Talos Takes

Talos’ spin on security news

Every week, host Jon Munshaw brings on a new guest from Talos or the broader Cisco Secure world to break down a complicated security topic in just five or 10 minutes. We cover everything from breaking news to attacker trends and emerging threats.

Subscribe
  • Talos Takes : Episode 97
    2022-05-20

    Talos Takes Ep. #97: MustangPanda stays agnostic

    See people, this is what happens when you finally let a panda drive a sports car! This week’s episode of Talos Takes covers the basics of MustangPanda, a Chinese state-sponsored actor we wrote about recently. Asheer Maholtra joins the show to go over his research into this group. Mainly, we discuss why this actor, despite being aligned with China, is targeting Russian government entities and organizations. Though the two countries seem to be allies, all is fair in love and cyber espionage.

    Hosted By:
    Jon Munshaw
    Featuring:
    Asheer Malhotra@asheermalhotra
    Download
    Run Time: 08:00

    Keywords
    • MustangPanda
    • APTs
    • state-sponsored
    • ransomware
    • trojans

  • Talos Takes : Episode 96
    2022-05-13

    Talos Takes Ep. #96: Takeaways from victim chats with two ransomware groups

    Kendall McKay joins Jon this week to discuss the Hive and Conti ransomware chats she and her colleagues recently reviewed. We obtained some leaked chats between these ransomware groups and some of their victims, showing us what communicating with an attacker is really like. Jon and Kendall discuss the negotiation process over a ransom payment and what else we learned from these chat logs.

    Hosted By:
    Jon Munshaw
    Featuring:
    Kendall McKay@kkmckay22
    Download
    Run Time: 11:46

    Keywords
    • Hive
    • Conti
    • ransomware
    • malware

  • Talos Takes : Episode 95
    2022-05-06

    Talos Takes Ep. #95 (XL Edition): CTIR recaps last quarter's top threats

    On this week’s episode of Talos Takes, we’re bringing you the recording of last week’s live stream with Cisco Talos Incident Response. Beers with Talos’ own Liz Waddell hosted the first in our new “On Air” series with CTIR, where she and her fellow Talosians recapped the previous quarter’s top threats. They run through the malware families CTIR saw most in the field and discussed other trends that threat actors are starting to adapt.

    Hosted By:
    Liz Waddell@vlsin
    Featuring:
    Caitlin Huey@hueylittle_er, Alexis Merritt, and Laurie Varner
    Download
    Run Time: 39:16

    Keywords
    • CTIR
    • Incident Response
    • ransomware
    • malware

  • Talos Takes : Episode 94
    2022-04-27

    Talos Takes Ep. #94: Everything you need to know about the BlackCat ransomware group

    BlackCat, BlackMatter, DarkSide, BlackByte…it’s too hard to keep up with all these ransomware group names these days. So we’re here to break down one of these groups, BlackCat, for you so you can figure out what makes them actually memorable. Aliza Berk from our Talos Threat Intelligence & Interdiction team joins Jon Munshaw this week to talk about BlackCat and their ransomware that’s recently become a major player on the malware landscape. Aliza recently compiled our latest Threat Assessment Report on this group and assisted in our research around the group. Jon and Aliza discuss how the use of the Rust programming language and using triple extortion tactics make this group a threat.

    Hosted By:
    Jon Munshaw
    Featuring:
    Aliza Berk
    Download
    Run Time: 08:19

    Keywords
    • BlackCat
    • ransomware
    • BlackMatter
    • malware
    • APTs

  • Talos Takes : Episode 93
    2022-04-22

    Talos Takes Ep. #93: Kenna 101 — Best patching and mitigation strategies

    Continuing the “Kenna 101” series over at Talos Takes, Ed Bellis re-joins the show to talk about patching and mitigation strategies. So far, we’ve talked about how to tell when you should take a CVE seriously. But what if there’s no patch for it? Or what if you have to patch 50 vulnerabilities in the same product? We talk about how Kenna can help security teams of all sizes prioritize their patching strategies and create mitigation strategies in the worst-case scenario. For the other entries in our Kenna 101 series, listen here and here.

    Hosted By:
    Jon Munshaw
    Featuring:
    Ed Bellis@ebellis
    Download
    Run Time: 09:32

    Keywords
    • vulnerabilities
    • patching
    • Kenna Security
    • vulnerability research

  • Talos Takes : Episode 92
    2022-04-15

    Talos Takes Ep. #92: Kenna 101 — How to read a CVE

    Continuing our “Kenna 101” series, Jon is joined this week by Jerry Gamblin, Kenna’s director of security research. Jerry is an expert at all things CVE’s, so we reflect on reading vulnerability reports and analyzing specific CVEs. We discuss if “severity” scores even really mean anything, and how to interpret a maximum 10/10 score versus an attacker vector or type of vulnerability.

    Hosted By:
    Jon Munshaw
    Featuring:
    Jerry Gamblin@JGamblin
    Download
    Run Time: 09:56

    Keywords
    • Kenna
    • vulnerabilities
    • patching
    • exploits

  • Talos Takes : Episode 91
    2022-04-11

    Talos Takes Ep. #91: The tax scams cometh

    It’s tax season! You know what that means — sadness, frustration and scams. Host Jon Munshaw sat down with Nick Biasini from the Talos Outreach team to talk about common tactics adversaries use around this “holiday” to try and spread malware, steal personal information and take users’ money. We talk about free security tools you can deploy to block these types of threats, common spam tactics to keep an eye out for and other services that can help you prepare for a worst-case scenario.

    Hosted By:
    Jon Munshaw
    Featuring:
    Nick Biasini@InfoSec_Nick
    Download
    Run Time: 06:09

    Keywords
    • tax
    • Tax Day
    • spam
    • scams
    • email

  • Talos Takes : Episode 90
    2022-04-01

    Talos Takes Ep. #90: Kenna Security 101

    We’re kicking off a new series of episodes called “Kenna 101” highlighting Cisco’s newest partner, Kenna Security. Kenna is a risk management platform for vulnerabilities that allows users to view what vulnerabilities exist in their environment and helps them create a plan for patching and mitigation. We’re starting things off with the CTO of Kenna, Ed Bellis, to talk about the basics of Kenna and its risk scores.

    Hosted By:
    Jon Munshaw
    Featuring:
    Ed Bellis@ebellis
    Download
    Run Time: 09:56

    Keywords
    • Kenna
    • security
    • vulnerabilities
    • patching

  • Talos Takes : Episode 89
    2022-03-25

    Talos Takes Ep. #89: Taking the Meta out of the Metaverse

    When most people think of the “Metaverse,” they may first think of the company Meta — the recently rebranded Facebook. After all, what other company would really want everyone taking meetings virtually using avatars while you share your cryptocurrency wallets and personal information with them? The Metaverse is actually much larger than this, though. So in this Talos Takes episode, we’re trying to demystify the Metaverse and look at what it is, exactly. Researcher Jaeson Schultz recaps his recent blog post on the matter, and then he and Jon talk about the potential security pitfalls that could arise from adopting the Metaverse.

    Hosted By:
    Jon Munshaw
    Featuring:
    Jaeson Schultz@jaesonschultz
    Download
    Run Time: 12:22

    Keywords
    • Metaverse
    • Meta
    • cryptocurrency
    • scams

  • Talos Takes : Episode 88
    2022-03-18

    Talos Takes Ep. #88: Biden's crypto executive order is good for good guys and bad for bad guys

    Jon and Nick sit down for a few minutes to talk about U.S. President Joe Biden’s recent Executive Order on more heavily regulating cryptocurrency. For a primer on this episode, you can read a quick overview here. This episode pretty much sums it up as being a good thing for anyone who uses cryptocurrency legitimately, and bad for anyone who uses crypto to do anything illegal. We discuss how greater regulation could affect ransomware operators who rely on virtual currency for ransom payments and illegitimate miners, and why no one using Bitcoin legitimately should be worried.

    Hosted By:
    Jon Munshaw
    Featuring:
    Nick Biasini@InfoSec_Nick
    Download
    Run Time: 07:12

    Keywords
    • cryptocurrency
    • cryptominers
    • ransomware
    • ransom
    • government

  • Talos Takes : Episode 87
    2022-03-11

    Talos Takes Ep. #87 (XL Edition): Livestream update on the current cybersecurity situation in Ukraine

    Cisco Talos threat intelligence team and Cisco ThousandEyes went live on Talos’ social media platforms Friday to provide guidance on current cyberattacks and insight into internet activity in Ukraine. Both teams are actively monitoring the digital landscape and openly sharing essential findings to contribute to the safety of our customers globally.

    Many of our teams have set aside normal tasks, now spending their time watching over Ukrainian networks. Other teams have focused on protecting refugees, physically and digitally. Still, others have volunteered their free time contributing critical components to our open-source intelligence work. The audio version of this briefing will share what we have seen and how you can protect your data, network and teams.

    Hosted By:
    Hazel Burton@HazeBurton
    Featuring:
    Amy Henderson@amyhendertweets and JJ Cummings
    Download
    Run Time: 54:19

    Keywords
    • Ukraine,cyberwar,cybersecurity,cyberattack,APTs

  • Talos Takes : Episode 86
    2022-02-18

    Talos Takes Ep. #86: The fallout from the recent REvil arrests

    In the latest entry in the “Days of our Ransomware” series, Azim Khodjibaev joins Jon to talk about some recent ransomware drama. Dark web forums have been going nuts since Russia arrested and charged several alleged members of the REvil ransomware gang in January. Azim discusses how there’s been a power grab since those arrests, and we discuss what else it might take to shut down many of these wide-reaching ransomware groups. Threat actors: They get into the same petty arguments we all do in Slack.

    Hosted By:
    Jon Munshaw
    Featuring:
    Azim Khodjibaev@AShukuhi
    Download
    Run Time: 08:56

    Keywords
    • ransomware
    • APTs
    • RaaS
    • state-sponsored actors

  • Talos Takes : Episode 85
    2022-02-11

    Talos Takes Ep. #85: ICS as it relates to the current situation in Ukraine

    As the Ukraine situation evolves, we figured it was an important time to check in with the specific threats government agencies across the globe have started to warn us about. Joe Marshall, Talos’ resident industrial control systems expert, joins this week’s episode of Talos Takes to talk about potential threats to Ukraine’s power grid should kinetic warfare break out in the area. We also touch on what potential threats America’s infrastructure faces if our government leaders were to oppose any Russian actions in the region. It’s admittedly a tangled web currently — but for the most current information on this, check out the Talos blog on the topic.

    Hosted By:
    Jon Munshaw
    Featuring:
    Joe Marshall@ImmortanJo3
    Download
    Run Time: 10:28

    Keywords
    • Ukraine
    • ICS
    • infrastructure
    • cyberwarfare

  • Talos Takes : Episode 84
    2022-02-04

    Talos Takes Ep. #84: Commodity RATs 101

    What’s a commodity RAT? And how does that make it different from your run-of-the-mill RAT? Is that RAT different than a trojan? In this week’s Talos Takes episode, we answer these questions and more to provide you a quick overview of remote access trojans/tools (aka RATs) and how commodity RATS specifically differ from their “normal” brethren. Asheer Malhotra from our Outreach team has been looking at several commodity RATs for months now and is here to take you to class for 10 minutes.

    Hosted By:
    Jon Munshaw
    Featuring:
    Asheer Malhotra@asheermalhotra
    Download
    Run Time: 9:24

    Keywords
    • RATs
    • trojans
    • malware
    • cybersecurity basics

  • Talos Takes : Episode 83
    2022-01-28

    Talos Takes Ep. #83: The latest on the cybersecurity situation in Ukraine

    Jon Munshaw and Nick Biasini sit down for a few minutes to discuss the latest on the ongoing cyber attacks and security concerns in Ukraine. They discuss how a recent set of attacks against government-run websites compares to past attacks like NotPetya, and provide guidance for any companies who may be based in, or do business in, Ukraine. For more of Talos’ insight on this, please continue to check back on our blog post here.

    Hosted By:
    Jon Munshaw
    Featuring:
    Nick Biasini@InfoSec_Nick
    Download
    Run Time: 6:08

    Keywords
    • NotPetya
    • Ukraine
    • Russia