Why don’t we sit around this computer console and have a sing-along?

Why don’t we sit around this computer console and have a sing-along?

/in

Why don’t we sit around this computer console and have a sing-along?

Harnessing fire is one of mankind’s earliest technological advances. A controlled, tame fire offers us warmth, light and succulent cooked food. Yet, allow the controlled fire to burn too fiercely and it risks becoming an uncontained fire. The unexpected smell of smoke or the sight of tall flames provokes a deep fear within us and demands an instant response to contain and extinguish the fire, or to flee from its path.

We instinctively understand the benefits and dangers of fire. Through bitter experience we’ve learnt how to design and operate buildings to minimise the risks and maximise the survivability of fire. These lessons have become coded in rules and legislation which are often actively enforced and result in heavy sanctions for those who break them even before there is any evidence of a fire occurring.

In comparison, computer systems are a very recent technology. There are clear benefits to networked computer systems, we have come to rely on them to conduct many of the day-to-day tasks in our personal and professional lives. Yet, the dangers of computers are intangible. You can’t smell a software vulnerability or feel the burning heat of an active breach. Somehow their ethereal nature feels less pressing than the risk of fire and may to lead to complacency in addressing cyber threats.

The question of why we continue to experience cyber breaches despite having the technical know how to prevent them is one that fascinates me. I’m intrigued by the differences in decision making processes that leads to cyber risk either being prioritised or deprioritised within organisations. Indeed, so much so that this week I’m commencing a part-time doctorate to research this issue.

Frequently, cyber intelligence concentrates on the here and now, providing vital information to defend systems in the immediate term or near future. Threat intelligence must be timely. After all, it is better to have 80% of the intelligence in time than 100% too late. Yet, this rapid drum beat of needing to respond quickly can detract from the longer-term strategic intelligence issues of how the threat landscape is evolving and how we can improve our threat detection and response capabilities.

As a part-time student I have eight years to try and get a grip on how decisions in cyber security are made, and what makes a good decision. I’ll be certain to share my findings to help improve things, but don’t hold your breath, it will not be a fast process.

The one big thing

Cisco Talos has been closely monitoring the abuse of cascading style sheets (CSS) properties to include irrelevant content (or salt) in different parts of messages, a technique known as hidden text salting.

Why do I care?

There is widespread use of hidden text salting in malicious emails to bypass detection. Attackers embed hidden salt in the preheader, header, attachments and body — using characters, paragraphs and comments — by manipulating text, visibility and sizing properties. Talos has observed that hidden content is far more often found in spam and other email threats than in legitimate emails, posing a substantial challenge to both basic and advanced email defense solutions that leverage machine learning.

So now what? 

As explained with multiple examples, CSS provides a wide range of properties that can be abused by attackers to evade spam filters and detection engines. Therefore, two possible countermeasures are: first, to detect the presence of hidden text (or salt) in emails, and more importantly, to filter out the added salt before passing the message to downstream detection engines.

Top security headlines of the week

Physics Nobel Awarded to Three Scientists for Quantum Computing Breakthroughs
The 2025 Nobel Prize in Physics was awarded to three scientists for foundational work enabling quantum error correction — a cornerstone for stable, scalable quantum computers that could eventually undermine today’s encryption systems. (BBC)

Microsoft Defender Bug Triggers Erroneous BIOS Update Alerts
A bug in Microsoft Defender for Endpoint caused false vulnerability alerts related to Dell BIOS updates, leading to confusion among enterprise security teams. Microsoft confirmed the issue stems from a logic flaw in its vulnerability-fetching process. (Bleeping Computer)

Federal Government Acknowledges End of MS-ISAC Support
The U.S. federal government confirmed it will end funding for the Multi-State Information Sharing and Analysis Center (MS-ISAC), a program with a 20-year track record of helping state and local governments coordinate cybersecurity efforts. Advocates warn its loss will significantly weaken local cyber defense collaboration. (GovTech)

Can’t get enough Talos?

Footholds in Infrastructure: Defending Service Providers
Service providers sit at the heart of global connectivity… and the center of the threat landscape. In this short documentary, Cisco Talos explores the unique cybersecurity challenges faced by service providers.

Velociraptor leveraged in ransomware attacks
Cisco Talos has confirmed that ransomware operators are leveraging Velociraptor, an open-source digital forensics and incident response (DFIR) tool that had not previously been definitively tied to ransomware incidents.

What to do when you click on a suspicious link
As the go-to cybersecurity expert for your friends and family, you’ll want to be ready for those “I clicked a suspicious link — now what?” messages. Share this quick guide to help them know exactly what to do next.

Talos Takes: You can’t patch burnout 
October is Cybersecurity Awareness Month, but what happens when the defenders themselves are overwhelmed? In this powerful episode, Hazel and Joe Marshall get real about why protecting your well-being is just as vital as any technical defense.

Upcoming events where you can find Talos 

Most prevalent malware files from Talos telemetry over the past week 

SHA256: d933ec4aaf7cfe2f459d64ea4af346e69177e150df1cd23aad1904f5fd41f44a
MD5: 1f7e01a3355b52cbc92c908a61abf643
Talos Rep: https://talosintelligence.com/talos_file_reputation?s=d933ec4aaf7cfe2f459d64ea4af346e69177e150df1cd23aad1904f5fd41f44a
Example Filename: cleanup.bat
Detection Name: W32.D933EC4AAF-90.SBX.TG

SHA256: 9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507
MD5: 2915b3f8b703eb744fc54c81f4a9c67f
Talos Rep: https://talosintelligence.com/talos_file_reputation?s=9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507
Example Filename: e74d9994a37b2b4c693a76a580c3e8fe_1_Exe.exe
Detection Name: Win.Worm.Coinminer::1201

SHA256: 96fa6a7714670823c83099ea01d24d6d3ae8fef027f01a4ddac14f123b1c9974
MD5: aac3165ece2959f39ff98334618d10d9
Talos Rep: https://talosintelligence.com/talos_file_reputation?s=96fa6a7714670823c83099ea01d24d6d3ae8fef027f01a4ddac14f123b1c9974
Example Filename: 96fa6a7714670823c83099ea01d24d6d3ae8fef027f01a4ddac14f123b1c9974.exe
Detection Name: W32.Injector:Gen.21ie.1201

SHA256: c0ad494457dcd9e964378760fb6aca86a23622045bca851d8f3ab49ec33978fe
MD5: bf9672ec85283fdf002d83662f0b08b7
Talos Rep: https://talosintelligence.com/talos_file_reputation?s=c0ad494457dcd9e964378760fb6aca86a23622045bca851d8f3ab49ec33978fe
Example Filename: f_00db3a.html
Detection Name: W32.C0AD494457-95.SBX.TG

SHA256: a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91
MD5: 7bdbd180c081fa63ca94f9c22c457376
Talos Rep: https://talosintelligence.com/talos_file_reputation?s=a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91
Example Filename: e74d9994a37b2b4c693a76a580c3e8fe_3_Exe.exe
Detection Name: Win.Dropper.Miner::95.sbx.tg

Cisco Talos Blog – ​Read More