Avatar

Talos Group

Talos Security Intelligence & Research Group

The Talos Security Intelligence and Research Group (Talos) is made up of leading threat researchers supported by sophisticated systems to create threat intelligence for Cisco products that detects, analyzes and protects against both known and emerging threats. Talos maintains the official rule sets of Snort.org, ClamAV, SenderBase.org and SpamCop. This blog profile is managed by multiple authors with expertise that spans software development, reverse engineering, vulnerability triage, malware investigation and intelligence gathering.

Talos is the primary team that contributes threat information to the Cisco Collective Security Intelligence (CSI) ecosystem. Cisco CSI is shared across multiple security solutions and provides industry-leading security protections and efficacy. In addition to threat researchers, CSI is driven by intelligence infrastructure, product and service telemetry, public and private feeds and the open source community.

Articles

January 18, 2019

THREAT RESEARCH

Threat Roundup for Jan. 11 to Jan. 18

1 min read

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Jan. 11 and Jan. 18. As with previous roundups, this post isn't meant to be an...

January 17, 2019

THREAT RESEARCH

What we learned by unpacking a recent wave of Imminent RAT infections using AMP

1 min read

Cisco Talos has been tracking a series of Imminent RAT infections for the past two months following reported data from Cisco Advanced Malware Protection's (AMP) Exploit Prevention engine. AMP successfully...

January 15, 2019

THREAT RESEARCH

Emotet re-emerges after the holidays

1 min read

While Emotet has been around for many years and is one of the most well-known pieces of malware in the wild, that doesn't mean attackers don't try to freshen it...

January 15, 2019

THREAT RESEARCH

Vulnerability Deep Dive: TP-Link TL-R600VPN remote code execution vulnerabilities

1 min read

Introduction TP-Link recently patched three vulnerabilities in their TL-R600VPN gigabit broadband VPN router, firmware version 1.3.0. Cisco Talos publicly disclosed these issues after working with TP-Link to ensure...

January 10, 2019

THREAT RESEARCH

Pylocky Unlocked: Cisco Talos releases PyLocky ransomware decryptor

1 min read

PyLocky is a family of ransomware written in Python that attempts to masquerade as a Locky variant. This ransomware will encrypt all files on a victim machine before...

January 9, 2019

THREAT RESEARCH

Why we want users’ feedback on Snort rule documentation

1 min read

Today, Talos is launching a new community survey to solicit feedback on SNORTⓇ documentation. When Snort alerts the end user, the rule documentation is their first and possibly only avenue...

January 9, 2019

THREAT RESEARCH

Microsoft Patch Tuesday — January 2019: Vulnerability disclosures and Snort coverage

1 min read

Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 49 vulnerabilities, seven of which are rated “critical,”...

January 2, 2019

THREAT RESEARCH

Vulnerability Spotlight: Multiple privilege escalation vulnerabilities in CleanMyMac X

1 min read

Tyler Bohan of Cisco Talos discovered several vulnerabilities in MacPaw’s CleanMyMac X software, a cleanup application for Mac operating systems that allows users to free up space on their machines.

December 21, 2018

THREAT RESEARCH

Threat Roundup for Dec. 14 to Dec. 21

1 min read

Summary of threats observed between December 14-21. Our customers are automatically protected from these threats, but we highlight key behavioral characteristics and indicators of compromise (not in-depth analysis).