Schultz from Y2K to the metaverse and cryptocurrency

“I’m completely interested in the creative ways computers can break down,” Schultz jokes.