Talos Takes
184 episodes - English - Latest episode: 15 days ago -Every week, host Jon Munshaw brings on a new guest from Talos or the broader Cisco Secure world to break down a complicated security topic in just five or 10 minutes. We cover everything from breaking news to attacker trends and emerging threats.
Homepage Google Podcasts Overcast Castro Pocket Casts RSS feed
Episodes
Recapping RSA
May 17, 2024 08:00 - 12 minutes - 8.48 MBNicole Hoffman, fresh off her trip to the RSA Conference, joins host Jon Munshaw this week to talk about her major takeaways from the week in San Francisco. Nicole talks about how most of the discussions on the floor centered around AI, and what lessons other defenders are learning from some of our past mistakes. If you'd like to check out Nicole's other work, buy her children's cybersecurity books on Amazon.
Why CoralRaider is looking to steal your login credentials
May 10, 2024 08:00 - 6 minutes - 4.71 MBJoey Chen from Talos' Outreach team is here to tell us all about his research into the CoralRaider threat actor. He's helped write two posts on the recently discovered APT, disclosing new information about how this Vietnamese-based actor is targeting login credentials. After stealing those credentials, they go on to try and sell them on the dark web, or use them to try and brute force their way into more important accounts. Joey discusses what this actor is really after, and why they've been...
4 takeaways from what Talos IR is seeing in the field
May 03, 2024 08:00 - 14 minutes - 9.85 MBHazel Burton steps in to host this week's episode as we cover the recent Cisco Talos Incident Response Quarterly Trends Report from the first quarter of this year. Hazel talks to different Talosians to find out why business email compromise is on the rise, how attackers are bypassing MFA, and more.
How to defend against brute force attacks
April 26, 2024 08:00 - 7 minutes - 5.22 MBAfter a recent spike in brute force attempts targeting SSH and VPN services, we felt it was a good time to give listeners a lesson on brute force attacks. Nick Biasini joins host Jon Munshaw this week to discuss the basics of these methods, how administrators can protect their accounts, and other potential defense mechanisms (or whether to just take passwords out of the equation entirely).
What are the dangers of enabling sideloading and third-party apps?
April 19, 2024 08:00 - 10 minutes - 7.21 MBApple now must allow users to be able to sideload apps onto their phones or access third-party app stores, thanks to a law from the European Union that went into effect earlier this year. Terryn Valikodath from Cisco Talos Incident Response joins Jon this week to discuss the potential dangers that come with allowing users to sideload apps onto their devices, and how attackers may take advantage of this new opening.
Why we need to stop calling as-a-service group takedowns "takedowns"
April 12, 2024 08:00 - 12 minutes - 8.53 MBHazel Burton and Thorsten Rosendahl join Jon Munshaw on this week's episode to discuss the problem with threat actor "hydras." They recently wrote about the topic for the Talos blog, highlighting how law enforcement takedowns of these groups are closer to just disruptions or setbacks for these massive actors. They talk about what really needs to be done to stop ransomware actors and why RaaS is a breeding ground for "hydras."
Turla has been around for 20-plus years at this point, but they're still mixing things up
April 05, 2024 08:00 - 9 minutes - 6.3 MBHolger Unterbrink of Talos Outreach joins the show this week to discuss his recent Turla APT research. This Russian state-sponsored actor has been around for years but is regularly adding new tooling to its arsenal. Holger has new details about their latest tool, TinyTurlaNG, and insight into the types of organizations they're targeting.
Why more actors are starting to use Telegram for their communications
March 22, 2024 08:00 - 10 minutes - 7.23 MBJon started noticing that Talos is finding more threat actors using Telegram nowadays for their communication and coordination, so he decided to bring Azim Khodjibaev on to ask him if he was just inventing this, or if it was a real trend. Turns out it's a real trend! Azim fills listeners in on why Telegram is becoming the app of choice for APTs to publish "news," threaten data leaks, and more.
Why no one should be relying on passive security in 2024
March 15, 2024 08:00 - 8 minutes - 5.76 MBNick Biasini joins Jon this week to talk about passive security. He recently wrote about this topic for the Talos blog and joined Wendy Nather in discussing the merits of passive security versus active blocking. Nick defines what passive security is, exactly, and why it's not the way to go in the modern age.
What's new about GhostSec's ransomware-as-a-service model
March 08, 2024 09:00 - 12 minutes - 8.39 MBChetan Raghuprasad from the Talos Outreach team joins Talos Takes this week to talk to Jon about the GhostSec threat actor that he and a few colleagues wrote about for the Talos blog. GhostSec has teamed up with another ransomware group to carry out double extortion attacks all over the globe, with increasing frequency over the past year. They discuss what's unique about this particular RaaS model, where GhostSec came from, and the benefits of going in on a team-up.
Why are "identity attacks" on the rise?
March 01, 2024 09:00 - 11 minutes - 7.96 MBNow more than ever, adversaries are logging in, not breaking in. They're stealing legitimate user credentials to hide undetected on a targeted network after acquiring said credentials in a variety of ways. Hazel Burton joins Jon Munshaw this week to discuss identity attacks, recommendations for avoiding them, and how QR code phishing plays into these tactics.
The tl;dr of NIS2
February 23, 2024 09:00 - 14 minutes - 9.75 MBGergana Karadzhova-Dangela and Thorsten Rosendahl, our resident experts on all things European Union cybersecurity law, join the show this week to talk about the impending NIS2 regulations. Don't worry, you've still got plenty of time to work on them, but this is a good place to get started even if you've never seen the phrase "NIS2" before. Find more of their writing on NIS2 here and here.
Case study: How Talos IR helped a healthcare tech company avoid a ransomware attack
February 16, 2024 14:00 - 49 minutes - 34 MBReposted from the Cisco Security Stories feed: Meet Jeremy Maxwell, CISO of Veradigm, a healthcare IT company. Jeremy discusses how his organization proactively prepares for cybersecurity incidents within a highly regulated industry.
How are attackers using malicious drivers in Windows to stay undetected?
February 02, 2024 09:00 - 11 minutes - 8.04 MBChris Neal from Talos Outreach joins the show today to talk about his research into the ways adversaries are using malicious drivers on Windows to spread malware. He recently launched a new series on the Talos blog about the basics of drivers and how security researchers can reverse engineer them to learn more about attacker TTPs and develop new detection content. Chris discusses when he first spotted this type of attack, what advantages it presents for the attacker and the other aspects of ...
(XL Edition): Talos IR recaps the top threats of Q4 2023
January 26, 2024 09:00 - 17 minutes - 12 MBThis week, we're bringing you the audio version of our recent Talos IR On Air video. Several Talos incident responders got together to recap the top threats and attacker trends of Q4 2023, as outlined in our full Quarterly Trends Report. Hear about why ransomware was up for the first time the entire year, and which sectors were being targeted most often.
What's new with CVSS 4.0, and does it really change anything?
January 19, 2024 09:00 - 9 minutes - 6.59 MBWe're talking about vulnerabilities this week with Jerry Gamblin from Cisco Vulnerability Management. Jerry joins the show to talk about the release of CVSS 4.0 this year — the newest method the security community will use to score the severity of certain vulnerabilities. Jerry discusses what makes this scoring system different from previous iterations if it changes how he views the term "severe" and how that fits into Cisco's overall vulnerability management processes.
XL Edition: Talos' 2023 Year in Review
January 12, 2024 08:00 - 34 minutes - 24 MBIn this special edition of the show, we're bringing you the audio version of our Year in Review livestream. Recorded at the end of December, this stream included Hazel Burton, Nick Biasini and Laurie Varner from Cisco Talos Incident Response recapping the year that was in cybersecurity. They covered the highlights of our 2023 Year in Review report, their personal takeaways from the past year, and trends to watch for heading into the new year.
Year in Review: Why are attackers targeting the telecommunications sector so often?
January 05, 2024 09:00 - 7 minutes - 5.22 MBWe're back from holiday break with the first new Talos Takes episode of 2024! We're continuing our dive into Talos' Year in Review report with Lexi DiSchola, one of the many researchers who helped put this report together. She discusses why we believe the telecommunications sector was the most-targeted industry in 2023, advice for companies in that space, and other popular targets for attackers.
Year in Review: Why was 2023 the year of data theft extortion?
December 15, 2023 09:00 - 9 minutes - 6.47 MBJon apologizes for how he sounds in this episode, he was having mic troubles we discovered only during post-production. But outside of that, we continue the series of episodes recapping 2023 with our Year in Review report. This week, Aliza Johnson from the Talos Threat Intelligence & Interdiction team comes on the show to talk about data theft extortion. She shares why her team saw such a spike in this type of activity in 2023, what can be done to stop it, and which ransomware actors are piv...
2023 Year in Review: Everything you need to know about Chinese state-sponsored actors
December 08, 2023 09:00 - 8 minutes - 5.57 MBTo celebrate the launch of our 2023 Year in Review report, we're doing a series of episodes highlighting several of our key takeaways from the past year. First up, we have David Liebenberg from our Threat Intelligence team to discuss Chinese state-sponsored actors. This is an area David's been studying for many years now and actively researches. He'll discuss the latest Chinese APTs to step onto the scene and trends he's seeing from that area of the world.
Inside Talos' effort to protect the Ukrainian power grid
December 01, 2023 09:00 - 11 minutes - 7.63 MBJoe Marshall, a central figure in the story of how Cisco Talos and other teams within Cisco worked together to protect the Ukrainian power grid, joins the show this week. He recaps a recent CNN story highlighting the new piece of equipment he and a group of volunteers worked on together to ensure the clocks that power the Ukrainian electric grid can withstand GPS disruption in the face of Russian cyber attacks and kinetic warfare.
Why has the Phobos ransomware been working for so long?
November 17, 2023 09:00 - 13 minutes - 9.09 MBGuilherme Venere from Talos Outreach joins the show this week to talk about his research into the 8Base threat actor and its use of a variant of the Phobos ransomware. He recently published several works on the many variants of Phobos that exist in the wild, and why 8Base has been so successful using it for years now.
A warning about scams in "Roblox" (or any other online game, really)
November 10, 2023 09:00 - 10 minutes - 7.05 MBTiago Pereira from Talos Outreach joins the program this week to talk about his research into the different types of scams that appear in the online game "Roblox." Many underage users are at risk of being targeted by malicious users looking to steal their money, in-game items or even install malware on their devices.
XL Edition: The top incident response trends of Q3
November 03, 2023 13:00 - 30 minutes - 21.2 MBThis week is a special edition of Talos Takes. We have the audio version of Talos Incident Response's recent On Air stream, where they discussed the top attacker trends they're seeing in the field. Talos' incident responders discuss the malware they're seeing most often in infections, how attackers are shifting their tactics, and what other defenders can learn from these findings.
Patching 101
October 27, 2023 08:00 - 8 minutes - 5.8 MBJerry Gamblin from Cisco Kenna joins this week's episode to talk about all things patching. If you're the average user, you probably don't think about patching much because many of them happen automatically in the background. However many admins and users can unknowingly fall behind when it comes to protecting themselves against the latest vulnerabilities.
What happens when you actually click the "report spam" button?
October 20, 2023 08:00 - 8 minutes - 5.9 MBEveryone is tired of getting spam emails at this point, and it can feel exhausting always to click that "report spam" button just to get another phony email a few hours later. But we're here to assure you that reporting and filtering spam really does help in the long run! Nick Biasini joins the show this week to discuss all things spam for Cybersecurity Awareness Month.
How to find the right password management solution for you
October 13, 2023 08:00 - 7 minutes - 5.26 MBTo continue our Cybersecurity Awareness Month series, Harpreet Singh from Talos Incident Response joins Jon to talk about password managers. They discuss the upside of using a third-party service like 1Password or LastPass, the potential dangers of using built-in browser password managers like Google Chrome and Safari, and other good password hygiene advice.
Cybersecurity Awareness Month: The best practices for implementing multi-factor authentication
October 06, 2023 08:00 - 16 minutes - 11.2 MBAll of October, we'll be covering broad security-related topics for Cybersecurity Awareness Month. First up, we address the basics of implementing MFA in any environment, why any type of MFA is better than no MFA, the pitfalls of certain types of authentication, and whether going passwordless is the future.
Inside a Talos Incident Response emergency event
September 29, 2023 07:00 - 15 minutes - 10.8 MBHazel Burton takes over as guest host for this episode as she talks to Nate Pors from Cisco Talos Incident Response. Nate was part of Talos IR's team that helped Veradigm, a healthcare technology company, prevent a Qakbot ransomware attack. Nate and his team recently wrote about this experience for the Talos blog, and Veradigm's CISO even joined the Cisco Security Stories podcast recently to discuss his company's relationship with Talos IR. Nate discusses how his team's pre-existing relation...
How Talos helped defend Black Hat's network in Vegas
September 22, 2023 07:00 - 15 minutes - 10.8 MBWhat happens when the hackers become the hacked? Black Hat is one of the largest cybersecurity conferences in the world, and Talos had a hand in defending the on-site network for the past few years. Yuri Kramarz from Talos Incident Response worked in Black Hat's Network Operations Center this year to help defend Black Hat's network and attendees who connected to the network while attending the conference in August in Las Vegas. He joins Talos Takes this week to discuss what he's learned from...
How Talos helped defend BlackHat's network in Vegas
September 22, 2023 07:00 - 15 minutes - 10.8 MBWhat happens when the hackers become the hacked? BlackHat is one of the largest cybersecurity conferences in the world, and Talos had a hand in defending the on-site network for the past few years. Yuri Kramarz from Talos Incident Response worked in BlackHat's Network Operations Center this year to help defend BlackHat's network and attendees who connected to the network while attending the conference in August in Las Vegas. He joins Talos Takes this week to discuss what he's learned from th...
SapphireStealer hits the open internet
September 08, 2023 12:00 - 7 minutes - 5.15 MBCisco Talos has recently written about malware families that go open-source, sometimes of their own volition, and sometimes because of leaks. In the case of SapphireStealer, we still don't really know why someone posted this malware to GitHub, but now that it's out there, we can't put it back in a box. Edmund Brumaghin, who assisted with Talos' research and blog post on SapphireStealer, joins Talos Takes this week to discuss this information-stealer. Edmund talks about the goals that someone...
You're never going to believe this, but Lazarus Group is back again
September 01, 2023 08:00 - 9 minutes - 6.87 MBNorth Korea's infamous APT group is back on the scene, this time with two new remote access trojans. By now, you've probably heard of Lazarus Group and all the annoying things they do to steal sensitive information, make money for North Korea's missile program, etc. But we have an update on their current tactics and payloads they're sending around the globe. Asheer Malhotra from Talos Outreach joins Talos Takes this week to discuss the two new RATs he and his team discovered, why Lazarus Gro...
Carrying out incident response in-person vs. virtually
August 25, 2023 08:00 - 15 minutes - 10.7 MBEverything about the modern workplace is different now from the start of the COVID-19 pandemic. Many companies are embracing the remote work lifestyle, while others are stuck in a hybrid model or pushing employees to come back to the office. With that in mind, we felt like it was a good time to check in on the incident response process for companies who have to deal with working remotely and those who prefer to conduct business in person. Yuri Kramarz and Gergana Karadzhova-Dangela from Cisc...
Hacktivism is quietly growing, especially when it comes to Russia's invasion of Ukraine
August 18, 2023 08:00 - 10 minutes - 7.6 MBThe stereotypical "hacker" who looks to do good in the world probably involves a Guy Fawkes mask and black hoodie. But hacktivism has become much more than that, especially since Russia invaded Ukraine. On the heels of a newly released overview on hacktivism, Lexi DiScola from the Talos Threat Intelligence and Interdiction team joins Talos Takes this week to discuss these actors. While not just anyone is likely a target for hacktivists, Talos has seen groups become more brazen and start look...
What's the difference between data theft extortion and ransomware?
August 11, 2023 08:00 - 10 minutes - 7.6 MBCisco Talos Incident Response observed data theft extortion more than any other type of cyber attack last quarter. So why has it become so popular? And what makes it different from ransomware? Jacob Finn from the Talos Threat Intelligence and Interdiction Team joins Jon this week to discuss the basics of data theft extortion. He just worked on an overview of this threat for Talos researchers and works closely with Talos IR on their quarterly trends reports. Jacob discusses why threat actors ...
Reading 2023's cybersecurity tarot cards
August 04, 2023 08:00 - 11 minutes - 7.66 MBHazel Burton and Jon Munshaw use this week to look back on the top threats and cybersecurity trends so far in 2023 and the rest of the year. Hazel recently compiled Talos' Half-Year in Review, recapping the top stories that Talos has been following so far this year. She and Jon talk about what stood out from the report, what our researchers have been thinking about up to this point, and what we'll be discussing come December.
(XL Edition): The top trends that Talos IR saw last quarter
July 28, 2023 08:00 - 29 minutes - 20.5 MBWe're back with the audio version of our quarterly Cisco Talos Incident Response On Air stream. Join the Talos IR team as they recap the past quarter's top trends, including talking about malware they're seeing in the wild, tactics that attackers are using most often to break into networks, and much more. They discuss why healthcare continues to be a popular target for bad actors, and how adversaries are pivoting away from ransomware and instead opting for data theft and extortion. If you pr...
ISO 27002 sounds intimidating, but really it's just a cybersecurity shopping list
July 21, 2023 08:00 - 12 minutes - 8.4 MBWhen Martin Lee first told Jon about ISO 27001 and 27002, Jon had to immediately Google whatever this combination of letters and numbers meant. Turns out there are international standards for cybersecurity, just like they have for selling lightbulbs and installing electrical outlets — who knew? Martin recently wrote about these standards for the Talos blog, outlining a list of recommendations for any organization looking to build a threat intelligence program from the ground up. Jon intervie...
The dangers of "Mercenary" groups and the spyware they create
July 14, 2023 08:00 - 8 minutes - 5.89 MBAsheer Malhotra is back to talk to Jon Munshaw about spyware and mercenary groups. Asheer recently helped publish Talos research on Mercenary Groups and why they're so dangerous in particular. We briefly touched on this topic in a past episode on the Predator/Alien spyware tag team, but this time we're getting into the broader field of what Mercenary groups are, exactly, and what makes them so dangerous. Asheer talks about recent steps governments have taken to curb the sale of spyware and w...
The various ways attackers can mess with URLs, TLDs and DNS
June 30, 2023 08:00 - 13 minutes - 9.48 MBWe decided to have a web navigation extravaganza this week! Guilherme Venere and Jaeson Schultz from Talos Outreach have both long been researching the ways in which bad actors try to damage users' inherent trust in the internet. Most internet users interact with the web by typing in a URL or domain name into their web browser (i.e., google.com) expecting that will take them to the right place. But attackers have found various ways to mess with that series of handshakes that must take place....
What we know so far about the MOVEit zero-day making the rounds
June 23, 2023 08:00 - 6 minutes - 4.5 MBAliza Johnson from Talos Threat Intelligence and Interdiction team joins Jon Munshaw this week for a Talos Takes episode on the MOVEit zero-day vulnerability (that's since been patched) making headlines recently. Talos published an advisory last week on everything we know so far about the exploitation of this vulnerability and the group behind it, Clop. Aliza discusses where things stand right now, what Clop is doing once they gain access via this vulnerability and what Talos recommends for ...
The hidden threat to the software supply chain you may not be thinking about
June 16, 2023 08:00 - 12 minutes - 8.31 MBCisco Talos Incident Response recently discovered an uptick in malicious actors compromising vendor and third-party accounts to sneak into targeted networks. Many enterprises have vendor and contractor accounts that need to access their network for a variety of things — IT support, cybersecurity, etc. — but these accounts are often monitored less than those belonging to full-time employees. Craig Jackson, who recently co-authored a blog post on this threat, joins Talos Takes this week to tal...
Horabot is here to do "horable" things to your email inbox
June 09, 2023 08:00 - 13 minutes - 9.41 MBWe're joined this week by Chetan Raghuprasad to discuss a new botnet he recently discovered and researched. Horabot can completely hijack a target's Outlook mailbox to steal their contact list and then send even more spam to targets. It's the perfect business email compromise tool for attackers that comes with a side of banking trojan. Chetan talks to Jon about this malware family's abilities, where it came from and what the actors behind it are hoping to achieve. For more, read Chetan's ful...
The Predator spyware and more "mercenary" groups
June 02, 2023 13:00 - 9 minutes - 6.73 MBDespite governments' best efforts, spyware is still running rampant on the threat landscape. These types of tracking malware are used to target high-profile individuals like politicians, activists, journalists and more — and even sometimes for jealous exes to track their former partners. Asheer Malhotra, who recently dissected the Predator spyware, joins Talos Takes this week to talk about Predator and its associated tool, Alien. Asheer shares new technical details about this spyware and dis...
How to adapt to the constant change that comes with cybersecurity
May 26, 2023 08:00 - 18 minutes - 12.8 MBHazel Burton is our special guest host this week of Talos Takes, featuring a very special guest: Talos Vice President Matt Watchinski! Matt and Hazel have a conversation for Mental Health Awareness Month, especially as it relates to the cybersecurity industry. They share tips on how to balance work and life (when it seems like cybersecurity is starting to permeate every aspect of our lives) and how to deal with failure. Join us for this incredibly candid conversation!
RA Group is just the latest example of the ransomware landscape splintering
May 19, 2023 08:00 - 8 minutes - 5.63 MBTalos researchers recently discovered a new ransomware group called "RA Group." This week, Nick Biasni joins Jon to discuss this new threat actor and the modified Babuk ransomware they've already used in attacks against a wide range of companies in the U.S. and South Korea. Nick talks about the group's use of source code that's already been leaked, where they could be headed next and what this group may signal for the larger ransomware landscape. Other helpful links: Threat Source newslet...
What makes the new Greatness phishing-as-a-service tool so great?
May 12, 2023 08:00 - 8 minutes - 5.62 MBTiago Pereira from Talos Outreach joins the show this week to talk about his recent discovery of a new phishing-as-a-service tool called "Greatness." Since everything else is "as-a-service" nowadays, it's only fitting that attackers have figured out how to monetize easy phishing tools, too. Tiago discusses what makes Greatness unique, why it's going after business targets specifically, and why it creates such convincing fake Office 365 login pages.
XL Edition: Talos Incident Response livestream on top trends from the past quarter
May 05, 2023 08:00 - 32 minutes - 22.6 MBThis week's episode is longer than usual, but we wanted to bring you the Cisco Talos Incident Response On Air livestream from last week for anyone who missed it. For anyone who prefers a video version, you can watch the recording here. In this discussion, researchers from Talos IR and the Talos Threat Intelligence and Interdiction team cover the top threats and attacker tactics they saw over the past quarter. They talk about why the use of web shells is way up, whether or not the ransomware...
Analyzing the recent takedown of popular dark web forums
April 28, 2023 08:00 - 8 minutes - 6.27 MBOn the heels of law enforcement agencies from across the globe working together to disrupt two popular cybercrime forums — Genesis Market and BreachForums — Azim Khodjibaev from Talos' Threat Intelligence & Interdiction team joins Jon to talk about these types of sites. Azim has years of experience infiltrating and investigating these types of marketplaces to learn about emerging security threats. He talks about what goes into these types of takedowns and where the sites' users are likely to...