Talos Group

Talos Security Intelligence & Research Group

The Talos Security Intelligence and Research Group (Talos) is made up of leading threat researchers supported by sophisticated systems to create threat intelligence for Cisco products that detects, analyzes and protects against both known and emerging threats. Talos maintains the official rule sets of Snort.org, ClamAV, SenderBase.org and SpamCop. This blog profile is managed by multiple authors with expertise that spans software development, reverse engineering, vulnerability triage, malware investigation and intelligence gathering.

Talos is the primary team that contributes threat information to the Cisco Collective Security Intelligence (CSI) ecosystem. Cisco CSI is shared across multiple security solutions and provides industry-leading security protections and efficacy. In addition to threat researchers, CSI is driven by intelligence infrastructure, product and service telemetry, public and private feeds and the open source community.


May 24, 2019


Threat Roundup for May 17 to May 24

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between May 17 and May 24. As...

May 23, 2019


One year later: The VPNFilter catastrophe that wasn’t

One year ago, Cisco Talos first disclosed the existence of VPNFilter on May 23, 2018. The malware made headlines across the globe, as it was a sophisticated piece of malware...

May 23, 2019


Sorpresa! JasperLoader targets Italy with a new bag of tricks

Nick Biasini and Edmund Brumaghin authored this blog post. Executive summary Over the past few months,...

May 20, 2019


Recent MuddyWater-associated BlackWater campaign shows signs of new anti-detection techniques

This blog was authored by Danny Adamitis, David Maynor, and Kendall McKay Executive summary Cisco Talos assesses with moderate confidence that a campaign we recently...

May 6, 2019


Vulnerability Spotlight: Multiple bugs in several Jenkins plugins

Jenkins is an open-source automation server written in Java. There are several plugins that exist to integrate Jenkins with other pieces of software, such as GitLab. Today, Cisco Talos is...

May 3, 2019


Threat Roundup for April 26 to May 3

Talos lists ten of the most prevalent threats observed between April 26 and May 03, summarizing key behavioral characteristics, and discussing how our customers are automatically protected from these threats.

May 2, 2019


Qakbot levels up with new obfuscation techniques

Qakbot, also known as Qbot, is a well-documented banking trojan that has been around since 2008. Recent Qakbot campaigns, however, are utilizing an updated persistence mechanism that can make it...

April 30, 2019


Sodinokibi Ransomware Exploits WebLogic Server Vulnerability

Attackers are actively exploiting a recently disclosed vulnerability in Oracle WebLogic to install a new variant of ransomware called "Sodinokibi," which attempts to encrypt user data and then deletes shadow copy backups to make data recovery more difficult.

April 26, 2019


Threat Roundup for April 19 to April 26

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Apr. 19 and Apr. 26. As with previous roundups, this post isn't meant to be an...