Talos Takes

Talos’ spin on security news

Every week, host Jon Munshaw brings on a new guest from Talos or the broader Cisco Secure world to break down a complicated security topic in just five or 10 minutes. We cover everything from breaking news to attacker trends and emerging threats.

Subscribe
  • Talos Takes

    Talos Takes Ep. #59: A deep dive into vulnerabilities in a home security station

    We’ve spent many minutes (that’s the point of the podcast, after all) discussing internet-of-things devices on this podcast. As consumers start having more “smart” devices connected to their home network, they may want an easy solution to keeping those devices safe. But what if that device gets owned?

    Carl Hurd of our vulnerability research team recently discovered several vulnerabilities in Trend Micro’s Home Network Security Station. He joins the show for the first time to talk about his research, the pros and cons of these all-in-one home network security devices, and how an attacker could exploit these issues to spy on your devices.

    Download
    Run Time: 00:10:25

    Keywords
    • vulnerabilities
    • IoT
    • home security

  • Talos Takes

    Talos Takes Ep. #58: It's time to get serious about protecting critical infrastructure

    With major cyber attacks in recent years against major U.S. critical infrastructure suppliers like Norsk Hydro and Colonial Pipeline, we’re in a new world of CI cybersecurity. New threats require new approaches to defense. And in the U.S., this is likely going to include partnerships between those who manage critical infrastructure, government and the private cybersecurity sector.

    Talos recently outlined what this may look like in America. One of the authors of that post, Joe Marshall, joins Jon Munshaw this week on Talos Takes to talk about public-private partnerships to defend critical infrastructure.

    Download
    Run Time: 00:08:41

    Keywords
    • critical infrastructure
    • oil and natural gas
    • ransomware
    • operational technology

  • Talos Takes

    Talos Takes Ep. #57: What's in it for both sides of the ransomware-as-a-service model?

    How much is ransomware-as-a-service like a McDonald’s franchise? More similar than you’d think! The RaaS model has entered the mainstream over the past few months with groups such as DarkSide attacking the Colonial Pipeline.

    In these transactions, what’s in it for the original ransomware creator? And what do the operators themselves get out of it? Nick Biasini joins Jon Munshaw this week to talk about this business model, what it means for the rise in ransomware attacks, and how you can stay protected.

    Download
    Run Time: 00:05:27

    Keywords
    • ransomware
    • ransomware-as-a-service
    • OT
    • critical infrastructure

  • Talos Takes

    Talos Takes Ep. #62: There's still plenty of mileage left in BEC

    Business email compromise may seem like last decade’s threat, but it’s still just as prevalent as ever. A recent FBI report found that it cost users more than $1 billion in 2020, and attackers are now capitalizing on everything from PlayStation 5 sales to the COVID-19 pandemic to still scam people. On this week’s Talos Takes, Nick Biasini recaps his recent research into BEC and discusses why there are some reasons why this threat may never go away (hint: users).

    Download
    Run Time: 00:05:25

    Keywords
    • business email compromise
    • spam
    • phishing
    • email

  • Talos Takes

    Talos Takes Ep. #56: The first security steps when returning to the office

    We started out the COVID-19 pandemic by thinking we’d be away from the office for a month — maybe two. More than 12 months later, we’re still here, working from home (at least part-time).

    But some businesses are starting to reopen now and welcoming workers back into the office. After so much time working out of the office, what should security professionals do once they get back? In this week’s episode, Beers with Talos’ own Craig Williams joins the show to talk about triple-checking for patches, changing passwords and more. Plus, how should you handle the new hybrid worker?

    Download
    Run Time: 00:10:51

    Keywords
    • work from home
    • COVID
    • patching

  • Talos Takes

    Talos Takes Ep. #55: What's next for Transparent Tribe?

    Asheer Malhotra from Talos Outreach has followed Transparent Tribe for years now. This APT has been all over the place using all sorts of trojans. So where my they go next? Asheer joins Talos Takes this week to discuss the malware this group deploys and how they use typo-squatted domains to lure victims in.

    Download
    Run Time: 00:08:28

    Keywords
    • malware
    • trojans
    • APTs
    • threats

  • Talos Takes

    Talos Takes Ep. #60 (XL Edition): Kaseya emergency show

    In this special “XL edition” of Talos Takes, we’re bringing you the audio version of our live stream this week discussing the Kaseya supply chain attack. Nick Biasini from Talos Outreach went live with Hazel Burton, a Cisco product marketing manager, to discuss what transpired over the long Fourth of July weekend. 
    Nick discussed the Kaseya exploit leveraged in this campaign, plus the follow-on ransomware attacks. This is the best place to get the tl;dr on what happened, what you need to be doing now, and what Cisco Secure solutions can keep you protected.

    Download
    Run Time: 00:21:40

    Keywords
    • Kaseya
    • supply chain
    • ransomware
    • REvil

  • Talos Takes

    Talos Takes Ep. #54: Incident response is really just the friends we made along the way

    Welcome to the unofficial incident response week at Talos! As part of the RSA Conference, we’ve released two new case studies detailing some malware cases Cisco Talos Incident Response helped resolve. Brad Garnett, this week’s guest, also released a new blog post where he wrote about why incident response is “the ultimate team sport.” Brad joins host Jon Munshaw this week to take a deeper dive into one of these engagements, in which an attacker tried to use Cobalt Strike to infect a target with ransomware (hint: this would have been really bad!) Brad talks about how the strong personal relationships CTIR built with the customer in question set everyone up for success.

    Download
    Run Time: 00:08:14

    Keywords
    • incident response
    • Cobalt Strike
    • ransomware

  • Talos Takes

    Talos Takes Ep. #52: Why not a world passwordless day?

    To celebrate World Password Day this week, we’re talking about getting rid of passwords! Dave Lewis, a global advisory CISO for Cisco Secure, joins Jon to talk about all things passwordless. This is a new initiative Cisco Secure and Duo have undertaken to get network administrators to move away from using passwords in favor of other forms of authentication. Jon and Dave discuss why passwords can be dangerous, the benefits of going passwordless and how to convince longtime users to ditch traditional login credentials.

    Download
    Run Time: 00:09:40

    Keywords
    • passwords
    • passwordless
    • MFA
    • Duo

  • Talos Takes

    Talos Takes Ep. #51: COVID and tax scams go hand-in-hand this year

    We can set our watches to tax scams every year in April. The bad guys are always looking to steal your information, promising to get you a bigger tax return or do your taxes for you. This year is a bit different because Tax Day is a bit later than usual thanks to — you guessed it — COVID. Attackers are now combining these two topics to create spam campaigns, promising to provide you new information about how COVID affects your taxes, or even promising to send you a gift in exchange for receiving your COVID vaccine. Jaeson Schultz makes his inaugural appearance on Talos Takes to discuss what he’s seeing in the wild and how you can avoid these common scams.

    Download
    Run Time: 00:13:18

    Keywords
    • scams
    • spam
    • COVID
    • tax day
    • email