Avatar

Talos Group

Talos Security Intelligence & Research Group

The Talos Security Intelligence and Research Group (Talos) is made up of leading threat researchers supported by sophisticated systems to create threat intelligence for Cisco products that detects, analyzes and protects against both known and emerging threats. Talos maintains the official rule sets of Snort.org, ClamAV, SenderBase.org and SpamCop. This blog profile is managed by multiple authors with expertise that spans software development, reverse engineering, vulnerability triage, malware investigation and intelligence gathering.

Talos is the primary team that contributes threat information to the Cisco Collective Security Intelligence (CSI) ecosystem. Cisco CSI is shared across multiple security solutions and provides industry-leading security protections and efficacy. In addition to threat researchers, CSI is driven by intelligence infrastructure, product and service telemetry, public and private feeds and the open source community.

Articles

February 12, 2018

THREAT RESEARCH

Olympic Destroyer Takes Aim At Winter Olympics

1 min read

The Winter Olympics this year is being held in Pyeongchang, South Korea. The Guardian, a UK Newspaper reported an article that suggested the Olympic computer systems suffered technical issues during...

February 6, 2018

THREAT RESEARCH

Targeted Attacks In The Middle East

1 min read

This blog post is authored by Paul Rascagneres with assistance of Martin Lee. Executive Summary Talos has identified a targeted attack affecting the Middle East. This campaign contains the following...

February 2, 2018

THREAT RESEARCH

Flash 0-Day In The Wild: Group 123 At The Controls

1 min read

The 1st of February, Adobe published an advisory concerning a Flash vulnerability (CVE-2018-4878). This vulnerability is a use after free that allows Remote Code Execute through a malformed Flash object....

January 31, 2018

THREAT RESEARCH

Ransom Where? Malicious Cryptocurrency Miners Takeover, Generating Millions

2 min read

The Dark Side of the Digital Gold Rush This post was authored by Nick Biasini, Edmund Brumaghin, Warren Mercer and Josh Reynolds with contributions from Azim Khodijbaev and David Liebenberg.

January 29, 2018

THREAT RESEARCH

2017 in Snort Signatures.

1 min read

2017 was an eventful year for cyber security with high profile vulnerabilities that allowed self-replicating worm attacks such as WannaCry and BadRabbit to impact...

January 26, 2018

THREAT RESEARCH

Vulnerability Spotlight: Walt Disney Per-Face Texture Mapping faceInfoSize Code Execution Vulnerability

1 min read

This vulnerability was discovered by Tyler Bohan of Cisco Talos. Executive Summary Walt Disney PTEX is an open source software application maintained by Walt Disney Animation Studios. It is...

January 22, 2018

1

THREAT RESEARCH

SamSam – The Evolution Continues Netting Over $325,000 in 4 Weeks

1 min read

Talos have been working in conjunction with Cisco IR Services on what we believe to be a new variant of the SamSam ransomware. This ransomware has been observed across multiple industries including Government, Healthcare and ICS. These attacks do not appear to be highly targeted, and appear to be more opportunistic in nature. Given SamSam’s victimology its […]

January 18, 2018

1

THREAT RESEARCH

The Many Tentacles of the Necurs Botnet

1 min read

This post was written by Jaeson Schultz. Introduction Over the past five years the Necurs botnet has established itself as the largest purveyor of spam worldwide. Necurs is responsible for emailing massive amounts of banking malware, ransomware, dating spam, pump-n-dump stock scams, work from home schemes, and even cryptocurrency wallet credential phishing. Necurs sends so much […]

January 17, 2018

THREAT RESEARCH

Vulnerability Spotlight: Tinysvcmdns Multi-label DNS DoS Vulnerabilility

1 min read

Overview Talos is disclosing a single NULL pointer dereference vulnerability in the tinysvcmdns library. Tinysvcmdns is a tiny MDNS responder implementation for publishing services. This is essentially a mini and embedded version of Avahi or Bonjour. Read More >>