Avatar

Talos Group

Talos Security Intelligence & Research Group

The Talos Security Intelligence and Research Group (Talos) is made up of leading threat researchers supported by sophisticated systems to create threat intelligence for Cisco products that detects, analyzes and protects against both known and emerging threats. Talos maintains the official rule sets of Snort.org, ClamAV, SenderBase.org and SpamCop. This blog profile is managed by multiple authors with expertise that spans software development, reverse engineering, vulnerability triage, malware investigation and intelligence gathering.

Talos is the primary team that contributes threat information to the Cisco Collective Security Intelligence (CSI) ecosystem. Cisco CSI is shared across multiple security solutions and provides industry-leading security protections and efficacy. In addition to threat researchers, CSI is driven by intelligence infrastructure, product and service telemetry, public and private feeds and the open source community.

Articles

August 27, 2020

THREAT RESEARCH

Threat Roundup for August 21 to August 27

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between August 21 and August 27. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are […]

August 21, 2020

THREAT RESEARCH

Threat Roundup for August 14 to August 21

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between August 14 and August 21. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are […]

August 14, 2020

THREAT RESEARCH

Threat Roundup for August 7 to August 14

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between August 7 and August 14. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are […]

August 13, 2020

THREAT RESEARCH

Attribution: A Puzzle

By Martin Lee, Paul Rascagneres and Vitor Ventura. Introduction The attribution of cyber attacks is hard. It requires collecting diverse intelligence, analyzing it and deciding who is responsible. Rarely does the evidence available to researchers reach a level of proof that would be acceptable in a court of law.  Nevertheless, the private sector rises to […]

August 10, 2020

THREAT RESEARCH

Barbervisor: Journey developing a snapshot fuzzer with Intel VT-x

One of the ways vulnerability researchers find bugs is with fuzzing. At a high level, fuzzing is the process of generating and mutating random inputs for a given target to crash it. In 2017, I started developing a bare metal hypervisor for the purposes of snapshot fuzzing: fuzzing small subsets of programs from a known, […]

August 7, 2020

THREAT RESEARCH

Threat Roundup for July 31 to August 7

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between July 31 and August 7. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are […]

July 31, 2020

THREAT RESEARCH

Threat Roundup for July 24 to July 31

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between July 24 and July 31. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are […]

July 29, 2020

THREAT RESEARCH

Adversarial use of current events as lures

By Nick Biasini. The goal of malicious activity is to compromise the system to install some unauthorized software. Increasingly that goal is tied to one thing: the user. Over the past several years, we as an industry improved exploit mitigation and the value of working exploits has increased accordingly. Together, these changes have had an […]

July 24, 2020

THREAT RESEARCH

Threat Roundup for July 17 to July 24

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between July 17 and July 24. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are […]