Intelligence Center

Threat Research

Exploring malicious Windows drivers (Part 2): the I/O system, IRPs, stack locations, IOCTLs and more

As the second entry in our “Exploring malicious Windows drivers” series, we will continue where the first left off: Discussing the I/O system and IRPs. Learn More

DarkGate switches up its tactics with new payload, email templates

DarkGate has been observed distributing malware through Microsoft Teams and even via malvertising campaigns. Learn More

New banking trojan “CarnavalHeist” targets Brazil with overlay attacks

Since February 2024, Cisco Talos has been observing an active campaign targeting Brazilian users with a new banking trojan called “CarnavalHeist.” Many of the observed tactics, techniques and procedures (TTPs) are common among other banking trojans coming out of Brazil. Learn More

Fortify Your Defense

Evolve your incident response with intelligence-led proactive services and deep expertise that only Talos can offer, before –and during– an active emergency. Anyone can stand behind you – Talos IR stands beside you, every step of the way.

Together, we can reduce downtime and mitigate risk. Get started today.

Learn More

Latest Talos Takes Podcast Episodes

July 19, 2024 | Ep. 191
You got a data breach notification. Now what?

Joe Marshall, Talos' resident ICS and IoT expert, and Pierre Cadieux from Talos Incident Response join Jon this week to discuss data breaches. Between Snowflake, AT&T, Ticketmaster and more, we should probably assume our data has been part of a leak somewhere. So what steps should you take to prepare for this inevitability? Or what should you do when you get a data breach notification from a company?

July 12, 2024 | Ep. 190
What we learned from studying the TTPs of the 14 most active ransomware groups

Fresh off an analysis of the 14 most active ransomware groups, James Nutland joins Jon this week to discuss his findings. They talk about the most common TTPs shared among these groups, and the potential outliers among these gangs and how they try to infect victims. For more on this topic, watch the inaugural episode of "The Talos Threat Perspective." 

Why Cisco Talos?

Talos is Cisco's threat intelligence research organization, an elite group of security experts devoted to providing superior protection for our customers, products and services.

Our job is your defense.

Talos powers the Cisco portfolio with comprehensive intelligence.

Every customer environment, every event, every single day, all around the world.