Cisco Talos Blog

October 12, 2023 14:00

Top resources for Cybersecurity Awareness Month

Plus, many of the world’s largest cloud providers are warning of a vulnerability that attackers exploited in August to launch the largest distributed denial-of-service attack on record.

October 5, 2023 14:00

Is it bad to have a major security incident on your résumé? (Seriously I don’t know)

Plus, Qakbot appears to be still active, despite efforts from the FBI and other international law enforcement agencies to disrupt the massive botnet.

September 28, 2023 14:00

The security pitfalls of social media sites offering ID-based authentication

Two notable vulnerabilities in Google Chrome should be patched asap, and an allegedly new ransomware-as-a-service group.

September 21, 2023 14:00

What’s the point of press releases from threat actors?

It reads as if ALPHV really wants to come across as the “good guys” in this case, but I’m not sure who outside of dark web circles would be willing to feel sorry for them.

September 14, 2023 14:00

Turns out even the NFL is worried about deepfakes

With the popularity of pay-for-shoutout services like Cameo, it’d be fairly easy for someone to develop a convincing enough deepfake of a player and try to steal someone’s money by saying they could prank their fantasy football league for $50.

September 7, 2023 14:00

A secondhand account of the worst possible timing for a scammer to strike

Cybercriminals are abusing Advanced Installer, a legitimate Windows tool used for creating software packages, to drop cryptocurrency-mining malware on infected machines, new Cisco Talos research shows.

August 31, 2023 14:00

New open-source infostealer, and reflections on 2023 so far

A new open-source information stealer called ‘SapphireStealer’ has been observed across public malware repositories with increasing frequency. Plus, watch a new series of videos on the year so far in the threat landscape.

August 24, 2023 14:00

Years into these games’ histories, attackers are still creating “Fortnite” and “Roblox”-related scams

The latest activity from Lazarus Groups, .gov domains scamming people out of "V-Bucks" and more in this week's edition.

August 17, 2023 14:00

Recapping the top stories from Black Hat and DEF CON

Unsurprisingly, it seems like AI was the talk of the town.