Cisco Talos Blog

July 25, 2023 07:59

What might authentication attacks look like in a phishing-resistant future?

Even if the internet at large adopts passkeys, attackers can still find a way in.

July 18, 2023 08:00

Implementing an ISO-compliant threat intelligence program

The guidance within ISO 27001 identifies which security controls are appropriate, while ISO 27002 describes the controls in detail and how they can be implemented.

July 6, 2023 08:00

The growth of commercial spyware based intelligence providers without legal or ethical supervision

Commercial spyware has become so notorious that international governments are taking notice and action against it, as evidenced by the Biden administration’s recent Executive Order on commercial spyware.

June 13, 2023 08:03

".Zip" top-level domains draw potential for information leaks

As a result of user applications increasingly registering actual “.zip” files as URLs, these filenames may trigger unintended DNS queries or web requests, thereby revealing possibly sensitive or internal company data in a file’s name to any actor monitoring the associated DNS server

June 6, 2023 08:01

Adversaries increasingly using vendor and contractor accounts to infiltrate networks

The software supply chain has become a key security focus for many organizations, but the risks associated with supply chain attacks are often misunderstood.

April 13, 2023 00:48

How threat actors are using AI and other modern tools to enhance their phishing attempts

Tools like ChatGPT aren't making social engineering attacks any more effective, but it does make it faster for actors to write up phishing emails.

March 29, 2023 08:00

How an incident response retainer can drive proactive security

Whether it be threat hunting, an active defense posture or just improving security instrumentation alerts and logs an organization keeps, it’s best for every user — no matter the size — to be prepared for when a cybersecurity incident or breach occurs.

February 9, 2023 08:09

Beyond the basics: Implementing an active defense

An active defense posture, where the defenders actively use threat intelligence and their own telemetry to uncover potential compromises, is the next stage in the cyber security maturity road. Instead of waiting for detections to trigger, defenders can take initiative and hunt threat actors.

January 24, 2023 07:59

State Sponsored Attacks in 2023 and Beyond

As 2023 begins I wanted to look forward on the future of state sponsored aggression and how we can see it change and evolve over the next year and beyond.