Follow Talos on their other social channels!
About Us
Company Size:
10001+ employees
Company Type:
Talos is the industry-leading threat intelligence organization. We detect and correlate threats in real time using the largest threat detection network in the world to protect against known and emerging cyber security threats to better protect your organization.
Read more
Promoted Content
Snort Scholarships -- Apply Now!
Crypt0l0cker (TorrentLocker): Old Dog, New Tricks
This post is authored by Matthew Molyett, Holger Unterbrink and Paul RascagneresExecutive SummaryRansomware continues to be a plague on the internet and still sets itself as the fastest growing malware family we have seen in the last number of years. In this post we describe the technical details about a newly observed campaign of the notorious Crypt0l0cker (aka TorrentLocker or Teerac) ransomware. Crypt0l0cker has gone through a long evolution, the adversaries are updating and improving the mal ...
CPE Webinar: Talos Winter Security Threat Briefing
Tuesday, February 28 at 1pm EDT / 10am PDTAdversaries never stop innovating—and one team is tasked with tracking and stopping new attack strategies. The Talos threat intelligence team has more than 270 full time threat researchers who discover new vulnerabilities, threats and attack strategies. Join our complimentary webinar led by Talos Senior Threat Researcher Earl Carter to learn what the team considered the most important security developments of the past season.  Once per qu ...
Webinar: Exploit Kits – is this the end or just the beginning?
January 12, 2017 at 1pm ET/10am PTExploit kits are used by hackers to compromise users through software vulnerabilities and deliver malicious payloads like Ransomware and Banking Trojans. They are responsible for tens of millions of dollars in losses, and a countless number of victims – and are very profitable for the hackers who use them. These EKs are ready to go off the shelf and often require little-to-no knowledge of the underlying code or the vulnerabilities they exploit. We've ...
Down the Rabbit Hole with the RIG Pill
This post is authored by Holger Unterbrink with contributions by Christopher Marczewski EXECUTIVE SUMMARY Talos is monitoring the big notorious Exploit Kits(EK) on an ongoing basis. Since Angler disappeared a few month ago, RIG is one EK which seems to be trying to fill the gap Angler has left. We see an ongoing development on RIG. This report gives more details about the complex infection process the adversaries behind RIG are using to infect their victims and how they attempt to bypass secur ...
LockyDump – All Your Configs Are, Belong To Us
Summary Locky has continued to evolve since its inception in February 2016. This has made it difficult to track at times due to changes in the way in which it's distributed as well as various characteristics of the malware itself. The actors responsible for Locky have continuously attempted to improve operational security (OPSEC) in regards to the tracking of affiliates making use of the ransomware. This post will discuss a new Locky configuration extractor that Talos is releasing, which we are ...
Threat Spotlight: GozNym
This blog was authored by Ben Baker, Edmund Brumaghin and Jonah Samost. Executive Summary GozNym is the combination of features from two previously identified families of malware, Gozi and Nymaim. Gozi was a widely distributed banking trojan with a known Domain Generation Algorithm (DGA) and also contained the ability to install a Master Boot Record (MBR) rootkit. Nymaim emerged in 2013 as malware which was used to deliver ransomware and was previously distributed by the Black Hole explo ...
7-Zip Vulnerabilities Discovered
7-Zip is an open-source file archiving application which features optional AES-256 encryption, support for large files, and the ability to use “any compression, conversion or encryption method”. Recently Cisco Talos has discovered multiple exploitable vulnerabilities in 7-Zip. These type of vulnerabilities are especially concerning since vendors may not be aware they are using the affected libraries. This can be of particular concern, for example, when it comes to security devices or antivir ...
ROPMEMU: The Framework to Analyze Complex Code-Reuse Attacks [Research]
EXECUTIVE SUMMARY: Attacks have grown more and more complex over the years. The evolution of the threat landscape has demonstrated this where adversaries have had to modify their tactics to bypass mitigations and compromise systems in response to better mitigations. Code-reuse attacks, such as return-oriented programming (ROP), are part of this evolution and currently present a challenge to defenders as it is an area of research that has not been studied in depth. Today, Talos releases ROPMEMU, ...
An Exploit in the Apple Graphics Driver and Bypassing KASLR – A Vulnerability Deep Dive
Cisco Talos vulnerability researcher Piotr Bania recently discovered a vulnerability in the Apple Intel HD 3000 Graphics driver. In this post we are going to take a deeper dive into this research and look into the details of the vulnerability as well as the KASLR bypass and kernel exploitation that could lead to arbitrary local code execution. These techniques could be leveraged by malware authors to bypass software sandbox technologies, which can simply be within the software program (browser o ...
How the Angler Exploit Kit Uses Spam to Compromise Users
Exploit kits have been a recurring threat that we've discussed here on this blog as a method of driving users to maliciousness. Users typically encounter exploit kit landing pages through compromised websites and malvertising. However, we've found a new email twist to the standard procedures associated with getting users into the exploit kit infection chain. This post is authored by Nick Biasini with contributions from Erick Galinkin and Alex McDonnell [flat_button text="Watch On-Dem ...

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play

Support Cybrary

Donate Here to Get This Month's Donor Badge



Skip to toolbar
Cybrary works best if you switch to our Android-friendly app

We recommend always using caution when following any link

Are you sure you want to continue?