Shows
Talos TakesWhy attackers are using hidden text salting to evade email filtersIn this episode Hazel chats with Omid Mirzaei, a security research lead in the email threat research team at Cisco Talos. Omid and several Talos teammates recently released a blog on hidden text salting (or poisoning) within emails and how attackers are increasingly using this technique to evade detection, confuse email scanners, and essentially try and get phishing emails to land in people’s inboxes. Hidden text salting is a simple yet effective technique for bypassing email parsers, confusing spam filters, and evading detection engines that rely on keywords. The idea is to include some char...2025-02-1209 minTalos TakesHow to establish a threat intelligence program (Cisco Live EMEA preview)It's an European takeover this week, as Hazel sits down with Talos EMEA threat researchers Martin Lee and Thorsten Rosendahl. They're heading to Cisco Live EMEA next week (February 9-14) to deliver a four hour session on how to establish a threat intelligence program. If you can't make it - here's a 15 minute version! Thorsten and Martin provide best practices for threat intelligence, the different flavors of it (tactical, operational, and strategic), and the significance of curiosity and learning from failures.If you haven't already, check out Martin's introductory course to threat intelligence in collaboration with Cisco’s...2025-02-0516 minTalos TakesWeb shell frenzies, the first appearance of Interlock, and why hackers have the worst cybersecurity: IR Trends Q4 2024Joe Marshall and Craig Jackson join Hazel to discuss the biggest takeaways from Cisco Talos Incident Response's latest Quarterly Trends report. This time the spotlight is on web shells and targeted web applications – both have seen large increases. There’s a brand new ransomware actor on the scene – we’ll talk about the new Interlock ransomware and how we’ve seen this group show up this quarter. Plus, Talos IR observed threat actors using remote tooling in 100% of ransomware incidents this quarter – that’s a significant uptick. For the full report head to blog.talosintelligence.com/talos-ir-trends-q4-2024/2025-01-3113 minTalos TakesHow Talos IR and Splunk are teaming upHazel Burton steps in as guest host this week to talk to Brad Garnett, the head of Cisco Talos Incident Response, and JK Lialias, the head of cybersecurity product marketing for Splunk. Brad and JK share two exciting in which Talos is being incorporated into Splunk now, and what that means for the ways we can keep users more secure. They also talk about what better visibility into attacker trends means for the end user and defenders.2024-09-1321 minTalos TakesA 1-on-1 with Talos VP Matt WatchinskiHe's been here since the beginning, and now he's ready to reflect on the past 10 years of Cisco Talos. Matt Watchinski, the Vice President of Talos for Cisco, joins Jon this week to talk about Talos' recently celebrated 10th birthday and talk about the company's origins, how we've managed to balance growth and culture, and his favorite memories from the past 10 years. 2024-08-1630 minTalos TakesThreat actor trends and the most prevalent malware from the past quarterHazel Burton guest hosts this week to recap the top threats observed by Cisco Talos Incident Response (Talos IR) in the second quarter of 2024. She’s then joined by Talos’ Joe Marshall and Craig Jackson to pick out some of the most interesting stories from the report.2024-07-2615 minTalos Takes4 takeaways from what Talos IR is seeing in the fieldHazel Burton steps in to host this week's episode as we cover the recent Cisco Talos Incident Response Quarterly Trends Report from the first quarter of this year. Hazel talks to different Talosians to find out why business email compromise is on the rise, how attackers are bypassing MFA, and more. 2024-05-0314 minTalos TakesXL Edition: Talos' 2023 Year in ReviewIn this special edition of the show, we're bringing you the audio version of our Year in Review livestream. Recorded at the end of December, this stream included Hazel Burton, Nick Biasini and Laurie Varner from Cisco Talos Incident Response recapping the year that was in cybersecurity. They covered the highlights of our 2023 Year in Review report, their personal takeaways from the past year, and trends to watch for heading into the new year.2024-01-1234 minTalos TakesInside Talos' effort to protect the Ukrainian power gridJoe Marshall, a central figure in the story of how Cisco Talos and other teams within Cisco worked together to protect the Ukrainian power grid, joins the show this week. He recaps a recent CNN story highlighting the new piece of equipment he and a group of volunteers worked on together to ensure the clocks that power the Ukrainian electric grid can withstand GPS disruption in the face of Russian cyber attacks and kinetic warfare. 2023-12-0111 minTalos TakesInside a Talos Incident Response emergency eventHazel Burton takes over as guest host for this episode as she talks to Nate Pors from Cisco Talos Incident Response. Nate was part of Talos IR's team that helped Veradigm, a healthcare technology company, prevent a Qakbot ransomware attack. Nate and his team recently wrote about this experience for the Talos blog, and Veradigm's CISO even joined the Cisco Security Stories podcast recently to discuss his company's relationship with Talos IR. Nate discusses how his team's pre-existing relationship with Veradigm helped them respond quickly and effectively. If you've ever wanted to hear a play-by-play of a security event...2023-09-2915 minTalos TakesHow Talos helped defend Black Hat's network in VegasWhat happens when the hackers become the hacked? Black Hat is one of the largest cybersecurity conferences in the world, and Talos had a hand in defending the on-site network for the past few years. Yuri Kramarz from Talos Incident Response worked in Black Hat's Network Operations Center this year to help defend Black Hat's network and attendees who connected to the network while attending the conference in August in Las Vegas. He joins Talos Takes this week to discuss what he's learned from the past few years working in the NOC, what types of threats Black Hat faces...2023-09-2215 minTalos TakesSapphireStealer hits the open internetCisco Talos has recently written about malware families that go open-source, sometimes of their own volition, and sometimes because of leaks. In the case of SapphireStealer, we still don't really know why someone posted this malware to GitHub, but now that it's out there, we can't put it back in a box. Edmund Brumaghin, who assisted with Talos' research and blog post on SapphireStealer, joins Talos Takes this week to discuss this information-stealer. Edmund talks about the goals that someone has by making malware open-source, how that affects detection and what makes SapphireStealer unique among infostealers. 2023-09-0807 minTalos TakesWhat's the difference between data theft extortion and ransomware?Cisco Talos Incident Response observed data theft extortion more than any other type of cyber attack last quarter. So why has it become so popular? And what makes it different from ransomware? Jacob Finn from the Talos Threat Intelligence and Interdiction Team joins Jon this week to discuss the basics of data theft extortion. He just worked on an overview of this threat for Talos researchers and works closely with Talos IR on their quarterly trends reports. Jacob discusses why threat actors are choosing data theft extortion over ransomware and how this makes defense and detection more difficult. For...2023-08-1110 minTalos Takes(XL Edition): The top trends that Talos IR saw last quarterWe're back with the audio version of our quarterly Cisco Talos Incident Response On Air stream. Join the Talos IR team as they recap the past quarter's top trends, including talking about malware they're seeing in the wild, tactics that attackers are using most often to break into networks, and much more. They discuss why healthcare continues to be a popular target for bad actors, and how adversaries are pivoting away from ransomware and instead opting for data theft and extortion. If you prefer a video version, watch it over on YouTube here.2023-07-2829 minTalos TakesThe hidden threat to the software supply chain you may not be thinking aboutCisco Talos Incident Response recently discovered an uptick in malicious actors compromising vendor and third-party accounts to sneak into targeted networks. Many enterprises have vendor and contractor accounts that need to access their network for a variety of things — IT support, cybersecurity, etc. — but these accounts are often monitored less than those belonging to full-time employees. Craig Jackson, who recently co-authored a blog post on this threat, joins Talos Takes this week to talk about vendor and contractor account (VCA) takeover and how they fit into the broader threat of supply chain attacks. 2023-06-1612 minTalos TakesXL Edition: Talos Incident Response livestream on top trends from the past quarterThis week's episode is longer than usual, but we wanted to bring you the Cisco Talos Incident Response On Air livestream from last week for anyone who missed it. For anyone who prefers a video version, you can watch the recording here.In this discussion, researchers from Talos IR and the Talos Threat Intelligence and Interdiction team cover the top threats and attacker tactics they saw over the past quarter. They talk about why the use of web shells is way up, whether or not the ransomware decline is real and how multi-factor authentication could have stopped...2023-05-0532 minTalos TakesWhat does the future of MFA look like?Nowadays it seems like every major tech company has their own multi-factor authentication solution, whether that be a unique app, one-time passcode generation or the "classic" SMS two-factor code. Thorsten Rosendahl, the newest addition to the Cisco Talos Strategic Communications team in Europe, joins the show this week to discuss the conversations he's been having with customers in the field around MFA. He and Jon cover the news that Twitter is going to start charging for users to enroll in SMS-based MFA, the challenge of having too many authenticator apps on their personal devices and how we can get...2023-04-2112 minTalos TakesHow to best prepare for, and respond to, supply chain attacksWith another major supply chain attack recently making headlines, we felt like it was a good time to refresh our advice on how to prepare for these types of cyber attacks. Adversaries are increasingly relying on users' inherent trust of the software running on their networks and devices to deliver hijacked, malicious updates that are actually malware. Craig Jackson, a senior Cisco Talos incident responder, joins the show to provide some advice on how organizations can prep for the next major supply chain attack. We also discuss the current, ongoing 3CX situation and how anyone potentially affected could respond...2023-04-1409 minTalos TakesThe defensive and offensive implications of ChatGPT and AIEveryone is talking about tools like ChatGPT and other AI tools that are dominating headlines and threatening to upend every industry possible. But where do these things stand in cybersecurity? In this week's episode, Jon talks to two women who are well-versed on the topic and recently presented about the cybersecurity implications of AI at several conferences. Gergana Karadzhova of Cisco Talos Incident Response and Saskia Laura Schroer, a security consulting engineer for Cisco, discuss how AI is currently influencing attackers and defenders. Are attackers already using these tools? Does it give them superpowers? And what questions are still...2023-03-3114 minTalos TakesTalos Takes Ep. #132: Reflecting on one year of Talos' work in UkraineIt's been just over a year since Talos formed our Ukraine-focused task force. After Russia's invasion of Ukraine, many of our teammates sprung into action to protect critical infrastructure and networks there — not to mention the Talos employees who literally had to fight back to protect their home country. In this week's episode of Talos Takes, J.J. Cummings, one of the lead organizers of this task force, joins the show to discuss the group's ongoing work. J.J. talks about where the situation in Ukraine stands currently, how the cyber threats facing the country have evolved over the pa...2023-03-2412 min
Beers with Talos PodcastTalos Year in Review 2022 w/ Dave LiebenbergWith this episode, we set out to discuss the first annual Cisco Talos Year in Review report - a look back at the major threats, trends, and topics from 2022 and what we should take forward into 2023. Our guest Dave Liebenberg runs the team behind this report and joins us to discuss *why* his team undertook this effort, and some of the finer points of the report findings. The Year in Review is broken down into four major parts, and Talos will be releasing "topic focus reports" to zoom in on each through February. ...BUT... in reality, we spen...2022-12-1457 minBeers with Talos PodcastTalos Year in Review 2022 w/ Dave LiebenbergWith this episode, we set out to discuss the first annual Cisco Talos Year in Review report - a look back at the major threats, trends, and topics from 2022 and what we should take forward into 2023. Our guest Dave Liebenberg runs the team behind this report and joins us to discuss *why* his team undertook this effort, and some of the finer points of the report findings. The Year in Review is broken down into four major parts, and Talos will be releasing "topic focus reports" to zoom in on each through February. ...BUT... in reality, we spen...2022-12-1457 minBeers with Talos PodcastTalos Year in Review 2022 w/ Dave LiebenbergWith this episode, we set out to discuss the first annual Cisco Talos Year in Review report - a look back at the major threats, trends, and topics from 2022 and what we should take forward into 2023. Our guest Dave Liebenberg runs the team behind this report and joins us to discuss *why* his team undertook this effort, and some of the finer points of the report findings. The Year in Review is broken down into four major parts, and Talos will be releasing "topic focus reports" to zoom in on each through February. ...BUT... in reality, we spen...2022-12-1457 minTalos TakesThe best (and free) ways to improve your cybersecurity skillsTo wrap up Cybersecurity Awareness Month, we're looking at the best, and free, ways to improve your security skills. Jason Kirkland and David Roman from Cisco Talos Incident Response join Jon to talk about the websites, YouTube channels, social media profiles and more they use to stay up-to-date on security news and polish their cybersecurity skills. Here are links to some of the resources we spoke about in this episode:@SwiftOnSecurity@CISAgovBlue Team Village DiscordThe Definitive Compendium ProjectDigital Forensics & Incident ResponseFind your local BSides chapterDFIR DivaTryHackMeR/NetsecThirteen3Cisco Talos YouTube page2022-10-2812 minTalos TakesBack to school advice for teachers, students, parents, admins and everyone in betweenWe're headed back to school with Talos Takes again! Pierre Cadieux from Cisco Talos Incident Response joins the show to talk about advice for educational institutions. Jon asks him about common incident response advice for the education sector and we cover security advice for school admins, parents and students who have to worry about electronic devices traveling to and from school and connecting to all sorts of networks. This episode is particularly relevant this week given some recent major cyber attacks against the education sector, including a major event at the combined Los Angeles school district. 2022-09-0912 min