Threats, Beers, and No Silver Bullets. Listen to Talos security experts as they bring their hot takes on current security topics and Talos research to the table. Along the way, Mitch, Matt and a rotating chair of special guests will talk about anything (and we mean anything) that's on their minds, from the latest YouTube trends to Olympic curling etiquette. New episodes every other Thursday.
…
continue reading
Every week, host Hazel Burton brings on a new guest from Talos or the broader Cisco Security world to break down a complicated security topic. We cover everything from breaking news to attacker trends and emerging threats.
…
continue reading
1
It's the 35th anniversary of ransomware - let's talk about the major shifts and changes
23:28
23:28
Spill senere
Spill senere
Lister
Lik
Likt
23:28
Ransomware is 35 years old this month, which isn't exactly something to celebrate. But in any case, do join Hazel and special guest Martin Lee to discuss what happened in the very first ransomware incident in December 1989 and why IT "wasn't ready". They then discuss how ransomware evolved to become the criminal entity it is today, which involves l…
…
continue reading
1
Misadventures, Rabbit Holes, and Turkey Lurkey Goes to the Movies
47:52
47:52
Spill senere
Spill senere
Lister
Lik
Likt
47:52
With Mitch, Matt and Lurene currently stuck in the void, the Beers with Talos B team duly elect themselves to reopen the sacred BWT airwaves with their own brand of nonsense. Hazel, Joe, Bill and Dave each share the security rabbit hole they went down this week - from analyst in-jokes about AI, oligarchs and bad actors refusing to learn good op sec…
…
continue reading
1
Unwrapping the emerging Interlock ransomware attack
15:02
15:02
Spill senere
Spill senere
Lister
Lik
Likt
15:02
Chetan Raghuprasad is our guest today as he breaks down the relatively new Interlock ransomware attack. Cisco Talos Incident Response recently observed this attacker conducting big-game hunting and double extortion attacks. Chetan talks about the initial access tactics, deployment of the ransomware encryptor, and how Interlock communicates with its…
…
continue reading
1
It's Taplunk! Talos and Splunk threat researchers meet to put the security world to rights
50:38
50:38
Spill senere
Spill senere
Lister
Lik
Likt
50:38
What happens when two sets of threat researchers from Talos and Splunk's SURGe team meet? Aside from some highly controversial opinions and omissions about the best horror movie, the team discuss what security trends are FUD, and what's actually fearful/ most challenging at the moment. Also, what is the security industry not aware of enough, and al…
…
continue reading
1
The biggest takeaways from Talos IR's new report: New ransomware variants, EDR tool uninstallation, and password spray attacks increasing
15:26
15:26
Spill senere
Spill senere
Lister
Lik
Likt
15:26
The Talos IR Quarterly Trends Q3 2024 is out now! In this episode Hazel Burton, Craig Jackson and Bill Largent discuss three big themes: some new ransomware players, the 'Bring Your Own Vulnerable Driver' trend, and why password spray attacks are making a comeback. Check out the full report at https://blog.talosintelligence.com/incident-response-tr…
…
continue reading
1
How Talos IR and Splunk are teaming up
21:21
21:21
Spill senere
Spill senere
Lister
Lik
Likt
21:21
Hazel Burton steps in as guest host this week to talk to Brad Garnett, the head of Cisco Talos Incident Response, and JK Lialias, the head of cybersecurity product marketing for Splunk. Brad and JK share two exciting in which Talos is being incorporated into Splunk now, and what that means for the ways we can keep users more secure. They also talk …
…
continue reading
1
Why the BlackByte ransomware group may be more active than we initially thought
9:21
9:21
Spill senere
Spill senere
Lister
Lik
Likt
9:21
James Nutland from Talos' Threat Intelligence team joins the show this week to talk to Jon about his report on the BlackByte ransomware group. They cover why this group is actually more active than we initially thought, and check on the general state of ransomware at this point in 2024.Av Cisco Talos
…
continue reading
1
AI, critical infrastructure dominate conversation at Hacker Summer Camp
14:07
14:07
Spill senere
Spill senere
Lister
Lik
Likt
14:07
It's quite the gang for Talos Takes this week with Joe Marshall, Nick Biasini and Mick Baccio (from Splunk's SURGe team) joining Jon this week to recap Black Hat and DEF CON. They share all the conversations and talking points they heard around AI, and the renewed importance of a software bill of goods for industrial control system environments.…
…
continue reading
1
A 1-on-1 with Talos VP Matt Watchinski
30:04
30:04
Spill senere
Spill senere
Lister
Lik
Likt
30:04
He's been here since the beginning, and now he's ready to reflect on the past 10 years of Cisco Talos. Matt Watchinski, the Vice President of Talos for Cisco, joins Jon this week to talk about Talos' recently celebrated 10th birthday and talk about the company's origins, how we've managed to balance growth and culture, and his favorite memories fro…
…
continue reading
1
What should we be doing to better support open-source software?
11:03
11:03
Spill senere
Spill senere
Lister
Lik
Likt
11:03
People who maintain, create and update open-source software are the unsung heroes of the internet. Their work keeps much of our networks running on a daily basis, and the vast majority of them do it for free! While there are some security pitfalls that can come with using OS software, Martin Lee and Jon get together to discuss what (if anything) we…
…
continue reading
It's been a while huh? Apologies for our absence, but the team are back with a run through of everything we've got going on at Black Hat - from our 10 year birthday celebrations, the interesting lightning talks in our booth, and Joe Marshall's "Backdoors and Breaches" game. Come and visit us at Cisco Booth 1732 and Splunk Booth 1940. Before that, M…
…
continue reading
1
Threat actor trends and the most prevalent malware from the past quarter
15:57
15:57
Spill senere
Spill senere
Lister
Lik
Likt
15:57
Hazel Burton guest hosts this week to recap the top threats observed by Cisco Talos Incident Response (Talos IR) in the second quarter of 2024. She’s then joined by Talos’ Joe Marshall and Craig Jackson to pick out some of the most interesting stories from the report.Av Cisco Talos
…
continue reading
1
You got a data breach notification. Now what?
22:03
22:03
Spill senere
Spill senere
Lister
Lik
Likt
22:03
Joe Marshall, Talos' resident ICS and IoT expert, and Pierre Cadieux from Talos Incident Response join Jon this week to discuss data breaches. Between Snowflake, AT&T, Ticketmaster and more, we should probably assume our data has been part of a leak somewhere. So what steps should you take to prepare for this inevitability? Or what should you do wh…
…
continue reading
1
What we learned from studying the TTPs of the 14 most active ransomware groups
8:15
8:15
Spill senere
Spill senere
Lister
Lik
Likt
8:15
Fresh off an analysis of the 14 most active ransomware groups, James Nutland joins Jon this week to discuss his findings. They talk about the most common TTPs shared among these groups, and the potential outliers among these gangs and how they try to infect victims. For more on this topic, watch the inaugural episode of "The Talos Threat Perspectiv…
…
continue reading
1
Time to catch up on the wide-reaching Snowflake incident
16:57
16:57
Spill senere
Spill senere
Lister
Lik
Likt
16:57
Over 160 companies have been affected by a data breach at data storage company Snowflake, including Ticketmaster, Nieman Marcus and more. But the issue wasn't a security vulnerability or some sophisticated malware — it was just someone who exposed their login credentials at a different company. Host Jon Munshaw got Pierre Cadieux from Talos IR and …
…
continue reading
1
Everything we know about denial-of-service attacks in 2024
10:10
10:10
Spill senere
Spill senere
Lister
Lik
Likt
10:10
You may think a DDoS attack is so early aughts. But some of the largest attacks of this type have occurred in just the past few years. Talos recently updated our advice for how to best mitigate and prepare for this threat, so Aliza Johnson from Talos' Threat Intelligence & Interdiction team joins the show this week to discuss her recent findings an…
…
continue reading
Anna Bennett, one of Talos' threat hunters, joins the show this week to talk about one of her recent findings — the LilacSquid APT. This is a newly discovered threat actor that Talos found hiding on networks for months and years at a time, silently stealing sensitive information the entire time. Anna discusses LilacSquid's activities, potential mot…
…
continue reading
The Volt Typhoon threat actor is one of the longest-running cybersecurity storylines this year. The Chinese state-sponsored actor has already been accused of a range of attacks, specifically targeting critical infrastructure and U.S. military bases. Since it's been a few months without any new developments with this group, we thought it'd be a good…
…
continue reading
1
How much has AI helped bad actors who spread disinformation?
19:20
19:20
Spill senere
Spill senere
Lister
Lik
Likt
19:20
Inspired by his quotes in a recent CNBC article, Jon Munshaw wanted to have Martin Lee on the show this week to discuss AI and how adversaries can use these tools to create deepfakes and disinformation. Martin shares why he thinks the threats of increasing fake news with the advent of AI tools are a bit overblown, and how the dangers in spreading f…
…
continue reading
Nicole Hoffman, fresh off her trip to the RSA Conference, joins host Jon Munshaw this week to talk about her major takeaways from the week in San Francisco. Nicole talks about how most of the discussions on the floor centered around AI, and what lessons other defenders are learning from some of our past mistakes. If you'd like to check out Nicole's…
…
continue reading
1
Why CoralRaider is looking to steal your login credentials
6:45
6:45
Spill senere
Spill senere
Lister
Lik
Likt
6:45
Joey Chen from Talos' Outreach team is here to tell us all about his research into the CoralRaider threat actor. He's helped write two posts on the recently discovered APT, disclosing new information about how this Vietnamese-based actor is targeting login credentials. After stealing those credentials, they go on to try and sell them on the dark we…
…
continue reading
1
4 takeaways from what Talos IR is seeing in the field
14:15
14:15
Spill senere
Spill senere
Lister
Lik
Likt
14:15
Hazel Burton steps in to host this week's episode as we cover the recent Cisco Talos Incident Response Quarterly Trends Report from the first quarter of this year. Hazel talks to different Talosians to find out why business email compromise is on the rise, how attackers are bypassing MFA, and more.Av Cisco Talos
…
continue reading
1
How to defend against brute force attacks
7:30
7:30
Spill senere
Spill senere
Lister
Lik
Likt
7:30
After a recent spike in brute force attempts targeting SSH and VPN services, we felt it was a good time to give listeners a lesson on brute force attacks. Nick Biasini joins host Jon Munshaw this week to discuss the basics of these methods, how administrators can protect their accounts, and other potential defense mechanisms (or whether to just tak…
…
continue reading
1
What are the dangers of enabling sideloading and third-party apps?
10:24
10:24
Spill senere
Spill senere
Lister
Lik
Likt
10:24
Apple now must allow users to be able to sideload apps onto their phones or access third-party app stores, thanks to a law from the European Union that went into effect earlier this year. Terryn Valikodath from Cisco Talos Incident Response joins Jon this week to discuss the potential dangers that come with allowing users to sideload apps onto thei…
…
continue reading
1
Why we need to stop calling as-a-service group takedowns "takedowns"
12:20
12:20
Spill senere
Spill senere
Lister
Lik
Likt
12:20
Hazel Burton and Thorsten Rosendahl join Jon Munshaw on this week's episode to discuss the problem with threat actor "hydras." They recently wrote about the topic for the Talos blog, highlighting how law enforcement takedowns of these groups are closer to just disruptions or setbacks for these massive actors. They talk about what really needs to be…
…
continue reading
Power grid security expert Joe Marshall joins the crew today to talk all things, well, power grid security. But not before he gets an impromptu pop quiz from Matt in the roundtable. Joe then tells some stories from his days working in electric utility, deploying new systems and his experiences with pentesting teams ("Wow, y'all need to stop!"). Plu…
…
continue reading
1
Turla has been around for 20-plus years at this point, but they're still mixing things up
9:04
9:04
Spill senere
Spill senere
Lister
Lik
Likt
9:04
Holger Unterbrink of Talos Outreach joins the show this week to discuss his recent Turla APT research. This Russian state-sponsored actor has been around for years but is regularly adding new tooling to its arsenal. Holger has new details about their latest tool, TinyTurlaNG, and insight into the types of organizations they're targeting.…
…
continue reading
1
Why more actors are starting to use Telegram for their communications
10:25
10:25
Spill senere
Spill senere
Lister
Lik
Likt
10:25
Jon started noticing that Talos is finding more threat actors using Telegram nowadays for their communication and coordination, so he decided to bring Azim Khodjibaev on to ask him if he was just inventing this, or if it was a real trend. Turns out it's a real trend! Azim fills listeners in on why Telegram is becoming the app of choice for APTs to …
…
continue reading
Matt, Mitch and Lurene discuss if the internet is better or worse today than it was 20 years ago. This leads them to discuss their various career paths, with Lurene talking about how she got into vulnerability exploitation and how Matt got into threat intelligence. And why neither of those paths would be recommended today. Lurene and Matt then clas…
…
continue reading
1
Why no one should be relying on passive security in 2024
8:17
8:17
Spill senere
Spill senere
Lister
Lik
Likt
8:17
Nick Biasini joins Jon this week to talk about passive security. He recently wrote about this topic for the Talos blog and joined Wendy Nather in discussing the merits of passive security versus active blocking. Nick defines what passive security is, exactly, and why it's not the way to go in the modern age.…
…
continue reading
1
What's new about GhostSec's ransomware-as-a-service model
12:06
12:06
Spill senere
Spill senere
Lister
Lik
Likt
12:06
Chetan Raghuprasad from the Talos Outreach team joins Talos Takes this week to talk to Jon about the GhostSec threat actor that he and a few colleagues wrote about for the Talos blog. GhostSec has teamed up with another ransomware group to carry out double extortion attacks all over the globe, with increasing frequency over the past year. They disc…
…
continue reading
1
Why are "identity attacks" on the rise?
11:29
11:29
Spill senere
Spill senere
Lister
Lik
Likt
11:29
Now more than ever, adversaries are logging in, not breaking in. They're stealing legitimate user credentials to hide undetected on a targeted network after acquiring said credentials in a variety of ways. Hazel Burton joins Jon Munshaw this week to discuss identity attacks, recommendations for avoiding them, and how QR code phishing plays into the…
…
continue reading
Gergana Karadzhova-Dangela and Thorsten Rosendahl, our resident experts on all things European Union cybersecurity law, join the show this week to talk about the impending NIS2 regulations. Don't worry, you've still got plenty of time to work on them, but this is a good place to get started even if you've never seen the phrase "NIS2" before. Find m…
…
continue reading
You will no doubt have seen the advisories published over the last few weeks concerning Volt Typhoon's malicious activities. In this episode, JJ Cummings joins the crew to discuss the background to this threat actor, their impact on the threat landscape, and the covertly strategic (and specific) nature of their operations. The team also discusses t…
…
continue reading
1
Case study: How Talos IR helped a healthcare tech company avoid a ransomware attack
49:20
49:20
Spill senere
Spill senere
Lister
Lik
Likt
49:20
Reposted from the Cisco Security Stories feed: Meet Jeremy Maxwell, CISO of Veradigm, a healthcare IT company. Jeremy discusses how his organization proactively prepares for cybersecurity incidents within a highly regulated industry.Av Cisco Talos
…
continue reading
Matt, Mitch and Lurene sit down to discuss “random stuff from Reddit” (don’t be put off – they’re all genuinely interesting security questions!). Topics range from password managers and how password security guidance has become outdated, how to ‘self-learn’ in cybersecurity, and thoughtful approaches towards security incidents. Before that, the tea…
…
continue reading
1
How are attackers using malicious drivers in Windows to stay undetected?
11:36
11:36
Spill senere
Spill senere
Lister
Lik
Likt
11:36
Chris Neal from Talos Outreach joins the show today to talk about his research into the ways adversaries are using malicious drivers on Windows to spread malware. He recently launched a new series on the Talos blog about the basics of drivers and how security researchers can reverse engineer them to learn more about attacker TTPs and develop new de…
…
continue reading
1
(XL Edition): Talos IR recaps the top threats of Q4 2023
17:18
17:18
Spill senere
Spill senere
Lister
Lik
Likt
17:18
This week, we're bringing you the audio version of our recent Talos IR On Air video. Several Talos incident responders got together to recap the top threats and attacker trends of Q4 2023, as outlined in our full Quarterly Trends Report. Hear about why ransomware was up for the first time the entire year, and which sectors were being targeted most …
…
continue reading
1
What's new with CVSS 4.0, and does it really change anything?
9:29
9:29
Spill senere
Spill senere
Lister
Lik
Likt
9:29
We're talking about vulnerabilities this week with Jerry Gamblin from Cisco Vulnerability Management. Jerry joins the show to talk about the release of CVSS 4.0 this year — the newest method the security community will use to score the severity of certain vulnerabilities. Jerry discusses what makes this scoring system different from previous iterat…
…
continue reading
1
XL Edition: Talos' 2023 Year in Review
34:51
34:51
Spill senere
Spill senere
Lister
Lik
Likt
34:51
In this special edition of the show, we're bringing you the audio version of our Year in Review livestream. Recorded at the end of December, this stream included Hazel Burton, Nick Biasini and Laurie Varner from Cisco Talos Incident Response recapping the year that was in cybersecurity. They covered the highlights of our 2023 Year in Review report,…
…
continue reading
1
Year in Review: Why are attackers targeting the telecommunications sector so often?
7:30
7:30
Spill senere
Spill senere
Lister
Lik
Likt
7:30
We're back from holiday break with the first new Talos Takes episode of 2024! We're continuing our dive into Talos' Year in Review report with Lexi DiSchola, one of the many researchers who helped put this report together. She discusses why we believe the telecommunications sector was the most-targeted industry in 2023, advice for companies in that…
…
continue reading
1
Talos Speed Dating (the episode we never set out to make but did anyway)
1:08:28
1:08:28
Spill senere
Spill senere
Lister
Lik
Likt
1:08:28
Mitch, Matt and Lurene were almost about to be in the same physical space at the same time to record an episode, and then Lurene couldn't make it...so we made this instead! Mitch is joined by Azim Khodjibaev from the Talos Threat Intelligence and Interdiction team to rapid-fire interview a bunch of Talos employees who happened to be around the Mary…
…
continue reading
1
Year in Review: Why was 2023 the year of data theft extortion?
9:19
9:19
Spill senere
Spill senere
Lister
Lik
Likt
9:19
Jon apologizes for how he sounds in this episode, he was having mic troubles we discovered only during post-production. But outside of that, we continue the series of episodes recapping 2023 with our Year in Review report. This week, Aliza Johnson from the Talos Threat Intelligence & Interdiction team comes on the show to talk about data theft exto…
…
continue reading