Follow Talos on their other social channels!
About Us
Company Size:
10001+ employees
Company Type:
Talos is the industry-leading threat intelligence organization. We detect and correlate threats in real time using the largest threat detection network in the world to protect against known and emerging cyber security threats to better protect your organization.
Read more
Promoted Content
Subscribe to the Talos Newsletter
New Blog Post: From Box to Backdoor: Discovering Just How Insecure an ICS Device is in Only 2 Weeks
Talos has published a new blog post covering vulnerability research we’ve done on a Moxa ICS device. -----Industrial Control Systems provide stability to civilization. They clean our water, deliver our power, and enable the physical infrastructure that we have learnt to rely on. Industrial Control Systems are also highly prevalent in manufacturing. They're the robots who build your cars and assemble T.V's, they're the forklifts that ship your e-commerce purchases. As factories, utilities, ...
Threat Spotlight: Sundown Matures
This post authored by Nick Biasini with contributions from Edmund Brumaghin and Alex ChiuThe last time Talos discussed Sundown it was an exploit kit in transition. Several of the large exploit kits had left the landscape and a couple of strong contenders remain. Sundown was one of the kits still active and poised to make a move, but lacked a lot of the sophistication of the other large kits and had lots of easy identifiers throughout its infection chain. Most of these identifiers have been strip ...
How Malformed RTF Defeats Security Engines
This post is authored by Paul Rascagneres with contributions from Alex McDonnellExecutive SummaryTalos has discovered a new spam campaign used to infect targets with the well known Loki Bot stealer. The infection vector is an RTF document abusing an old exploit (CVE-2012-1856), however the most interesting part is the effort put into the generation of the RTF. The document contains several malformations designed to defeat security engines and parsers. The attacker has gone out of their way to at ...
Crypt0l0cker (TorrentLocker): Old Dog, New Tricks
This post is authored by Matthew Molyett, Holger Unterbrink and Paul RascagneresExecutive SummaryRansomware continues to be a plague on the internet and still sets itself as the fastest growing malware family we have seen in the last number of years. In this post we describe the technical details about a newly observed campaign of the notorious Crypt0l0cker (aka TorrentLocker or Teerac) ransomware. Crypt0l0cker has gone through a long evolution, the adversaries are updating and improving the mal ...
CPE Webinar: Talos Winter Security Threat Briefing
Tuesday, February 28 at 1pm EDT / 10am PDTAdversaries never stop innovating—and one team is tasked with tracking and stopping new attack strategies. The Talos threat intelligence team has more than 270 full time threat researchers who discover new vulnerabilities, threats and attack strategies. Join our complimentary webinar led by Talos Senior Threat Researcher Earl Carter to learn what the team considered the most important security developments of the past season.  Once per qu ...
Webinar: Exploit Kits – is this the end or just the beginning?
January 12, 2017 at 1pm ET/10am PTExploit kits are used by hackers to compromise users through software vulnerabilities and deliver malicious payloads like Ransomware and Banking Trojans. They are responsible for tens of millions of dollars in losses, and a countless number of victims – and are very profitable for the hackers who use them. These EKs are ready to go off the shelf and often require little-to-no knowledge of the underlying code or the vulnerabilities they exploit. We've ...
Down the Rabbit Hole with the RIG Pill
This post is authored by Holger Unterbrink with contributions by Christopher Marczewski EXECUTIVE SUMMARY Talos is monitoring the big notorious Exploit Kits(EK) on an ongoing basis. Since Angler disappeared a few month ago, RIG is one EK which seems to be trying to fill the gap Angler has left. We see an ongoing development on RIG. This report gives more details about the complex infection process the adversaries behind RIG are using to infect their victims and how they attempt to bypass secur ...
LockyDump – All Your Configs Are, Belong To Us
Summary Locky has continued to evolve since its inception in February 2016. This has made it difficult to track at times due to changes in the way in which it's distributed as well as various characteristics of the malware itself. The actors responsible for Locky have continuously attempted to improve operational security (OPSEC) in regards to the tracking of affiliates making use of the ransomware. This post will discuss a new Locky configuration extractor that Talos is releasing, which we are ...
Threat Spotlight: GozNym
This blog was authored by Ben Baker, Edmund Brumaghin and Jonah Samost. Executive Summary GozNym is the combination of features from two previously identified families of malware, Gozi and Nymaim. Gozi was a widely distributed banking trojan with a known Domain Generation Algorithm (DGA) and also contained the ability to install a Master Boot Record (MBR) rootkit. Nymaim emerged in 2013 as malware which was used to deliver ransomware and was previously distributed by the Black Hole explo ...
ROPMEMU: The Framework to Analyze Complex Code-Reuse Attacks [Research]
EXECUTIVE SUMMARY: Attacks have grown more and more complex over the years. The evolution of the threat landscape has demonstrated this where adversaries have had to modify their tactics to bypass mitigations and compromise systems in response to better mitigations. Code-reuse attacks, such as return-oriented programming (ROP), are part of this evolution and currently present a challenge to defenders as it is an area of research that has not been studied in depth. Today, Talos releases ROPMEMU, ...

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar
Cybrary works best if you switch to our Android-friendly app

We recommend always using caution when following any link

Are you sure you want to continue?