Security

7 min read

Malware is one of the most prevalent and most insidious forms of cyber attack.  Identifying and eliminating them are critical in minimizing the impact of a breach.  As a cybersecurity incident responder, I always end up performing some level of malicious file analysis.  In this blog, I’ll share some recommended approaches that have worked for […]

2 min read

[Note: We would especially like to thank the Entrust Datacard team for their contributions to this post and the fruitful collaboration. More info at Entrust Datacard’s Digital DNA blog series and Twitter handle (@entrustdatacard).] Products and solutions do not operate in silos. In technology, interoperability is a top priority. Thus, making a transition to different communication […]

1 min read

Shamoon is a type of destructive malware that has been previously associated with attacks against the Saudi Arabian energy sector we’ve been tracking since 2012. We’ve observed that a variant of Shamoon, identified as Shamoon 2, has recently been used against several compromised organizations and institutions. Talos is aware of the recent increase in Shamoon […]

1 min read

The few last days, a malware sample named EyePyramid has received considerable attention, especially in Italy. The Italian police have arrested two suspects and also published a preliminary report of the investigation. This malware is notable due to the targeting of Italian celebrities and politicians. We conducted our analysis on one of the first public […]

1 min read

This post authored by David Maynor & Paul Rascagneres with the contribution of Alex McDonnell and Matthew Molyett Overview Talos has identified a malicious Microsoft Word document with several unusual features and an advanced workflow, performing reconnaissance on the targeted system to avoid sandbox detection and virtual analysis, as well as exploitation from a non-embedded […]

5 min read

Many businesses are looking to reap the benefits of digital transformation, evolving new services that provide value to and forge closer relationships with partners and customers. Trust and responsible information management practices are becoming business differentiators as consumers become more aware of the impact of data breaches and the potential for misuse of personal information.  […]

3 min read

The Cisco PSIRT openVuln API is a RESTful API that allows customers to obtain Cisco security vulnerability information in different machine-consumable formats. It supports industrywide security standards such as the Common Vulnerability Reporting Framework (CVRF), Open Vulnerability and Assessment Language (OVAL), Common Vulnerability and Exposure (CVE) identifiers, Common Weakness Enumeration (CWE), and the Common Vulnerability Scoring System (CVSS). This API […]

3 min read

Since its introduction in 2015, pxGrid has provided you an open, automated, and effective way for your disparate security technologies to work together.  In just two years we’ve added 50 separate products that you can integrate to see and stop threats faster, and demonstrate compliance. And we’re bringing on board a mix of new technology […]

3 min read

Visibility doesn’t just mean seeing data move within the network – it also means seeing who and what is on the network. Trends like the Internet of Things (IoT) and Enterprise Mobility – that will result in tens of billions of connected devices and users – are fundamentally changing the enterprise networking environment. Not knowing […]