Follow Talos on their other social channels!
About Us
Company Size:
10001+ employees
Company Type:
Talos is the industry-leading threat intelligence organization. We detect and correlate threats in real time using the largest threat detection network in the world to protect against known and emerging cyber security threats to better protect your organization.
Read more
Promoted Content
Listen to the New Beers with Talos Podcast
CCleanup: A Vast Number of Machines at Risk
Monday, September 18, 2017This post was authored by: Edmund Brumaghin, Ross Gibb, Warren Mercer, Matthew Molyett, and Craig WilliamsUpdate 9/18: CCleaner Cloud version 1.07.3191 is also reported to be affectedUpdate 9/19: This issue was discovered and reported by both Morphisec and Cisco in separate in-field cases and reported separately to Avast.Update 9/19: There has been some confusion on how the DGA domains resolve.The fallback ...
Back to Basics: Worm Defense in the Ransomware Age
Read the whole blog here. This post was authored by Edmund Brumaghin "Those who cannot remember the past are condemned to repeat it." - George Santayana The Prequel In March 2017, Microsoft released a security update for various versions of Windows, which addressed a remote code execution vulnerability affecting a protocol called SMBv1 (MS17-010). As this vulnerability could allow a remote attacker to completely compromise an affected system, the vulnerability was rated "Critical" with o ...
New Talos Webinar: Exploring Email: The #1 Threat Vector
Adversaries rely on email to execute their malicious campaigns, and no one understands their tactics better than the threat researchers at Talos. Analyzing more than 500 billion emails per day, Talos has unparalleled insight into the latest email security attack strategies. Join our latest webinar to hear their findings on the top email threats. Register NowAugust 31st at 10 am PT
New Blog Post From Talos: New Ransomware Variant Compromises Systems Worldwide
Talos has published a new blog in response to the ransomware outbreak that has affected multiple organizations in several countries. Please note that this blog post discusses active research by Talos into a new threat. This information should be considered preliminary with updates forth coming as new information becomes available. ---Today a new malware variant has surfaced. Our current research leads us to believe that the sample leverages EternalBlue and WMI for lateral movement inside an ...
Beers with Talos Podcast Now Available
The first episodes of Beers with Talos are now available on iTunes and directly on talosintelligence.com/podcasts.When Talos decided to make a threat intelligence podcast, we wanted to make it different than your typical buttoned down, subdued security podcast. The BWT crew: Craig, Joel, Nigel, and Mitch, decided to do that by making a podcast that is a lot like the discussions that you would have after work with colleagues - if your colleagues were both ridiculously opinionated and hyper-focuse ...
Player 3 Has Entered the Game: Say Hello to 'WannaCry'
EXECUTIVE SUMMARYA major ransomware attack has affected many organizations across the world reportedly including Telefonica in Spain, the National Health Service in the UK, and FedEx in the US. The malware responsible for this attack is a ransomware variant known as 'WannaCry'. The malware then has the capability to scan heavily over TCP port 445 (Server Message Block/SMB), spreading similar to a worm, compromising hosts, encrypting files stored on them then demand ...
Threat Spotlight: Mighty Morphin Malware Purveyors: Locky Returns Via Necurs
This post was authored by Nick BiasiniThroughout the majority of 2016, Locky was the dominant ransomware in the threat landscape. It was an early pioneer when it came to using scripting formats Windows hosts would natively handle, like .js, .wsf, and .hta. These scripting formats acted as a vehicle to deliver the payload via email campaigns. However, late in 2016 Locky distribution declined dramatically largely due to the slowdown of Necurs that occurred at the same time. On April 21st ...
New Blog Post: From Box to Backdoor: Discovering Just How Insecure an ICS Device is in Only 2 Weeks
Talos has published a new blog post covering vulnerability research we’ve done on a Moxa ICS device. -----Industrial Control Systems provide stability to civilization. They clean our water, deliver our power, and enable the physical infrastructure that we have learnt to rely on. Industrial Control Systems are also highly prevalent in manufacturing. They're the robots who build your cars and assemble T.V's, they're the forklifts that ship your e-commerce purchases. As factories, utilities, ...
Threat Spotlight: Sundown Matures
This post authored by Nick Biasini with contributions from Edmund Brumaghin and Alex ChiuThe last time Talos discussed Sundown it was an exploit kit in transition. Several of the large exploit kits had left the landscape and a couple of strong contenders remain. Sundown was one of the kits still active and poised to make a move, but lacked a lot of the sophistication of the other large kits and had lots of easy identifiers throughout its infection chain. Most of these identifiers have been strip ...
How Malformed RTF Defeats Security Engines
This post is authored by Paul Rascagneres with contributions from Alex McDonnellExecutive SummaryTalos has discovered a new spam campaign used to infect targets with the well known Loki Bot stealer. The infection vector is an RTF document abusing an old exploit (CVE-2012-1856), however the most interesting part is the effort put into the generation of the RTF. The document contains several malformations designed to defeat security engines and parsers. The attacker has gone out of their way to at ...

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play

Support Cybrary

Donate Here to Get This Month's Donor Badge



A “Noob’s” Guide to Ransomware
Views: 3099 / September 23, 2017
Dark Network Guide!
Views: 4024 / September 22, 2017
UNM4SK3D: SEC, APT33, and CCleaner
Views: 2007 / September 22, 2017
Penetration Testing Flash Applications
Views: 2084 / September 22, 2017
Skip to toolbar
Cybrary works best if you switch to our Android-friendly app

We recommend always using caution when following any link

Are you sure you want to continue?