Cisco Talos Blog

April 2, 2024 08:00

Adversaries are leveraging remote access tools now more than ever — here’s how to stop them

While there are many legitimate uses for this software, adversaries are also finding ways to use them for command and control in their campaigns.

March 13, 2024 08:00

Threat actors leverage document publishing sites for ongoing credential and session token theft

Talos IR has responded to several recent incidents in which threat actors used legitimate digital document publishing sites such as Publuu and Marq to host phishing documents as part of ongoing credential and session harvesting attacks.

March 7, 2024 10:00

The 3 most common post-compromise tactics on network infrastructure

We discuss three of the most common post-compromise tactics that Talos has observed in our threat telemetry and Cisco Talos Incident Response (Talos IR) engagements. These include modifying the device’s firmware, uploading customized/weaponized firmware, and bypassing security measures.

February 28, 2024 08:00

Stop running security in passive mode

As we begin a new year, we wanted to address one of the biggest issues we consistently see in our investigations: passive security.  Incident response engagements are an important part of our work and the intelligence-gathering process and their associated reports can be a treas

February 21, 2024 08:54

How CVSS 4.0 changes (or doesn’t) the way we see vulnerability severity

While distilling risk down to a simple numerical score is helpful for many in the security space, it is also an imperfect system that can often leave out important context.

February 6, 2024 03:30

How are user credentials stolen and used by threat actors?

You’ve probably heard the phrase, “Attackers don’t hack anyone these days. They log on.” In this blog, we describe the various tools and techniques bad actors are using to steal credentials so they can 'log on' with valid account details, and outline our recommendations for defense.

November 16, 2023 08:00

7 common mistakes companies make when creating an incident response plan and how to avoid them

Avoiding some of these common mistakes ensures your organization’s plan will be updated faster and is more thorough, so you are ready to act when, not if, an incident happens.

August 14, 2023 08:40

The rise of AI-powered criminals: Identifying threats and opportunities

A major area of impact of AI tools in cybercrime is the reduced need for human involvement in certain aspects of cybercriminal organizations.

August 7, 2023 08:00

Code leaks are causing an influx of new ransomware actors

Cisco Talos is seeing an increasing number of ransomware variants emerge, since 2021, leading to more frequent attacks and new challenges for cybersecurity professionals, particularly regarding actor attribution.