Avatar

Talos Group

Talos Security Intelligence & Research Group

The Talos Security Intelligence and Research Group (Talos) is made up of leading threat researchers supported by sophisticated systems to create threat intelligence for Cisco products that detects, analyzes and protects against both known and emerging threats. Talos maintains the official rule sets of Snort.org, ClamAV, SenderBase.org and SpamCop. This blog profile is managed by multiple authors with expertise that spans software development, reverse engineering, vulnerability triage, malware investigation and intelligence gathering.

Talos is the primary team that contributes threat information to the Cisco Collective Security Intelligence (CSI) ecosystem. Cisco CSI is shared across multiple security solutions and provides industry-leading security protections and efficacy. In addition to threat researchers, CSI is driven by intelligence infrastructure, product and service telemetry, public and private feeds and the open source community.

Articles

February 8, 2019

THREAT RESEARCH

Threat Roundup for Feb. 1 to Feb. 8

1 min read

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Feb. 1 and Feb. 8. As with previous roundups, this post isn't meant to be an...

February 6, 2019

THREAT RESEARCH

2018 in Snort Signatures

1 min read

The cybersecurity field shifted quite a bit in 2018. With the boom of cryptocurrency, we saw a transition from ransomware to cryptocurrency miners. Talos researchers identified APT campaigns including VPNFilter,...

February 4, 2019

THREAT RESEARCH

ExileRAT shares C2 with LuckyCat, targets Tibet

1 min read

Cisco Talos recently observed a malware campaign delivering malicious Microsoft PowerPoint document using a mailing list run by the Central Tibetan Administration (CTA), an organization officially representing the Tibetan government-in-exile....

February 1, 2019

THREAT RESEARCH

Threat Roundup for Jan. 25 to Feb. 1

1 min read

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Jan. 25 and Feb. 1. As with previous roundups, this post isn't meant to be an...

January 30, 2019

THREAT RESEARCH

Cisco Job Posting Targets Korean Candidates

1 min read

Edmund Brumaghin and Paul Rascagneres authored this post, with contributions from Jungsoo An. Executive summary Cisco Talos recently observed a targeted malware campaign being leveraged in an...

January 30, 2019

THREAT RESEARCH

Vulnerability Spotlight: Multiple vulnerabilities in ACD Systems Canvas Draw 5

1 min read

Cisco Talos is disclosing several vulnerabilities in ACD Systems' Canvas Draw 5, a graphics-editing tool for Mac. The vulnerable component of Canvas Draw 5 lies in the handling of TIFF...

January 28, 2019

THREAT RESEARCH

Vulnerability Spotlight: Multiple WIBU SYSTEMS WubiKey vulnerabilities

1 min read

Marcin "Icewall" Noga of Cisco Talos discovered these vulnerabilities. Executive Summary Cisco Talos discovered two vulnerabilities that could allow remote code execution and memory disclosure at the kernel level...

January 25, 2019

THREAT RESEARCH

Threat Roundup for Jan. 18 to Jan. 25

1 min read

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Jan. 18 and Jan. 25. As with previous roundups, this post isn't meant to be an...

January 24, 2019

THREAT RESEARCH

AMP tracks new campaign that delivers Ursnif

1 min read

This blog post was authored by John Arneson of Cisco Talos Executive Summary Cisco Talos once again spotted the Ursnif malware in the wild. We tracked this information stealer after...