Avatar

Talos Group

Talos Security Intelligence & Research Group

The Talos Security Intelligence and Research Group (Talos) is made up of leading threat researchers supported by sophisticated systems to create threat intelligence for Cisco products that detects, analyzes and protects against both known and emerging threats. Talos maintains the official rule sets of Snort.org, ClamAV, SenderBase.org and SpamCop. This blog profile is managed by multiple authors with expertise that spans software development, reverse engineering, vulnerability triage, malware investigation and intelligence gathering.

Talos is the primary team that contributes threat information to the Cisco Collective Security Intelligence (CSI) ecosystem. Cisco CSI is shared across multiple security solutions and provides industry-leading security protections and efficacy. In addition to threat researchers, CSI is driven by intelligence infrastructure, product and service telemetry, public and private feeds and the open source community.

Articles

October 11, 2019

THREAT RESEARCH

Threat Roundup for October 4 to October 11

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Oct 4 and Oct 11. As...

October 11, 2019

THREAT RESEARCH

New IDA Pro plugin provides TileGX support

Cisco Talos has a new plugin available for IDA Pro that provides a new disassembler for TileGX binaries. This tool should assist researchers in reverse-engineering threats in IDA Pro that...

October 4, 2019

THREAT RESEARCH

Threat Roundup for September 27 to October 4

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Sep. 27 to Oct 4. As...

September 30, 2019

THREAT RESEARCH

Open Document format creates twist in maldoc landscape

Cisco Talos recently observed attackers changing the file formats they use in an attempt to thwart common antivirus engines.

September 27, 2019

THREAT RESEARCH

Threat Roundup for September 20 to September 27

Talos is publishing a glimpse into the most prevalent threats we've observed between Sep. 20 to Sep 27.

September 26, 2019

THREAT RESEARCH

Divergent: “Fileless” NodeJS Malware Burrows Deep Within the Host

Cisco Talos recently discovered a new malware loader being used to deliver and infect systems with a previously undocumented malware payload called "Divergent."

September 24, 2019

THREAT RESEARCH

How Tortoiseshell created a fake veteran hiring website to host malware

Cisco Talos discovered a threat actor attempting to take advantage of Americans who may be seeking a job, especially military veterans. Symantec had previously identified the actor as Tortoiseshell.

September 20, 2019

THREAT RESEARCH

Threat Roundup for September 13 to September 20

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Sep. 13 to Sep 20.

September 17, 2019

THREAT RESEARCH

Emotet is back after a summer break

Emotet is still evolving, five years after its debut as a banking trojan. It is one of the world's most dangerous botnets and malware droppers-for-hire.