Avatar

Talos Group

Talos Security Intelligence & Research Group

The Talos Security Intelligence and Research Group (Talos) is made up of leading threat researchers supported by sophisticated systems to create threat intelligence for Cisco products that detects, analyzes and protects against both known and emerging threats. Talos maintains the official rule sets of Snort.org, ClamAV, SenderBase.org and SpamCop. This blog profile is managed by multiple authors with expertise that spans software development, reverse engineering, vulnerability triage, malware investigation and intelligence gathering.

Talos is the primary team that contributes threat information to the Cisco Collective Security Intelligence (CSI) ecosystem. Cisco CSI is shared across multiple security solutions and provides industry-leading security protections and efficacy. In addition to threat researchers, CSI is driven by intelligence infrastructure, product and service telemetry, public and private feeds and the open source community.

Articles

April 25, 2019

THREAT RESEARCH

Vulnerability Spotlight: Multiple vulnerabilities in Sierra Wireless AirLink ES450

Carl Hurd and Jared Rittle of Cisco Talos discovered these vulnerabilities. Executive summary Several exploitable vulnerabilities exist in the Sierra Wireless AirLink ES450, an LTE gateway designed for distributed enterprise,...

April 25, 2019

THREAT RESEARCH

JasperLoader Emerges, Targets Italy with Gootkit Banking Trojan

Nick Biasini and Edmund Brumaghin authored this blog post with contributions from Andrew Williams. Introduction to JasperLoader Malware loaders are playing an increasingly important role in malware distribution. They give...

April 23, 2019

THREAT RESEARCH

DNSpionage brings out the Karkoff

In November 2018, Cisco Talos discovered an attack campaign, called DNSpionage, in which threat actors created a new remote administrative tool that supports HTTP and DNS communication with the attackers'...

April 19, 2019

THREAT RESEARCH

Threat Roundup for April 12 to April 19

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Apr. 12 and Apr. 19. As with previous roundups, this post isn't meant to be an...

April 17, 2019

THREAT RESEARCH

DNS Hijacking Abuses Trust In Core Internet Service

This blog post discusses the technical details of a state-sponsored attack manipulating DNS systems. While this incident is limited to targeting primarily national security organizations in the Middle East and...

April 15, 2019

THREAT RESEARCH

New HawkEye Reborn Variant Emerges Following Ownership Change

HawkEye is another example of malware being marketed across various hacking forums. Talos observed ongoing malware distribution campaigns attempting to leverage the latest version of the HawkEye keylogger/stealer, HawkEye Reborn v9, against organizations to steal sensitive information and account credentials for use in additional attacks and account compromise.

April 15, 2019

THREAT RESEARCH

Vulnerability Spotlight: Multiple vulnerabilities in Shimo VPN’s helper tool

Cisco Talos is disclosing a series of vulnerabilities found in the Shimo VPN Helper Tool. Shimo VPN is a popular VPN client for MacOS that can be used to connect...

April 12, 2019

THREAT RESEARCH

Threat Roundup for April 5 to April 12

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Apr. 5 and Apr. 12. As with previous roundups, this post isn't meant to be an...

April 11, 2019

THREAT RESEARCH

Sextortion Profits Decline Despite Higher Volume, New Techniques

Sextortionists are doing everything to evade spam filters and convince potential victims that perceived threats are real. Here are some recent changes we’ve seen in the sextortion email landscape.