Avatar

Talos Group

Talos Security Intelligence & Research Group

The Talos Security Intelligence and Research Group (Talos) is made up of leading threat researchers supported by sophisticated systems to create threat intelligence for Cisco products that detects, analyzes and protects against both known and emerging threats. Talos maintains the official rule sets of Snort.org, ClamAV, SenderBase.org and SpamCop. This blog profile is managed by multiple authors with expertise that spans software development, reverse engineering, vulnerability triage, malware investigation and intelligence gathering.

Talos is the primary team that contributes threat information to the Cisco Collective Security Intelligence (CSI) ecosystem. Cisco CSI is shared across multiple security solutions and provides industry-leading security protections and efficacy. In addition to threat researchers, CSI is driven by intelligence infrastructure, product and service telemetry, public and private feeds and the open source community.

Articles

March 20, 2019

THREAT RESEARCH

Ransomware or Wiper? LockerGoga Straddles the Line

LockerGoga is a ransomware variant that, while lacking sophistication, can still cause extensive damage to organizations or individuals. Talos has also seen wiper malware impersonate ransomware, such as NotPetya.

March 19, 2019

THREAT RESEARCH

Vulnerability Spotlight: Multiple Vulnerabilities in CUJO Smart Firewall, Das U-Boot, OCTEON SDK, Webroot BrightCloud

Claudio Bozzato of Cisco Talos discovered these vulnerabilities. Executive summary CUJO AI produces the CUJO Smart Firewall, a device that provides protection to home networks against a myriad of...

March 18, 2019

THREAT RESEARCH

IPv6 unmasking via UPnP

Comparative scans of discovered hosts on both IPv4 and IPv6 show significant security discrepancies in filtering between IPv4 and IPv6 interfaces, and that unintended IPv6 connectivity will be increasingly problematic.

March 15, 2019

THREAT RESEARCH

Threat Roundup for March 8 to March 15

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Mar. 8 and Mar. 15. As with previous roundups, this post isn't meant to be an...

March 13, 2019

THREAT RESEARCH

GlitchPOS: New PoS malware for sale

Warren Mercer and Paul Rascagneres authored this post with contributions from Ben Baker. Executive summary Point-of-sale malware is popular among attackers, as it usually leads to them obtaining credit card...

March 8, 2019

THREAT RESEARCH

Threat Roundup for Mar. 1 to Mar. 8

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between March 01 and March 08. As with previous roundups, this post isn't meant to be an...

March 5, 2019

THREAT RESEARCH

Cisco, Talos tout importance of IoT security at RSA keynote

By 2020, Gartner predicts 20 billion connected devices will be online — and more devices mean more security threats. Connected devices have exploded into the public and corporate landscape, rattling...

March 1, 2019

THREAT RESEARCH

Threat Roundup for Feb. 22 to March 1

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Feb. 8 and Feb. 15. As with previous roundups, this post isn't meant to be an...

February 26, 2019

THREAT RESEARCH

Cisco Talos Honeypot Analysis Reveals Rise in Attacks on Elasticsearch Clusters

Cisco Talos warns users that they need to keep a close eye on unsecured Elasticsearch clusters. We have recently observed a spike in attacks from multiple threat actors targeting these...