Avatar

Talos Group

Talos Security Intelligence & Research Group

The Talos Security Intelligence and Research Group (Talos) is made up of leading threat researchers supported by sophisticated systems to create threat intelligence for Cisco products that detects, analyzes and protects against both known and emerging threats. Talos maintains the official rule sets of Snort.org, ClamAV, SenderBase.org and SpamCop. This blog profile is managed by multiple authors with expertise that spans software development, reverse engineering, vulnerability triage, malware investigation and intelligence gathering.

Talos is the primary team that contributes threat information to the Cisco Collective Security Intelligence (CSI) ecosystem. Cisco CSI is shared across multiple security solutions and provides industry-leading security protections and efficacy. In addition to threat researchers, CSI is driven by intelligence infrastructure, product and service telemetry, public and private feeds and the open source community.

Articles

September 11, 2019

THREAT RESEARCH

Watchbog and the Importance of Patching

Cisco Incident Response (CSIRS) recently responded to an incident involving the Watchbog cryptomining botnet. By Luke DuCharme and Paul Lee.

September 6, 2019

THREAT RESEARCH

Threat Roundup for August 30 to September 6

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Aug. 30 and Sep. 6.

September 5, 2019

THREAT RESEARCH

GhIDA: Ghidra decompiler for IDA Pro

Executive Summary Cisco Talos is releasing two new tools for IDA Pro: GhIDA and Ghidraaas. GhIDA is an IDA Pro plugin that integrates the Ghidra decompiler...

September 3, 2019

THREAT RESEARCH

The latest on BlueKeep and DejaBlue vulnerabilities — Using Firepower to defend against encrypted DejaBlue

Over the past few months, Microsoft has released several security updates for critical Remote Desktop Protocol (RDP)-related security bugs. These bugs are significant for IT infrastructure because they are classified...

August 30, 2019

THREAT RESEARCH

Threat Roundup for August 23 to August 30

Talos is publishing a glimpse into the most prevalent threats we've observed between Aug. 23 and Aug. 30.

August 28, 2019

THREAT RESEARCH

RAT Ratatouille – Backdooring PCs with leaked RATs

Orcus RAT and RevengeRAT are two of the most popular remote access trojans (RATs) in use across the threat landscape. Since its emergence in 2016, various adversaries used RevengeRAT to...

August 27, 2019

THREAT RESEARCH

China Chopper still active 9 years later

Threats will commonly fade away over time as they're discovered, reported on, and detected. But China Chopper has found a way to stay relevant, active and effective...

August 23, 2019

THREAT RESEARCH

Threat Roundup for August 16 to August 23

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Aug. 16 and Aug. 23. As...

August 22, 2019

THREAT RESEARCH

New 4CAN tool helps identify vulnerabilities in on-board car computers

Modern automobiles contain hundreds of sensors and mechanics that communicate via computers to understand their surrounding environment. Those components provide real-time information to drivers, connect the vehicle to a global...