Cisco Talos Blog

December 12, 2024 06:00

The evolution and abuse of proxy networks

Proxy and anonymization networks have been dominating the headlines, this piece discusses its origins and evolution on the threat landscape with specific focus on state sponsored abuse.

June 27, 2024 08:01

Snowflake isn’t an outlier, it’s the canary in the coal mine

By Nick Biasini with contributions from Kendall McKay and Guilherme Venere Headlines continue to roll in about the many implications and follow-on attacks originating from leaked and/or stolen credentials for the Snowflake cloud data platform. Adversaries obtained stolen login

February 28, 2024 08:00

Stop running security in passive mode

As we begin a new year, we wanted to address one of the biggest issues we consistently see in our investigations: passive security.  Incident response engagements are an important part of our work and the intelligence-gathering process and their associated reports can be a treas

June 6, 2023 08:01

Adversaries increasingly using vendor and contractor accounts to infiltrate networks

The software supply chain has become a key security focus for many organizations, but the risks associated with supply chain attacks are often misunderstood.

January 24, 2023 07:59

State Sponsored Attacks in 2023 and Beyond

As 2023 begins I wanted to look forward on the future of state sponsored aggression and how we can see it change and evolve over the next year and beyond.

November 18, 2022 12:42

Threat Round up for November 11 to 18

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Nov. 11 and Nov. 18. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting k

September 22, 2022 07:58

Insider Threats: Your employees are being used against you

Over the past six months to a year, we have seen an increasing amount of incident response engagements involving malicious insiders and unwitting assets being compromised via social engineering.

August 29, 2022 14:45

Small-time cybercrime is about to explode — We aren’t ready

The cybersecurity industry tends to focus on extremely large-scale or sophisticated, state-sponsored attacks. Rightfully so, as it can be the most interesting, technically speaking. When most people think of cybercrime they think of large-scale breaches because that’s what domin

August 10, 2022 15:30

Cisco Talos shares insights related to recent cyber attack on Cisco

THIS POST IS ALSO AVAILABLE IN: 日本語 (Japanese) Update History DateDescription of UpdatesAug. 10th 2022 Adding clarifying details on activity involving active directory. Aug. 10th 2022 Update made to the Cisco Response and Recommendations section related to MFA. Executive