"There is no business school class that would ever sit down and design Talos"
We look back on 10 years of Talos, in multiple interviews with Talos' leaders.
A (somewhat) complete timeline of Talos’ history
Relive some of the major cybersecurity incidents and events that have shaped Talos over the past 10 years.
Badgerboard: A PLC backplane network visibility module
Analysis of the traffic between networked devices has always been of interest since devices could even communicate with one another. As the complexity of networks grew, the more useful dedicated traffic analysis tools became. Major advancements have been made over the years wit
Exploring malicious Windows drivers (Part 1): Introduction to the kernel and drivers
Malicious drivers are difficult to detect and successfully leveraging one can give an attacker full access to a system.
Year in Malware 2023: Recapping the major cybersecurity stories of the past year
Relive Talos' top stories from the past year as we recap the top malware and other threats that came our way.
How looking at decades of spam led Jaeson Schultz from Y2K to the metaverse and cryptocurrency
“I’m completely interested in the creative ways computers can break down,” Schultz jokes.
You can try to hide your firmware from Kelly Patterson, but she’ll find it (and break it)
Patterson and her teammates are responsible for helping to disclose and patch more than 200 security vulnerabilities a year, some of which affect devices used in thousands of households around the world.
Half-Year in Review: Recapping the top threats and security trends so far in 2023
We've seen threat actors utilize every chance they get to steal sensitive data, to be used in future attacks and/or to manipulate victims into paying up before their data ends up on the dark web.
How Talos IR’s Purple Team can help you prepare for the worst-case scenario
A Purple Team exercise is a collaborative approach between offensive (Red) teams and defensive (Blue) teams.
Researcher Spotlight: Jacob Finn creates his own public-private partnership at Talos
Today, Finn combs through Talos’ various intelligence sources, open-source research, partner resources, and Cisco product telemetry to track major attacker trends and emerging threats.
Researcher Spotlight: How David Liebenberg went from never having opened Terminal to hunting international APTs
When Dave Liebenberg started his first day at Talos, he had never even opened Terminal on a Mac before — let alone written a Snort rule or infiltrated a dark web forum.
Multiple ransomware data leak sites experience DDoS attacks, facing intermittent outages and connectivity issues
Cisco Talos has been monitoring suspected distributed denial-of-service (DDoS) attacks resulting in intermittent downtime and outages affecting several ransomware-as-a-service (RaaS) data leak sites.
Researcher Spotlight: Around the security world and back again with Nick Biasini
Nick Biasini’s seen it all. Going on a nearly 20-year security career, he’s been a part of some of Cisco Talos’ largest undertakings in the company’s history. From an attack on the global Olympic Games, to a wireless router malware that affected hundreds of thousands of devices
De-anonymizing ransomware domains on the dark web
* We have developed three techniques to identify ransomware operators' dark websites hosted on public IP addresses, allowing us to uncover previously unknown infrastructure for the DarkAngels, Snatch, Quantum and Nokoyawa ransomware groups. * The methods we used to identify
Talos EMEA monthly update: Business email compromise
The latest edition of the Talos EMEA Monthly Update is available now on Cisco.com and Cisco's YouTube page. You can also view the episode in its entirety above. For June, Hazel and Martin got together to discuss business email compromise. BEC has quickly become the most lucr
Researcher Spotlight: Martin Lee, EMEAR lead, Talos Strategic Communications
Who knew you could connect Moses to threat intelligence? When the security community usually thinks about the origins of cybersecurity and threat intelligence, the conversation may quickly center around the codebreakers in World War II or the Creeper software developed in the 19
Threat Roundup for April 29 to May 6
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between April 29 and May 6. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting ke
Threat Source newsletter (May 5, 2022) — Emotet is using up all of its nine lives
Welcome to this week’s edition of the Threat Source newsletter. Emotet made headlines last week for being “back” after a major international law enforcement takedown last year. But I’m here to argue that Emotet never left, and honestly, I’m not sure it ever will. As Nick Biasin
Conti and Hive ransomware operations: What we learned from these groups' victim chats
As part of Cisco Talos’ continuous efforts to learn more about the current ransomware landscape, we recently examined a trove of chat logs between the Conti and Hive ransomware gangs and their victims. Ransomware-as-a-service groups have exploded in popularity over the past few
On the Radar: Is 2022 the year encryption is doomed?
Senior managers responsible for information security should take stock of the encryption algorithms in use within their systems and plan their move to quantum-secure algorithms.
On the Radar: Securing Web 3.0, the Metaverse and beyond
Internet technology evolves rapidly, and the World Wide Web (WWW or Web) is currently experiencing a transition into what many are calling "Web 3.0". Web 3.0 is a nebulous term. If you spend enough time Googling it, you'll find many interpretations regarding what We
Preparing for denial-of-service attacks with Talos Incident Response
Over the years, several extorsion-style and politically motivated denial-of-service attacks increased and still pose a threat to businesses and organizations of any size that can find themselves in the crosshairs of various malicious campaigns. A detailed preparation plan is nee
Talos Takes Ep. #82: Log4j followed us in 2022
The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. It's a new year, but unfortunately, we're facing the same cybersecurity problems. Log4j followed us into the ho
2021: Looking back on the year in malware and cyber attacks, from SolarWinds to Log4j
It seems like we were just recovering from the aftermath of the massive SolarWinds campaign a month or two ago. And now suddenly, it’s been a year since one of the largest cyber attacks in history and moving onto another threat that could last for years. That just seemed to be h
Talos Takes Ep. #80: I'll have a blue Christmas without a CTIR retainer
The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. It's the holiday season, which means last-minute shopping, family time and cheer. Oh, and it's never a bad time
Talos Takes Ep. #79: Emotet's back with the worst type of holiday present
The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. Emotet is back, and it brought the worst possible holiday present (just in time for peak spam season, too!). We recently
Talos Takes Ep. #77: How to connect to (and safely use) public WiFi
The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. Whenever we walk into a bar or restaurant, it's almost a given that we're going to ask the bartender or server:
Talos’ tips for staying safe while shopping online this holiday season
By Jon Munshaw. Attackers will resort to all tactics to trick users into downloading malware, handing over credit card data or completing compromising their machine. No topic is off-limits, and threat actors have resorted to using everything from PlayStation 5 sales, to COVID-1
Talos Takes Ep. #76: What is Kimsuky phishing around for?
The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. Blog posts aren't just for sharing your darkest secrets from high school anymore. They're also used by attackers
Quarterly Report: Incident Response trends from Q3 2021
Ransomware again dominated the threat landscape, while BEC grew By David Liebenberg and Caitlin Huey. Once again, ransomware was the most dominant threat observed in Cisco Talos Incident Response (CTIR) engagements this quarter. CTIR helped resolve several significant ransomwa
Talos Takes Ep. #73 (NCSAM edition): Fight the phish from land, sea and air
The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. Most people may think of spam as being the classic email promising that you've won the lottery or some great prize,
Talos Takes Ep. #69: Our armadillo in shining armor
The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. We also preach the importance of multi-factor authentication. But what happens when the bad guys start going after those
Talos Takes Ep. #68: The various pivots and pitfalls in a malware investigation
The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. On this week's episode, Vitor Ventura from our research team walks through his recent work on connecting several mal
Talos Takes Ep. #66: Dude, where's my bandwidth?
The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. “Proxyware” sounds like a complicated topic that you’re too afraid to ask about. But really, it’s just software that all
Talos Takes Ep: #65: How several RAT campaigns in Latin America are connected
The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. As more people around the world start to get vaccinated against COVID-19, travel is becoming easier, especially during t
Talos Takes Ep. #64: Back 2 Skool edition
The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. There's no shortage of complications leading into this new school year. Students, parents, teachers and admins alike
Talos Incident Response quarterly threat report — The top malware families and TTPs used in Q2 2021
By David Liebenberg and Caitlin Huey. Last quarter, ransomware was not the most dominant threat for the first time since we began compiling these reports. We theorized that this was due to a huge uptick in Microsoft Exchange exploitation, which temporarily became a primary focus
Talos Takes Ep: #63: Shield your eyes from the Solarmarker
The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. Andrew Windsor has been following the Solarmarker threat for months. But it really started to catch his eye when he spot
Talos Takes Ep: #62: Don't sleep on business email compromise
The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. Business email compromise may seem like last decade’s threat, but it’s still just as prevalent as ever. A recent FBI rep
Talos Takes Ep: #61: SideCopy sounds so familiar, but I just can't put my finger on it...
The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. Asheer Malhotra of Talos Outreach has spent the past few months tracking APTs all along the same line. APT 36, aka Trans
Talos Takes Ep. #59: How to secure the devices that secure your home network
As consumers start having more “smart” devices connected to their home network, they may want an easy solution to keeping those devices safe. But what if that device gets owned? Carl Hurd of our vulnerability research team recently discovered several vulnerabilities in Trend Mic
Talos Takes Ep. #58: How to approach the partnerships it will take to defend critical infrastructure
By Jon Munshaw. With major cyber attacks in recent years against major U.S. critical infrastructure suppliers like Norsk Hydro and Colonial Pipeline, we’re in a new world of CI cybersecurity. New threats require new approaches to defense. And in the U.S., this is likely going to
Talos Takes Ep. #57: A ransomware-as-a-service explainer
The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. How much is ransomware-as-a-service like a McDonald’s franchise? More similar than you’d think! The RaaS model has enter
Talos Takes Ep. #55: How Transparent Tribe could evolve in the future
The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. We recently covered how the Transparent Tribe APT added another RAT to its arsenal. Where might they go from here? In th
Threat Source newsletter (May 20, 2021)
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. We know a lot of you may be tired of "content" after RSA week. But we have some more for you! And specifically related to RSA, Cisco Talos Incident Response has new case studies out detailing a few re
Talos Takes Ep. #53: The broader lesson of those air fryer vulnerabilities
The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. It seemed like everyone on security Twitter had a joke when we disclosed a vulnerability in a WiFi-connected air fryer.
Threat Source Newsletter (May 13, 2021)
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. In case you missed the Friday news drop last week, we have an update on the Lemon Duck cryptocurrency miner. It's not as eye-catching as the ransomware attacks that make the news, but Lemon Duck's exploi
Talos Takes Ep. #52: Celebrating World Password Day by talking about getting rid of passwords
The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. The internet celebrated World Password Day on Thursday. To celebrate, we had Dave Lewis on the latest episode of Talos T
Threat Source Newsletter (May 6, 2021)
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. COVID-19 has changed everything about our lives — no surprise there. So it also shouldn't be shocking that it's changing the way Americans view Tax Day this year. The deadline to file taxes is about a m
Talos Takes Ep. #51: COVID and Tax Day have perfectly aligned for spammers
The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. We see tax scams every year — people offering to do your taxes for you, finding a larger return, etc. But this year is
Threat Source Newsletter (April 29, 2021)
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. Ransomware is not just financial extortion. It is crime that transcends business, academic and geographic boundaries. Talos was proud to assist with a newly released report from the international Ransomware Task
Talos Takes Ep. #50: Just like us, attackers are using Slack and Discord now more than ever
The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. With more workers than ever going remote due to the COVID-19 pandemic, the popularity of collaboration apps like Discord
Threat Source Newsletter (April 22, 2021)
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. We went viral this week! Everyone seemed to love to joke about these vulnerabilities we discovered in a WiFi-connected air fryer. An attacker, if they had physical access to the device, could exploit these vulne
Talos Takes Ep. #49: LodaRAT keeps growing....and growing
The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. Chris Neal from Talos Outreach has followed LodaRAT for years now. It’s gone from a fairly small threat to a full-on mal
Threat Source Newsletter (April 15, 2021)
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. If you missed our webinar last week, we've got you covered. We've uploaded an extended version to our YouTube page that includes the scripts used in the presentation. This video will show you how to reve
Talos Takes Ep. #48: The complete history of ObliqueRAT
The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. After researching and writing about ObliqueRAT for several months now, Asheer Malhotra joins Talos Takes for the first t
Threat Source Newsletter (April 8, 2021)
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. We've all heard about spam coming through your email or those robocalls we all hate. But during the COVID-19 pandemic, attackers are now turning to chat rooms and gaming servers to spread spam. Talos researc
Talos Takes Ep. #47: Looking back at the Masslogger trojan
The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. We return to our usual formatting this week to discuss the Masslogger trojan. We covered this threat earlier this year i
Threat Source Newsletter (April 1, 2021)
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. We hope you’re enjoying Cisco Live this week and only reading this after you’ve caught up on your sessions for the day. No April Fool’s jokes here (thankfully) — we are just excited to tell you that application
Talos Takes Ep. #46: Everything you could ever hope to know about Snort 3
The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. We've got another special XL episode this week, this time about Snort 3. This roundtable covers everything you could
Threat Source Newsletter (March 25, 2021)
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. The Cisco Talos Incident Response team has several new, valuable insights into the threat landscape in the latest Quarterly Trends report. This post highlights the malware families our researchers are seeing mos
Quarterly Report: Incident Response trends from Winter 2020-21
For the seventh quarter in a row, Cisco Talos Incident Response (CTIR) observed ransomware dominating the threat landscape. The top variants were Ryuk and Vatet, which is notable given the absence of Ryuk last quarter. We also observed variants of Egregor and WastedLocker continu
Talos Takes Ep. #45: SMS authentication is still around, but that doesn't mean it's a good option
The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. While there are many ways to add an extra layer of security to your logins nowadays, SMS is one that should probably be
Threat Source newsletter (March 18, 2021)
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. Start spreading the word now, the Snort scholarship is back for 2021! This year, we’re giving away two $10,000 awards to two college students who are studying cybersecurity or another IT-related field. Applicati
Talos Takes Ep. #44: A roundtable discussion on SolarWinds
The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. Welcome to the first-ever XL edition of Talos Takes. This one is a little longer than usual, but we promise you it’s wor
Threat Source newsletter (March 11, 2021) — Featuring new SolarWinds roundtable
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. We have a special edition of the Threat Source newsletter to bring you this week, because we’re premiering a new video for you right now! Below, you’ll find a full roundtable we put together discussing the Sola
Talos Takes Ep. #43: What you should know about the Microsoft Exchange Server zero-days
The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. We put this episode together quickly this week to address the zero-day vulnerabilities Microsoft disclosed earlier this
Threat Source newsletter (March 4, 2021)
Newsletter compiled by Jon Munshaw. Of course, we will start things off talking about the Microsoft Exchange Server zero-day vulnerabilities disclosed earlier this week. Microsoft said in a statement that a threat actor is exploiting these vulnerabilities in the wild to steal us
Talos Takes Ep. #42: Seriously folks, save your logs
The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. When Pierre Cadieux steps into a Cisco Talos Incident Response engagement, the first thing he wants to do is check out t
Threat Source newsletter (Feb. 25, 2021)
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. We all think of APTs as these wide-reaching, silent threat groups who are backed by a nation-state. But our recent research into Gamaredon shows that not all APTs are created equal. We’ve spotted this actor car
Threat Source newsletter (Feb. 18, 2021)
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. Whether you want to read Talos’ research or listen to it, we’ve got plenty of options for you this week. Beers with Talos hit its 100th episode last week. To celebrate, we brought Nigel back out of retirement t
Talos Takes Ep. #41: The tl;dr of Snort 3
The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. This week's episode is for all our SNORTⓇ lovers out there. To celebrate last month's release of the Snort 3 GA,
Threat Source newsletter (Feb. 11, 2021)
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. We have an update on LodaRAT, a trojan we’ve been following for years. This threat has a new version targeting Android devices, looking to infect devices and steal user’s credentials and monitor things like thei
Threat Source newsletter (Feb. 4, 2021)
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. We are excited to finally share this LockBit research paper with you all after months of work. Some of our researchers spoke to a ransomware operator, which provided us insight into a threat actor’s day-to-day g
Interview with a LockBit ransomware operator
By Azim Khodjibaev, Dmytro Korzhevin and Kendall McKay. Ransomware is still highly prevalent in our current threat landscape — it's one of the top threats Cisco Talos Incident Response responds to. One such ransomware family we encounter is called LockBit, a ransomware-as-a-
Talos Takes Ep. #39: SolarWinds' implications for IoT and OT
The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. This week, we're continuing our deep dive into the SolarWinds campaign. After Nick Biasini gave us a broad overview
Threat Source newsletter (Jan. 28, 2021)
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. Unfortunately, I don’t have any stock tips to give you to help you get rich overnight. But I do have two Vulnerability Spotlights you should read so your network can stay safer. We disclosed multiple vulnerabili
Talos Takes Ep. #37: What's with all this talk about supply chain attacks?
The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. The major SolarWinds campaign has been generating headlines for weeks now. And while its specific targets make this atta
Threat Source newsletter (Jan. 21, 2021)
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. We know it’s hard to focus on anything happening outside of Washington, D.C. this week. But we would be remiss if we didn’t mention the exciting news that the Snort 3 GA is officially out now! This update has be
Threat Source newsletter (Jan. 7, 2021)
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers and welcome to the first Threat Source newsletter of 2021. We hit the ground running already this year with a new Beers with Talos episode. It was recorded back in 2020, but the lessons regarding ransomware attac
2020: The year in malware
By Jon Munshaw. Nothing was normal in 2020. Our ideas of working from offices, in-person meetings, hands-on learning and basically everything else was thrown into disarray early in the year. Since then, we defenders have had to adapt. But so have workers around the globe, and th
Threat Source newsletter (Dec. 17, 2020)
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. This will be our last Threat Source newsletter of the year. We’ll be on a few-week break for the holidays until Jan. 7. Of course, all anyone wants to talk about this week is the SolarWinds supply chain attack.
Threat Source newsletter (Dec. 10, 2020)
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. Cyber security firm FireEye recently disclosed an incident that was reported to have resulted in the inadvertent disclosure of various internally developed offensive security tools (OSTs) that were used across F
Quarterly Report: Incident Response trends from Fall 2020
By David Liebenberg and Caitlin Huey. For the sixth quarter in a row, Cisco Talos Incident Response (CTIR) observed ransomware dominating the threat landscape. However, for the first quarter since we began compiling these reports, no engagements that were closed out involved the
Threat Source newsletter (Dec. 3, 2020)
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. While ransomware has made all the headlines this year, that doesn’t mean cryptocurrency miners are going anywhere. We recently discovered a new actor we’re calling “Xanthe” that’s mining Monero on targets’ machi
Threat Source newsletter (Nov. 19, 2020)
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. In case you hadn’t already realized, Snort somehow became a meme this week, so that was fun. As 2020 (finally...or already...I can’t decide which) comes to an end, we’re going to start doing a look back at the
Nibiru ransomware variant decryptor
Nikhil Hegde developed this tool. Weak encryption The Nibiru ransomware is a .NET-based malware family. It traverses directories in the local disks, encrypts files with Rijndael-256 and gives them a .Nibiru extension. Rijndael-256 is a secure encryption algorithm. However, Ni
Quarterly Report: Incident Response trends in Summer 2020
By David Liebenberg and Caitlin Huey. For the fifth quarter in a row, Cisco Talos Incident Response (CTIR) observed ransomware dominating the threat landscape. Infections involved a wide variety of malware families including Ryuk, Maze, LockBit, and Netwalker, among others. In
Threat Source newsletter for July 23, 2020
Good afternoon, Talos readers. While ransomware attacks continue to hog all the headlines, cryptocurrency miners are still running the background, sapping computing power from unsuspecting victims. We have what we believe is the first documentation of a new botnet we're calli
Threat Source newsletter for July 16, 2020
Good afternoon, Talos readers. If you haven’t already, we highly recommend you read our in-depth research paper on election security. This paper represents four years of hands-on research, interviews and insight into how things have changed since 2016, and what hurdles remain to
Threat Source newsletter for July 2, 2020
Good afternoon, Talos readers. Our latest research you should catch up on is the Valak malware. This information-stealer sneaks its way onto victim machines by hijacking legitimate email threads. The threat actors send their phishing emails and attachments in email threads, hop
Threat Source newsletter for June 25, 2020
Good afternoon, Talos readers. We recently decided to replace our use of the terms "blacklist" and "whitelist" with "block list" and "allow list.” Even though these terms are commonly in use in the security industry, we will not go along with c
Threat Source newsletter for June 18, 2020
Good afternoon, Talos readers. Now that Cisco Live is over, you can access both of Talos’ talks on-demand here if you registered for the online event. The latest Beers with Talos episode covers how to push your career in cyber security forward when you feel like you’re stuck i
Quarterly report: Incident Response trends in Summer 2020
By David Liebenberg and Caitlin Huey. For the fourth quarter in a row, Ryuk dominated the threat landscape in incident response. As we mentioned in last quarter’s report, Ryuk has shifted from relying on commodity trojans to using living-off-the-land tools. This has led to a dec
Threat Source newsletter for June 11, 2020
Good afternoon, Talos readers. We are back this week with new content, mainly around Microsoft Patch Tuesday. We have our complete breakdown of all the vulns here, as well as in-depth information on two remote code execution vulnerabilities one of our researchers discovered in E
Threat Source newsletter for June 4, 2020
Our social media content and promotion are on pause this week as there are more important issues being discussed and other voices that need to be heard. However, we still wanted to provide users with the latest IOCs and threats we’re seeing. Upcoming public engagements Event:
Threat Source newsletter for May 28, 2020
Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. We need to start things off by wishing a Happy Birthday to Beers with Talos! The first episode was released on May 12, 2017. To celebrate, we have a new e
Threat Source newsletter for May 21, 2020
Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. Beers with Talos chugs on during quarantine with the latest episode of “The In-Between.” Once again, the hosts talk about everything but security, answeri
Quarterly Report: Incident Response trends in Spring 2020
By David Liebenberg. Cisco Talos Incident Response (CTIR) engagements continue to be dominated by ransomware and commodity trojans. As alluded to in last quarter’s report, ransomware actors have begun threatening to release sensitive information from victims as a means of further
Quarterly Report: Incident Response trends in fall 2019
By David Liebenberg and Kendall McKay. While many Cisco Talos Incident Response (CTIR) engagements have shown similar patterns over the past two quarters, we’re seeing a dangerous trend emerge this winter. Threat actors are increasingly combining the exfiltration of sensitive da