Avatar

Talos Group

Talos Security Intelligence & Research Group

The Talos Security Intelligence and Research Group (Talos) is made up of leading threat researchers supported by sophisticated systems to create threat intelligence for Cisco products that detects, analyzes and protects against both known and emerging threats. Talos maintains the official rule sets of Snort.org, ClamAV, SenderBase.org and SpamCop. This blog profile is managed by multiple authors with expertise that spans software development, reverse engineering, vulnerability triage, malware investigation and intelligence gathering.

Talos is the primary team that contributes threat information to the Cisco Collective Security Intelligence (CSI) ecosystem. Cisco CSI is shared across multiple security solutions and provides industry-leading security protections and efficacy. In addition to threat researchers, CSI is driven by intelligence infrastructure, product and service telemetry, public and private feeds and the open source community.

Articles

March 13, 2018

THREAT RESEARCH

Microsoft Patch Tuesday – March 2018

1 min read

Today, Microsoft released its monthly set of security advisories, addressing 74 new vulnerabilities, with 14 of them rated critical and 59 of them rated important.

March 6, 2018

THREAT RESEARCH

Gozi ISFB Remains Active in 2018, Leverages “Dark Cloud” Botnet For Distribution

1 min read

Gozi ISFB is a well-known and widely distributed banking trojan, and has been in the threat landscape for the past several years. Banking trojans are a widely distributed type of...

March 1, 2018

THREAT RESEARCH

Vulnerability Spotlight: Simple DirectMedia Layer’s SDL2_Image

1 min read

Overview Talos is disclosing several vulnerabilities identified in Simple DirectMedia Layer's SDL2_Image library that could allow code execution. Simple DirectMedia Layer is a cross-platform development library designed to provide low...

March 1, 2018

THREAT RESEARCH

Vulnerability Spotlight: Dovecot out-of-bounds Read Vulnerability

1 min read

Overview Today, Cisco Talos is disclosing a single out-of-bounds read vulnerability in the Dovecot IMAP server. Dovecot is a popular internet message access protocol, or IMAP, server...

February 28, 2018

THREAT RESEARCH

CannibalRAT targets Brazil

1 min read

Malware continues to evolve in different ways and forms, one of which is the language it is written in, from Visual C++, to Powershell, almost everything has been used to...

February 26, 2018

THREAT RESEARCH

Who Wasn’t Responsible for Olympic Destroyer?

1 min read

This blog post is authored by Paul Rascagneres and Martin Lee. Summary Evidence linking the Olympic Destroyer malware to a specific threat actor group is contradictory, and does not allow...

February 23, 2018

THREAT RESEARCH

Vulnerability Spotlight: Adobe Acrobat Reader DC Document ID Remote Code Execution Vulnerability

1 min read

Talos is releasing details of a new vulnerability within Adobe Acrobat Reader DC.

February 14, 2018

THREAT RESEARCH

COINHOARDER: Tracking a Ukrainian Bitcoin Phishing Ring DNS Style

1 min read

This post is authored by Jeremiah O'Connor and Dave Maynor with contributions from Artsiom Holub and Austin McBride.  Executive Summary Cisco has been tracking a bitcoin theft campaign for...

February 13, 2018

THREAT RESEARCH

Microsoft Patch Tuesday – February 2018

1 min read

Microsoft Patch Tuesday - February 2018 Today Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month's advisory...