Cisco Talos Blog

July 18, 2023 08:00

Implementing an ISO-compliant threat intelligence program

The guidance within ISO 27001 identifies which security controls are appropriate, while ISO 27002 describes the controls in detail and how they can be implemented.

June 22, 2023 08:00

Video: How Talos’ open-source tools can assist anyone looking to improve their security resilience

A rundown of Talos open-source software tools, which anyone in the security community can download for free, and use for research, skills, training, or integration into existing security infrastructure.

March 31, 2022 16:58

On the Radar: Is 2022 the year encryption is doomed?

Senior managers responsible for information security should take stock of the encryption algorithms in use within their systems and plan their move to quantum-secure algorithms.

November 4, 2021 09:51

The features all Incident Response Plans need to have

Having a policy that defines how an organization can respond to cybersecurity incidents, and a plan on how to deal with those incidents can play a major role in resolving them with minimal cost and downtime.

March 4, 2021 10:58

Threat Advisory: HAFNIUM and Microsoft Exchange zero-day

Microsoft released patches for four vulnerabilities in Exchange Server on March 2, disclosing that these vulnerabilities were being exploited by a previously unknown threat actor, referred to as HAFNIUM. The vulnerabilities in question — CVE-2021-26855, CVE-2021-26857, CVE-2021-

October 30, 2019 13:58

CISO Advisory: Security Architecture

This is the second paper within the series of CISO Advisories, in this case addressing Security Architecture which articulates risks and ensures security standards are met within an organization. Download the paper here. Access the series introduction and index here.

October 24, 2019 12:56

CISO Advisory: Governance & Risk Management

In the first in a series of CISO Advisories this paper address Governance & Risk Management as a fundamental part of any cyber security strategy. Download the paper here. Access the series introduction and index here.

May 23, 2019 16:24

One year later: The VPNFilter catastrophe that wasn't

Cisco Talos first disclosed the existence of VPNFilter on May 23, 2018. The malware made headlines across the globe, as it was a sophisticated piece of malware developed by a nation state, infecting half a million devices, and poised to cause havoc. Yet the attack was averted. T

October 10, 2018 12:21

Microsoft WindowsCodecs.dll SniffAndConvertToWideString Information Leak Vulnerability

These vulnerabilities were discovered by Marcin Noga of Cisco Talos. Today, Cisco Talos is disclosing a vulnerability in the WindowsCodecs.dll component of the Windows operating system. WindowsCodecs.dll is a component library that exists in the implementation of Windows Imagin