Talos Takes

Talos’ spin on security news

Join Talos researchers and analysts as they address the top news and trends in cyber security. The rotating cast of hosts and guests will cover everything from breaking news, to attacker trends and emerging threats.

Subscribe
  • Talos Takes : Episode 57
    2021-06-17

    Talos Takes Ep. #57: What's in it for both sides of the ransomware-as-a-service model?

    How much is ransomware-as-a-service like a McDonald’s franchise? More similar than you’d think! The RaaS model has entered the mainstream over the past few months with groups such as DarkSide attacking the Colonial Pipeline.

    In these transactions, what’s in it for the original ransomware creator? And what do the operators themselves get out of it? Nick Biasini joins Jon Munshaw this week to talk about this business model, what it means for the rise in ransomware attacks, and how you can stay protected.

    Hosted By:
    Jon Munshaw
    Featuring:
    Nick Biasini@InfoSec_Nick
    Download
    Run Time: 5:28

    Keywords
    • ransomware
    • ransomware-as-a-service
    • OT
    • critical infrastructure

  • Talos Takes : Episode 56
    2021-06-11

    Talos Takes Ep. #56: The first security steps when returning to the office

    We started out the COVID-19 pandemic by thinking we’d be away from the office for a month — maybe two. More than 12 months later, we’re still here, working from home (at least part-time).

    But some businesses are starting to reopen now and welcoming workers back into the office. After so much time working out of the office, what should security professionals do once they get back? In this week’s episode, Beers with Talos’ own Craig Williams joins the show to talk about triple-checking for patches, changing passwords and more. Plus, how should you handle the new hybrid worker?

    Hosted By:
    Jon Munshaw
    Featuring:
    Craig Williams@security_craig
    Download
    Run Time: 10:52

    Keywords
    • work from home
    • COVID
    • patching

  • Talos Takes : Episode 55
    2021-05-28

    Talos Takes Ep. #55: What's next for Transparent Tribe?

    Asheer Malhotra from Talos Outreach has followed Transparent Tribe for years now. This APT has been all over the place using all sorts of trojans. So where my they go next? Asheer joins Talos Takes this week to discuss the malware this group deploys and how they use typo-squatted domains to lure victims in.

    Hosted By:
    Jon Munshaw
    Featuring:
    Asheer Malhotra@asheermalhotra
    Download
    Run Time: 8:28

    Keywords
    • malware
    • trojans
    • APTs
    • threats

  • Talos Takes : Episode 54
    2021-05-21

    Talos Takes Ep. #54: Incident response is really just the friends we made along the way

    Welcome to the unofficial incident response week at Talos! As part of the RSA Conference, we’ve released two new case studies detailing some malware cases Cisco Talos Incident Response helped resolve. Brad Garnett, this week’s guest, also released a new blog post where he wrote about why incident response is “the ultimate team sport.” Brad joins host Jon Munshaw this week to take a deeper dive into one of these engagements, in which an attacker tried to use Cobalt Strike to infect a target with ransomware (hint: this would have been really bad!) Brad talks about how the strong personal relationships CTIR built with the customer in question set everyone up for success.

    Hosted By:
    Jon Munshaw
    Featuring:
    Brad Garnett@brgarnett
    Download
    Run Time: 8:15

    Keywords
    • incident response
    • Cobalt Strike
    • ransomware

  • Talos Takes : Episode 53
    2021-05-14

    Talos Takes Ep. #53: What can we learn from those air fryer vulnerabilities?

    Everyone had jokes when it came to the vulnerabilities we recently disclosed in a WiFi-connected air fryer. But there are actually some lessons to take away from this, such as: “Not everything needs to be connected to the internet.” Joe Marshall joins the show this week to discuss all things “smart” appliances, how to protect your network and the repercussions of these specific air fryer vulnerabilities.

    Hosted By:
    Jon Munshaw
    Featuring:
    Joe Marshall@ImmortanJo3
    Download
    Run Time: 11:00

    Keywords
    • IoT
    • ICS
    • vulnerabilities
    • patching

  • Talos Takes : Episode 52
    2021-05-07

    Talos Takes Ep. #52: Why not a world passwordless day?

    To celebrate World Password Day this week, we’re talking about getting rid of passwords! Dave Lewis, a global advisory CISO for Cisco Secure, joins Jon to talk about all things passwordless. This is a new initiative Cisco Secure and Duo have undertaken to get network administrators to move away from using passwords in favor of other forms of authentication. Jon and Dave discuss why passwords can be dangerous, the benefits of going passwordless and how to convince longtime users to ditch traditional login credentials.

    Hosted By:
    Jon Munshaw
    Featuring:
    Dave Lewis@gattaca
    Download
    Run Time: 9:40

    Keywords
    • passwords
    • passwordless
    • MFA
    • Duo

  • Talos Takes : Episode 51
    2021-04-29

    Talos Takes Ep. #51: COVID and tax scams go hand-in-hand this year

    We can set our watches to tax scams every year in April. The bad guys are always looking to steal your information, promising to get you a bigger tax return or do your taxes for you. This year is a bit different because Tax Day is a bit later than usual thanks to — you guessed it — COVID. Attackers are now combining these two topics to create spam campaigns, promising to provide you new information about how COVID affects your taxes, or even promising to send you a gift in exchange for receiving your COVID vaccine. Jaeson Schultz makes his inaugural appearance on Talos Takes to discuss what he’s seeing in the wild and how you can avoid these common scams.

    Hosted By:
    Jon Munshaw
    Featuring:
    Jaeson Schultz@jaesonschultz
    Download
    Run Time: 13:18

    Keywords
    • scams
    • spam
    • COVID
    • tax day
    • email

  • Talos Takes : Episode 50
    2021-04-23

    Talos Takes Ep. #50: Attackers are using Discord just as much as you are

    Cisco Talos recently discovered a wave of attackers spreading malware via collaboration apps like Discord and Slack. On this week’s episode of Talos Takes, Nick Biasini joins the show to bring us inside his research process for this post and discuss why these attacks have been so successful. Jon brings up his Dungeons & Dragons group, too, if you’re interested in that sort of thing.

    Hosted By:
    Jon Munshaw
    Featuring:
    Nick Biasini@InfoSec_Nick
    Download
    Run Time: 7:18

    Keywords
    • malware
    • Discord
    • spam

  • Talos Takes : Episode 49
    2021-04-16

    Talos Takes Ep. #49: LodaRAT's connection to Android devices

    Chris Neal from Talos Outreach has followed LodaRAT for years now. It’s gone from a fairly small threat to a full-on malware with several features that target all sorts of Android devices. Chris joins the show this week to discuss his history of researching LodaRAT and updates us on its latest TTPs. Find out how this trojan tries to trick users into downloading it on their phones and how it hunts for your banking information.

    Hosted By:
    Jon Munshaw
    Featuring:
    Chris Neal
    Download
    Run Time: 6:05

    Keywords
    • malware
    • trojans
    • banking trojan
    • mobile malware
    • LodaRAT

  • Talos Takes : Episode 48
    2021-04-09

    Talos Takes Ep. #48: The history of ObliqueRAT

    After researching and writing about ObliqueRAT for several months now, Asheer Malhotra joins Talos Takes for the first time to discuss this trojan. We’ve seen this malware evolve over the past year or so to ad new evasion techniques and find ways to avoid email filters and usual antivirus protections. Asheer talks about his history researching this malware and provides some advice on how to avoid email spam and the other maldocs these actors try to spread.

    Hosted By:
    Jon Munshaw
    Featuring:
    Asheer Malhotra@asheermalhotra
    Download
    Run Time: 7:54

    Keywords
    • ObliqueRAT
    • malware
    • trojans
    • spam

  • Talos Takes : Episode 47
    2021-04-02

    Talos Takes Ep. #47: Masslogger

    On this week’s episode of Talos Takes, we go back a month or so to reflect on the Masslogger trojan Talos wrote about earlier this year. This malware may not make national headlines, but that doesn’t mean you should just ignore it. Find out where this trojan is hiding and why it’s after your Outlook and Google Chrome login credentials.

    Hosted By:
    Jon Munshaw
    Featuring:
    Nick Biasini@InfoSec_Nick
    Download
    Run Time: 4:52

    Keywords
    • trojan
    • Masslogger
    • malware
    • Threats

  • Talos Takes : Episode 46
    2021-03-26

    Talos Takes Ep. #46 (XL Edition): Snort 3 roundtable discussion

    We’ve got another special XL episode this week, this time about Snort 3. This roundtable covers everything you could know about Snort 3’s life, going back as far as its inception in the early 2010s. We even went out of our way to get Marty Roesch, the creator of Snort.

    Marty, along with our other panelists, discusses the origins of Snort 3, what benefits you can gain by upgrading and what other features you can expect to see in the future.

    Hosted By:
    Joel Esler@JoelEsler
    Featuring:
    Sean Baird
    Download
    Run Time: 53:13

    Keywords
    • Snort
    • Snort 3

  • Talos Takes : Episode 45
    2021-03-19

    Talos Takes Ep. #45: Finding an alternative to SMS multi-factor authentication

    It was only a matter of time before we had Wendy Nather from Cisco Secure Duo on the show. We finally met Beers with Talos’ level of stardom, as Wendy joins the show to discuss SMS messages as a form of multi-factor authentication. We break down why SMS authentication is still around and used by some of our most important services like banks, and what alternatives are out there. We also discuss the dangers of SIM-jacking attacks and the benefits of using Duo’s app-based authentication.

    Hosted By:
    Jon Munshaw
    Featuring:
    Wendy Nather@wendynather
    Download
    Run Time: 8:30

    Keywords
    • MFA
    • SMS
    • 2FA
    • passwords

  • Talos Takes : Episode 44
    2021-03-12

    Talos Takes Ep. #44: A super-sized edition for a roundtable discussion on SolarWinds

    Welcome to the first-ever XL edition of Talos Takes. This one is a little longer than usual, but we promise you it’s worth it. We recently brought together researchers from all corners of Talos to talk about what we know about SolarWinds so far, and what’s still to be discovered. Our various teams have spent the past several months diving deep into the SolarWinds supply chain attack, and this is a collection of Talos’ knowledge on the current situation. Talking points include whether it’s fair to refer to this campaign as “SolarWinds,” what other initial infection vectors there may be, the breadth of the attack and more boots-on-the-ground intelligence. If you want to watch the video version, head to our YouTube page.

    Hosted By:
    Jon Munshaw
    Featuring:
    Nick Biasini@InfoSec_Nick, Joe Marshall@ImmortanJo3, and Pierre Cadieux@pchobbit
    Download
    Run Time: 34:49

    Keywords
    • SolarWinds
    • Incident Response
    • supply chain
    • news
    • Headlines

  • Talos Takes : Episode 43
    2021-03-05

    Talos Takes Ep. #43: Microsoft Exchange Server emergency show

    We put this week’s Talos Takes episode together last minute to discuss the Microsoft Exchange Server zero-day vulnerabilities Microsoft disclosed earlier this week. Nick Biasini joins the show to discuss mitigation strategies and what these vulnerabilities mean for your environment at-large. Plus, we discuss why this is another case of patching above all else. For more coverage on this topic, check out the Talos blog.

    Hosted By:
    Jon Munshaw
    Featuring:
    Nick Biasini@InfoSec_Nick
    Download
    Run Time: 5:30

    Keywords
    • Microsoft
    • Exchange
    • vulnerabilities
    • CVEs
    • zero-day