Cisco Talos Intelligence Blog

November 4, 2021 09:11

The features all Incident Response Plans need to have

By Paul Lee, Yuri Kramarz and Martin Lee. Adversaries are always growing their capabilities and changing their tactics, leading to a greater number of incidents and data breaches. This is supported by organizations such as ITRC who reports that the number of data breaches in 202

March 4, 2021 10:03

Threat Advisory: HAFNIUM and Microsoft Exchange zero-day

Microsoft released patches for four vulnerabilities in Exchange Server on March 2, disclosing that these vulnerabilities were being exploited by a previously unknown threat actor, referred to as HAFNIUM. The vulnerabilities in question — CVE-2021-26855, CVE-2021-26857, CVE-2021-

October 30, 2019 13:10

CISO Advisory: Security Architecture

This is the second paper within the series of CISO Advisories, in this case addressing Security Architecture which articulates risks and ensures security standards are met within an organization. Download the paper here. Access the series introduction and index here.

October 24, 2019 12:10

CISO Advisory: Governance & Risk Management

In the first in a series of CISO Advisories this paper address Governance & Risk Management as a fundamental part of any cyber security strategy. Download the paper here. Access the series introduction and index here.

May 23, 2019 16:05

One year later: The VPNFilter catastrophe that wasn't

Cisco Talos first disclosed the existence of VPNFilter on May 23, 2018. The malware made headlines across the globe, as it was a sophisticated piece of malware developed by a nation state, infecting half a million devices, and poised to cause havoc. Yet the attack was averted. T

October 10, 2018 12:10

Microsoft WindowsCodecs.dll SniffAndConvertToWideString Information Leak Vulnerability

These vulnerabilities were discovered by Marcin Noga of Cisco Talos. Today, Cisco Talos is disclosing a vulnerability in the WindowsCodecs.dll component of the Windows operating system. WindowsCodecs.dll is a component library that exists in the implementation of Windows Imagin

August 2, 2018 08:08

Exploitable or Not Exploitable? Using REVEN to Examine a NULL Pointer Dereference.

Authored by Aleksandar Nikolic. Executive summary It can be very time-consuming to determine if a bug is exploitable or not. In this post, we’ll show how to decide if a vulnerability is exploitable by tracing back along the path of execution that led to a crash. In this case,

May 8, 2018 15:05

Microsoft Patch Tuesday - May 2018

Today, Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 67 new vulnerabilities, with 21 of them rated critical, 42 of them rated important, and fo

February 26, 2018 13:02

Who Wasn’t Responsible for Olympic Destroyer?

Summary Absent contributions from traditional intelligence capacities, the available evidence linking the Olympic Destroyer malware to a specific threat actor group is contradictory, and does not allow for unambiguous attribution. The threat actor responsible for the attack has