Avatar

Talos Group

Talos Security Intelligence & Research Group

The Talos Security Intelligence and Research Group (Talos) is made up of leading threat researchers supported by sophisticated systems to create threat intelligence for Cisco products that detects, analyzes and protects against both known and emerging threats. Talos maintains the official rule sets of Snort.org, ClamAV, SenderBase.org and SpamCop. This blog profile is managed by multiple authors with expertise that spans software development, reverse engineering, vulnerability triage, malware investigation and intelligence gathering.

Talos is the primary team that contributes threat information to the Cisco Collective Security Intelligence (CSI) ecosystem. Cisco CSI is shared across multiple security solutions and provides industry-leading security protections and efficacy. In addition to threat researchers, CSI is driven by intelligence infrastructure, product and service telemetry, public and private feeds and the open source community.

Articles

April 23, 2018

THREAT RESEARCH

Cryptomining Campaign Returns Coal and Not Diamond

1 min read

Soon after a launch of a new cryptocurrency, Bitvote, in January, Talos discovered a new mining campaign affecting systems in India, Indonesia, Vietnam and several other countries that was tied...

April 19, 2018

THREAT RESEARCH

Vulnerability Spotlight: Multiple Issues in Foxit PDF Reader

1 min read

Talos is disclosing five vulnerabilities in Foxit PDF Reader, a popular free program for viewing, creating, and editing PDF documents.

April 19, 2018

THREAT RESEARCH

Updates for BASS

1 min read

Cisco Talos has rolled out a series of improvements to the BASS open-source framework aimed at speeding up its ability to provide coverage for new malware families.

April 17, 2018

THREAT RESEARCH

Vulnerability Spotlight: Foscam IP Video Camera Firmware Recovery Unsigned Image Vulnerability

1 min read

This vulnerability was discovered by Claudio Bozzato of Cisco Talos. Executive Summary The Foscam C1 Indoor HD Camera is a network-based camera that is marketed for a variety of uses,...

April 13, 2018

THREAT RESEARCH

Talos Threat Round Up for April 06-13

1 min read

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between April 06 and April 13. As with previous round-ups, this post isn't meant to be an...

April 12, 2018

1

THREAT RESEARCH

Vulnerability Spotlight: TALOS-2018-0529-531 – Multiple Vulnerabilities in NASA CFITSIO library

1 min read

Vulnerabilities discovered by Tyler Bohan from Talos Overview Talos is disclosing three remote code execution vulnerabilities in the NASA CFITSIO library. CFITSIO is a library of C and Fortran subroutines...

April 13, 2018

THREAT RESEARCH

Malware monitor – leveraging PyREBox for malware analysis

1 min read

This post was authored by Xabier Ugarte Pedrero In July 2017 we released PyREBox, a Python Scriptable Reverse Engineering Sandbox as an open source tool. This project is part...

April 13, 2018

THREAT RESEARCH

Vulnerability Spotlight: Multiple Vulnerabilities in Moxa EDR-810 Industrial Secure Router

1 min read

Vulnerabilities have been identified in Moxa EDR-810, an industrial secure router with firewall/NAT/VPN and managed Layer 2 switch functions. It is designed for Ethernet-based security applications in remote control or monitoring networks.

April 11, 2018

THREAT RESEARCH

Vulnerability Spotlight: Multiple Simple DirectMedia Layer Vulnerabilities

1 min read

Vulnerabilities identified in Simple DirectMedia Layer's SDL2_Image library could allow code execution. Simple DirectMedia Layer is a cross-platform development library designed to provide low level access to audio, keyboard, mouse, joystick, and graphics hardware via OpenGL and Direct3D.