Talos Takes

Talos’ spin on security news

Every week, host Jon Munshaw brings on a new guest from Talos or the broader Cisco Secure world to break down a complicated security topic in just five or 10 minutes. We cover everything from breaking news to attacker trends and emerging threats.

Subscribe
  • Talos Takes

    Why we need to stop calling as-a-service group takedowns "takedowns"

    Hazel Burton and Thorsten Rosendahl join Jon Munshaw on this week's episode to discuss the problem with threat actor "hydras." They recently wrote about the topic for the Talos blog, highlighting how law enforcement takedowns of these groups are closer to just disruptions or setbacks for these massive actors. They talk about what really needs to be done to stop ransomware actors and why RaaS is a breeding ground for "hydras."

    Download
    Run Time: 00:12:20

    Keywords

  • Talos Takes

    Turla has been around for 20-plus years at this point, but they're still mixing things up

    Holger Unterbrink of Talos Outreach joins the show this week to discuss his recent Turla APT research. This Russian state-sponsored actor has been around for years but is regularly adding new tooling to its arsenal. Holger has new details about their latest tool, TinyTurlaNG, and insight into the types of organizations they're targeting.

    Download
    Run Time: 00:09:04

    Keywords

  • Talos Takes

    Why more actors are starting to use Telegram for their communications

    Jon started noticing that Talos is finding more threat actors using Telegram nowadays for their communication and coordination, so he decided to bring Azim Khodjibaev on to ask him if he was just inventing this, or if it was a real trend. Turns out it's a real trend! Azim fills listeners in on why Telegram is becoming the app of choice for APTs to publish "news," threaten data leaks, and more. 

    Download
    Run Time: 00:10:25

    Keywords

  • Talos Takes

    Why no one should be relying on passive security in 2024

    Nick Biasini joins Jon this week to talk about passive security. He recently wrote about this topic for the Talos blog and joined Wendy Nather in discussing the merits of passive security versus active blocking. Nick defines what passive security is, exactly, and why it's not the way to go in the modern age. 

    Download
    Run Time: 00:08:17

    Keywords

  • Talos Takes

    What's new about GhostSec's ransomware-as-a-service model

    Chetan Raghuprasad from the Talos Outreach team joins Talos Takes this week to talk to Jon about the GhostSec threat actor that he and a few colleagues wrote about for the Talos blog. GhostSec has teamed up with another ransomware group to carry out double extortion attacks all over the globe, with increasing frequency over the past year. They discuss what's unique about this particular RaaS model, where GhostSec came from, and the benefits of going in on a team-up. 

    Download
    Run Time: 00:12:06

    Keywords

  • Talos Takes

    Why are "identity attacks" on the rise?

    Now more than ever, adversaries are logging in, not breaking in. They're stealing legitimate user credentials to hide undetected on a targeted network after acquiring said credentials in a variety of ways. Hazel Burton joins Jon Munshaw this week to discuss identity attacks, recommendations for avoiding them, and how QR code phishing plays into these tactics. 

    Download
    Run Time: 00:11:29

    Keywords

  • Talos Takes

    The tl;dr of NIS2

    Gergana Karadzhova-Dangela and Thorsten Rosendahl, our resident experts on all things European Union cybersecurity law, join the show this week to talk about the impending NIS2 regulations. Don't worry, you've still got plenty of time to work on them, but this is a good place to get started even if you've never seen the phrase "NIS2" before. Find more of their writing on NIS2 here and here

    Download
    Run Time: 00:14:05

    Keywords

  • Talos Takes

    Case study: How Talos IR helped a healthcare tech company avoid a ransomware attack

    Reposted from the Cisco Security Stories feed: Meet Jeremy Maxwell, CISO of Veradigm, a healthcare IT company. Jeremy discusses how his organization proactively prepares for cybersecurity incidents within a highly regulated industry.

    Download
    Run Time: 00:49:20

    Keywords

  • Talos Takes

    How are attackers using malicious drivers in Windows to stay undetected?

    Chris Neal from Talos Outreach joins the show today to talk about his research into the ways adversaries are using malicious drivers on Windows to spread malware. He recently launched a new series on the Talos blog about the basics of drivers and how security researchers can reverse engineer them to learn more about attacker TTPs and develop new detection content. Chris discusses when he first spotted this type of attack, what advantages it presents for the attacker and the other aspects of the research he plans to dive into.

    Download
    Run Time: 00:11:36

    Keywords

  • Talos Takes

    (XL Edition): Talos IR recaps the top threats of Q4 2023

    This week, we're bringing you the audio version of our recent Talos IR On Air video. Several Talos incident responders got together to recap the top threats and attacker trends of Q4 2023, as outlined in our full Quarterly Trends Report. Hear about why ransomware was up for the first time the entire year, and which sectors were being targeted most often. 

    Download
    Run Time: 00:17:18

    Keywords