Follow Talos on their other social channels!
About Us
Company Size:
10001+ employees
Company Type:
Talos is the industry-leading threat intelligence organization. We detect and correlate threats in real time using the largest threat detection network in the world to protect against known and emerging cyber security threats to better protect your organization.
Read more
Promoted Content
Listen to the New Beers with Talos Podcast
Poisoning the Well: Banking Trojan Targets Google Search Results
This blog post was authored by Edmund Brumaghin, Earl Carter and Emmanuel Tacheau. Summary It has become common for users to use Google to find information that they do not know. In a quick Google search you can find practically anything you need to know. Links returned by a Google search, however, are not guaranteed to be safe. In this situation, the threat actors decided to take advantage of this behavior by using Search Engine Optimization (SEO) to make their malicious links more preval ...
“Cyber Conflict” Decoy Document Used In Real Cyber Conflict
This post was authored by Warren Mercer, Paul Rascagneres and Vitor VenturaUpdate 10/23: CCDCOE released a statement today on their websiteINTRODUCTIONCisco Talos discovered a new malicious campaign from the well known actor Group 74 (aka Tsar Team, Sofacy, APT28, Fancy Bear…). Ironically the decoy document is a deceptive flyer relating to the Cyber Conflict U.S. conference. CyCon US is a collaborative effort between the Army Cyber Institute at the United Sta ...
Vulnerability Spotlight: Apache OpenOffice Vulnerabilities
Discovered by Marcin ‘Icewall’ Noga of Cisco Talos Overview Today, Talos is releasing details of three new vulnerabilities discovered within Apache OpenOffice application. The first vulnerability, TALOS-2017-0295 within OpenOffice Writer, the second TALOS-2017-0300 in the Draw application, and the third TALOS-2017-0301 discovered in the Writer application. All three vulnerabilities allow arbitrary code execution to be performed. TALOS-2017-0295 - Apache OpenOffice Remote Code Execution ...
Disassembler and Runtime Analysis
This post was authored by Paul Rascagneres. Introduction In the CCleaner 64bit stage 2 previously described in our blog, we explained that the attacker modified a legitimate executable that is part of "Symantec Endpoint". This file is named EFACli64.dll. The modification is performed in the runtime code included by the compiler, more precisely in the __security_init_cookie() function. The attacker modified the last instruction to jump to the malicious code. The well-known IDA Pro disassembler ...
Vulnerability Spotlight: Multiple Vulnerabilities in Computerinsel Photoline
These vulnerabilities were discovered by Piotr Bania of Cisco Talos. Today, Talos is releasing details of multiple vulnerabilities discovered within the Computerinsel GmbH PhotoLine image processing software. PhotoLine, developed by Computerinsel GmbH, is a well established raster and vector graphics editor for Windows and Mac OS X that can also be used for desktop publishing. TALOS-2017-0387 (CVE-2017-2880). TALOS-2017-0427 (CVE-2017-2920) and TALOS-2017-0458 (CVE-2017-12106) may allow an ...
CCleanup: A Vast Number of Machines at Risk
Monday, September 18, 2017This post was authored by: Edmund Brumaghin, Ross Gibb, Warren Mercer, Matthew Molyett, and Craig WilliamsUpdate 9/18: CCleaner Cloud version 1.07.3191 is also reported to be affectedUpdate 9/19: This issue was discovered and reported by both Morphisec and Cisco in separate in-field cases and reported separately to Avast.Update 9/19: There has been some confusion on how the DGA domains resolve.The fallback ...
Back to Basics: Worm Defense in the Ransomware Age
Read the whole blog here. This post was authored by Edmund Brumaghin "Those who cannot remember the past are condemned to repeat it." - George Santayana The Prequel In March 2017, Microsoft released a security update for various versions of Windows, which addressed a remote code execution vulnerability affecting a protocol called SMBv1 (MS17-010). As this vulnerability could allow a remote attacker to completely compromise an affected system, the vulnerability was rated "Critical" with o ...
New Talos Webinar: Exploring Email: The #1 Threat Vector
Adversaries rely on email to execute their malicious campaigns, and no one understands their tactics better than the threat researchers at Talos. Analyzing more than 500 billion emails per day, Talos has unparalleled insight into the latest email security attack strategies. Join our latest webinar to hear their findings on the top email threats. Register NowAugust 31st at 10 am PT
New Blog Post From Talos: New Ransomware Variant Compromises Systems Worldwide
Talos has published a new blog in response to the ransomware outbreak that has affected multiple organizations in several countries. Please note that this blog post discusses active research by Talos into a new threat. This information should be considered preliminary with updates forth coming as new information becomes available. ---Today a new malware variant has surfaced. Our current research leads us to believe that the sample leverages EternalBlue and WMI for lateral movement inside an ...
Beers with Talos Podcast Now Available
The first episodes of Beers with Talos are now available on iTunes and directly on talosintelligence.com/podcasts.When Talos decided to make a threat intelligence podcast, we wanted to make it different than your typical buttoned down, subdued security podcast. The BWT crew: Craig, Joel, Nigel, and Mitch, decided to do that by making a podcast that is a lot like the discussions that you would have after work with colleagues - if your colleagues were both ridiculously opinionated and hyper-focuse ...

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play

Support Cybrary

Donate Here to Get This Month's Donor Badge



Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?