Cisco Talos Blog

May 16, 2024 14:00

Rounding up some of the major headlines from RSA

Here’s a rundown of some things you may have missed if you weren’t able to stay on top of the things coming out of the conference.

May 9, 2024 14:00

A new alert system from CISA seems to be effective — now we just need companies to sign up

Under a pilot program, CISA has sent out more than 2,000 alerts to registered organizations regarding the existence of any unpatched vulnerabilities in CISA’s KEV catalog.

May 2, 2024 14:00

What can we learn from the passwords used in brute-force attacks?

There are some classics on this list — the ever-present “Password” password, Passw0rd (with a zero, not an “O”) and “123456.”

April 25, 2024 14:00

The private sector probably isn’t coming to save the NVD

Plus, new details emerge on the Scattered Spider cybercrime network and ArcaneDoor.

April 18, 2024 14:00

Could the Brazilian Supreme Court finally hold people accountable for sharing disinformation?

At most, someone who intentionally or repeatedly shares information on their social platform that’s misleading or downright false may have their account blocked, suspended or deleted.

April 11, 2024 14:00

The internet is already scary enough without April Fool’s jokes

The security community is still reflecting on the “What If” of the XZ backdoor.

April 4, 2024 14:00

There are plenty of ways to improve cybersecurity that don’t involve making workers return to a physical office

An April 2023 study from Kent State University found that remote workers are more likely to be vigilant of security threats and take actions to ward them off than their in-office counterparts.

March 28, 2024 10:00

Enter the substitute teacher

Welcome to this week’s threat source newsletter with Jon out, you’ve got me as your substitute teacher. I’m taking you back to those halcyon days of youth and that moment when you found out that you had a sub that day...

March 21, 2024 14:00

“Pig butchering” is an evolution of a social engineering tactic we’ve seen for years

In the case of pig butchering scams, it’s not really anything that can be solved by a cybersecurity solution or sold in a package.