Talos
Follow
2888 Followers
Follow Talos on their other social channels!
About Us
Founded:
2014
Company Size:
10001+ employees
Company Type:
Private
Location:
Worldwide
Website:
Talos is the industry-leading threat intelligence organization. We detect and correlate threats in real time using the largest threat detection network in the world to protect against known and emerging cyber security threats to better protect your organization.
Read more
Promoted Content
Earn one of two $10,000 scholarships to a Snort-approved university for the 2018/2019 academic year!
Follow
317
Announcing the Cisco 2018 Annual Cybersecurity Report
Network-based ransomware worms. Devastating supply chain attacks. Learn about these attacks and more in the Cisco 2018 Annual Cybersecurity Report.
Follow
311
SamSam- The Evolution Continues Netting Over $325,000 in 4 Weeks
Talos has been working in conjunction with Cisco IR Services on what we believe to be a new variant of the SamSam ransomware. This ransomware has been observed across multiple industries including Government, Healthcare and ICS. These attacks do not appear to be highly targeted, and appear to be more opportunistic in nature. Given SamSam's victimology, its impacts are not just felt within the business world, they are also impacting people, especially if we consider the Healthcare sector. No ...
Follow
344
The Many Tentacles of the Necurs Botnet
Over the past five years the Necurs botnet has established itself as the largest purveyor of spam worldwide. Necurs is responsible for emailing massive amounts of banking malware, ransomware, dating spam, pump-n-dump stock scams, work from home schemes, and even cryptocurrency wallet credential phishing. Necurs sends so much spam that at times Necurs' spam campaigns can make up more than 90% of the spam seen by Cisco Talos in one day. To conduct a deeper analysis of Necurs, Talos extracted 32 ...
Follow
511
ROKRAT Reloaded
This post was authored by Warren Mercer, Paul Rascagneres and with contributions from Jungsoo An. Executive Summary Earlier this year, Talos published 2 articles concerning South Korean threats. The first one was about the use of a malicious HWP document which dropped downloaders used to retrieve malicious payloads on several compromised websites. One of the website was a compromised government website. We named this case "Evil New Years". The second one was about the analysis and discovery ...
Follow
503
The Mutiny Fuzzing Framework and Decept Proxy
This blog post is authored by James Spadaro of Cisco ASIG and Lilith Wyatt of Cisco Talos. Imagine a scenario where you, as a vulnerability researcher, are tasked with auditing a network application to identify vulnerabilities. By itself, the task may not seem too daunting until you learn of a couple conditions and constraints: you have very little information to work off of on how the network applications operates, how the protocols work, and you have a limited amount of time to conduct your ...
Follow
918
This Holiday Season – Buy One IoT Device, Get Free CVEs
As the Internet of Things gains steam and continues to develop, so are adversaries and the threats affecting these systems. Companies throughout the world are busy deploying low cost Internet-connected computing devices (aka the Internet of Things) to solve business problems and improve our lives. In tandem, criminals are developing their methods for abusing and compromising vulnerable and poorly defended IoT devices. In the past year, we have seen criminals recruit vulnerable IoT devices to ...
Follow
1092
Poisoning the Well: Banking Trojan Targets Google Search Results
This blog post was authored by Edmund Brumaghin, Earl Carter and Emmanuel Tacheau. Summary It has become common for users to use Google to find information that they do not know. In a quick Google search you can find practically anything you need to know. Links returned by a Google search, however, are not guaranteed to be safe. In this situation, the threat actors decided to take advantage of this behavior by using Search Engine Optimization (SEO) to make their malicious links more preval ...
Follow
961
“Cyber Conflict” Decoy Document Used In Real Cyber Conflict
This post was authored by Warren Mercer, Paul Rascagneres and Vitor VenturaUpdate 10/23: CCDCOE released a statement today on their websiteINTRODUCTIONCisco Talos discovered a new malicious campaign from the well known actor Group 74 (aka Tsar Team, Sofacy, APT28, Fancy Bear…). Ironically the decoy document is a deceptive flyer relating to the Cyber Conflict U.S. conference. CyCon US is a collaborative effort between the Army Cyber Institute at the United Sta ...
Follow
672
Vulnerability Spotlight: Apache OpenOffice Vulnerabilities
Discovered by Marcin ‘Icewall’ Noga of Cisco Talos Overview Today, Talos is releasing details of three new vulnerabilities discovered within Apache OpenOffice application. The first vulnerability, TALOS-2017-0295 within OpenOffice Writer, the second TALOS-2017-0300 in the Draw application, and the third TALOS-2017-0301 discovered in the Writer application. All three vulnerabilities allow arbitrary code execution to be performed. TALOS-2017-0295 - Apache OpenOffice Remote Code Execution ...
Follow
890
Disassembler and Runtime Analysis
This post was authored by Paul Rascagneres. Introduction In the CCleaner 64bit stage 2 previously described in our blog, we explained that the attacker modified a legitimate executable that is part of "Symantec Endpoint". This file is named EFACli64.dll. The modification is performed in the runtime code included by the compiler, more precisely in the __security_init_cookie() function. The attacker modified the last instruction to jump to the malicious code. The well-known IDA Pro disassembler ...

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel