Back
Explore every episode of the podcast Talos Takes
Dive into the complete episode list for Talos Takes. Each episode is cataloged with detailed descriptions, making it easy to find and explore specific topics. Keep track of all episodes from your favorite podcast and never miss a moment of insightful content.
| Title | Pub. Date | Duration | |
|---|---|---|---|
| Year in Review special pt. 4: How AI is influencing the threat landscape? | 01 May 2025 | 00:32:19 | |
A jam packed episode of guests means a slightly longer Talos Takes for your feed today! We welcome Amy Chang and Omar Santos from Cisco, Vitor Ventura from Talos, and Ryan Fetterman from Splunk. Together, we discuss how AI isn't rewriting the cybercrime playbook, but it is turbo charging some of the old tricks, particularly on the social engineering side. We also touch on threat actor-built LLMs and where things may be headed. We then talk about how defensive strategies can leverage AI, particularly in the SOC, to increase visibility and make determinations a lot quicker. Resources mentioned in the episode: | |||
| Year in Review special part 3: Identity and MFA attacks | 24 Apr 2025 | 00:22:58 | |
Steven Leung from Cisco Duo joins Hazel to discuss the prevalence of identity-based attacks, why they're happening, and the various methods attackers are using to circumvent MFA (Multi-Factor Authentication), based on data in Talos' 2024 Year in Review. Topics we touch on include phishing, push spray attacks, and Adversary-in-the Middle campaigns, and throughout the episode Steven provides best practice recommendations for implementing MFA at scale, without increasing user friction. For more resources, check out the Duo blog, and Talos' 2024 Year in Review. | |||
| Unwrapping the emerging Interlock ransomware attack | 14 Nov 2024 | 00:15:02 | |
Chetan Raghuprasad is our guest today as he breaks down the relatively new Interlock ransomware attack. Cisco Talos Incident Response recently observed this attacker conducting big-game hunting and double extortion attacks. | |||
| Talos Takes Ep. #110: The kinetic and cyber threats Ukrainian agriculture faces | 26 Aug 2022 | 00:08:18 | |
| |||
| Talos Takes Ep. #109: Why cybercrime is going small-time | 19 Aug 2022 | 00:08:25 | |
The public traditionally thinks about cyber attacks as being from some well-funded, state-sponsored actor. But increasingly small-time criminals are turning to the internet to make their money. Increasingly, they’re not carrying out one-off robberies, and instead are working on insurance fraud scams and spam emails. Nick Biasini joins Talos Takes this week to discuss his recent research into this topic and shares what the data shows about the growth of small-time cybercrime. | |||
| Talos Takes Ep. #61: Why does SideCopy seem so familiar? | 12 Aug 2022 | 00:08:28 | |
The last time Jon had Asheer Malhotra from Talos Outreach on the show, they covered the Transparent Tribe APT. Asheer joins the show again this week to talk about another threat actor that is very similar to Transparent Tribe, but is just a tad different. Asheer recently co-authored a research paper on the aptly named SideCopy actor, which borrows many TTPs from their fellow actors, including Transparent Tribe. This episode, we’ll talk about SideCopy’s methods, why they may be borrowing so much from those around them and where they could go from here. | |||
| Talos Takes Ep. #59: A deep dive into vulnerabilities in a home security station | 12 Aug 2022 | 00:10:25 | |
We’ve spent many minutes (that’s the point of the podcast, after all) discussing internet-of-things devices on this podcast. As consumers start having more “smart” devices connected to their home network, they may want an easy solution to keeping those devices safe. But what if that device gets owned? Carl Hurd of our vulnerability research team recently discovered several vulnerabilities in Trend Micro’s Home Network Security Station. He joins the show for the first time to talk about his research, the pros and cons of these all-in-one home network security devices, and how an attacker could exploit these issues to spy on your devices. | |||
| Talos Takes Ep. #58: It's time to get serious about protecting critical infrastructure | 12 Aug 2022 | 00:08:41 | |
With major cyber attacks in recent years against major U.S. critical infrastructure suppliers like Norsk Hydro and Colonial Pipeline, we’re in a new world of CI cybersecurity. New threats require new approaches to defense. And in the U.S., this is likely going to include partnerships between those who manage critical infrastructure, government and the private cybersecurity sector. Talos recently outlined what this may look like in America. One of the authors of that post, Joe Marshall, joins Jon Munshaw this week on Talos Takes to talk about public-private partnerships to defend critical infrastructure. | |||
| Talos Takes Ep. #57: What's in it for both sides of the ransomware-as-a-service model? | 12 Aug 2022 | 00:05:27 | |
How much is ransomware-as-a-service like a McDonald’s franchise? More similar than you’d think! The RaaS model has entered the mainstream over the past few months with groups such as DarkSide attacking the Colonial Pipeline. In these transactions, what’s in it for the original ransomware creator? And what do the operators themselves get out of it? Nick Biasini joins Jon Munshaw this week to talk about this business model, what it means for the rise in ransomware attacks, and how you can stay protected. | |||
| Talos Takes Ep. #62: There's still plenty of mileage left in BEC | 12 Aug 2022 | 00:05:25 | |
Business email compromise may seem like last decade’s threat, but it’s still just as prevalent as ever. A recent FBI report found that it cost users more than $1 billion in 2020, and attackers are now capitalizing on everything from PlayStation 5 sales to the COVID-19 pandemic to still scam people. On this week’s Talos Takes, Nick Biasini recaps his recent research into BEC and discusses why there are some reasons why this threat may never go away (hint: users). | |||
| Talos Takes Ep. #56: The first security steps when returning to the office | 12 Aug 2022 | 00:10:51 | |
We started out the COVID-19 pandemic by thinking we’d be away from the office for a month — maybe two. More than 12 months later, we’re still here, working from home (at least part-time). But some businesses are starting to reopen now and welcoming workers back into the office. After so much time working out of the office, what should security professionals do once they get back? In this week’s episode, Beers with Talos’ own Craig Williams joins the show to talk about triple-checking for patches, changing passwords and more. Plus, how should you handle the new hybrid worker? | |||
| Talos Takes Ep. #55: What's next for Transparent Tribe? | 12 Aug 2022 | 00:08:28 | |
Asheer Malhotra from Talos Outreach has followed Transparent Tribe for years now. This APT has been all over the place using all sorts of trojans. So where my they go next? Asheer joins Talos Takes this week to discuss the malware this group deploys and how they use typo-squatted domains to lure victims in. | |||
| Talos Takes Ep. #60 (XL Edition): Kaseya emergency show | 12 Aug 2022 | 00:21:40 | |
In this special “XL edition” of Talos Takes, we’re bringing you the audio version of our live stream this week discussing the Kaseya supply chain attack. Nick Biasini from Talos Outreach went live with Hazel Burton, a Cisco product marketing manager, to discuss what transpired over the long Fourth of July weekend. Nick discussed the Kaseya exploit leveraged in this campaign, plus the follow-on ransomware attacks. This is the best place to get the tl;dr on what happened, what you need to be doing now, and what Cisco Secure solutions can keep you protected. | |||
| It's Taplunk! Talos and Splunk threat researchers meet to put the security world to rights | 31 Oct 2024 | 00:50:38 | |
What happens when two sets of threat researchers from Talos and Splunk's SURGe team meet? Aside from some highly controversial opinions and omissions about the best horror movie, the team discuss what security trends are FUD, and what's actually fearful/ most challenging at the moment. Also, what is the security industry not aware of enough, and also too aware of? Plus some thoughts on cybersecurity awareness training and how we can do better. | |||
| Talos Takes Ep. #54: Incident response is really just the friends we made along the way | 12 Aug 2022 | 00:08:14 | |
Welcome to the unofficial incident response week at Talos! As part of the RSA Conference, we’ve released two new case studies detailing some malware cases Cisco Talos Incident Response helped resolve. Brad Garnett, this week’s guest, also released a new blog post where he wrote about why incident response is “the ultimate team sport.” Brad joins host Jon Munshaw this week to take a deeper dive into one of these engagements, in which an attacker tried to use Cobalt Strike to infect a target with ransomware (hint: this would have been really bad!) Brad talks about how the strong personal relationships CTIR built with the customer in question set everyone up for success. | |||
| Talos Takes Ep. #52: Why not a world passwordless day? | 12 Aug 2022 | 00:09:40 | |
To celebrate World Password Day this week, we’re talking about getting rid of passwords! Dave Lewis, a global advisory CISO for Cisco Secure, joins Jon to talk about all things passwordless. This is a new initiative Cisco Secure and Duo have undertaken to get network administrators to move away from using passwords in favor of other forms of authentication. Jon and Dave discuss why passwords can be dangerous, the benefits of going passwordless and how to convince longtime users to ditch traditional login credentials. | |||
| Talos Takes Ep. #51: COVID and tax scams go hand-in-hand this year | 12 Aug 2022 | 00:13:18 | |
We can set our watches to tax scams every year in April. The bad guys are always looking to steal your information, promising to get you a bigger tax return or do your taxes for you. This year is a bit different because Tax Day is a bit later than usual thanks to — you guessed it — COVID. Attackers are now combining these two topics to create spam campaigns, promising to provide you new information about how COVID affects your taxes, or even promising to send you a gift in exchange for receiving your COVID vaccine. Jaeson Schultz makes his inaugural appearance on Talos Takes to discuss what he’s seeing in the wild and how you can avoid these common scams. | |||
| Talos Takes Ep. #50: Attackers are using Discord just as much as you are | 12 Aug 2022 | 00:07:17 | |
Cisco Talos recently discovered a wave of attackers spreading malware via collaboration apps like Discord and Slack. On this week’s episode of Talos Takes, Nick Biasini joins the show to bring us inside his research process for this post and discuss why these attacks have been so successful. Jon brings up his Dungeons & Dragons group, too, if you’re interested in that sort of thing. | |||
| Talos Takes Ep. #53: What can we learn from those air fryer vulnerabilities? | 12 Aug 2022 | 00:11:00 | |
Everyone had jokes when it came to the vulnerabilities we recently disclosed in a WiFi-connected air fryer. But there are actually some lessons to take away from this, such as: “Not everything needs to be connected to the internet.” Joe Marshall joins the show this week to discuss all things “smart” appliances, how to protect your network and the repercussions of these specific air fryer vulnerabilities. | |||
| Talos Takes Ep. #49: LodaRAT's connection to Android devices | 12 Aug 2022 | 00:06:05 | |
Chris Neal from Talos Outreach has followed LodaRAT for years now. It’s gone from a fairly small threat to a full-on malware with several features that target all sorts of Android devices. Chris joins the show this week to discuss his history of researching LodaRAT and updates us on its latest TTPs. Find out how this trojan tries to trick users into downloading it on their phones and how it hunts for your banking information. | |||
| Talos Takes Ep. #48: The history of ObliqueRAT | 12 Aug 2022 | 00:07:54 | |
After researching and writing about ObliqueRAT for several months now, Asheer Malhotra joins Talos Takes for the first time to discuss this trojan. We’ve seen this malware evolve over the past year or so to ad new evasion techniques and find ways to avoid email filters and usual antivirus protections. Asheer talks about his history researching this malware and provides some advice on how to avoid email spam and the other maldocs these actors try to spread. | |||
| Talos Takes Ep. #45: Finding an alternative to SMS multi-factor authentication | 12 Aug 2022 | 00:08:30 | |
It was only a matter of time before we had Wendy Nather from Cisco Secure Duo on the show. We finally met Beers with Talos’ level of stardom, as Wendy joins the show to discuss SMS messages as a form of multi-factor authentication. We break down why SMS authentication is still around and used by some of our most important services like banks, and what alternatives are out there. We also discuss the dangers of SIM-jacking attacks and the benefits of using Duo’s app-based authentication. | |||
| Talos Takes Ep. #44: A super-sized edition for a roundtable discussion on SolarWinds | 12 Aug 2022 | 00:34:50 | |
Welcome to the first-ever XL edition of Talos Takes. This one is a little longer than usual, but we promise you it’s worth it. We recently brought together researchers from all corners of Talos to talk about what we know about SolarWinds so far, and what’s still to be discovered. Our various teams have spent the past several months diving deep into the SolarWinds supply chain attack, and this is a collection of Talos’ knowledge on the current situation. Talking points include whether it’s fair to refer to this campaign as “SolarWinds,” what other initial infection vectors there may be, the breadth of the attack and more boots-on-the-ground intelligence. If you want to watch the video version, head to our YouTube page. | |||
| Talos Takes Ep. #43: Microsoft Exchange Server emergency show | 12 Aug 2022 | 00:05:30 | |
We put this week’s Talos Takes episode together last minute to discuss the Microsoft Exchange Server zero-day vulnerabilities Microsoft disclosed earlier this week. Nick Biasini joins the show to discuss mitigation strategies and what these vulnerabilities mean for your environment at-large. Plus, we discuss why this is another case of patching above all else. For more coverage on this topic, check out the Talos blog. | |||
| The biggest takeaways from Talos IR's new report: New ransomware variants, EDR tool uninstallation, and password spray attacks increasing | 25 Oct 2024 | 00:15:26 | |
The Talos IR Quarterly Trends Q3 2024 is out now! In this episode Hazel Burton, Craig Jackson and Bill Largent discuss three big themes: some new ransomware players, the 'Bring Your Own Vulnerable Driver' trend, and why password spray attacks are making a comeback. | |||
| Talos Takes Ep. #42: Seriously folks, save your logs | 12 Aug 2022 | 00:07:29 | |
When Pierre Cadieux steps into a Cisco Talos Incident Response engagement, the first thing he wants to do is check out the customer’s logs. But if there are no logs to be found, he’ll be pretty limited in the kinds of insights he can provide. This has come up several times during the SolarWinds era, when customers are wanting to know if they were targeted in the widespread supply chain attack. So in this episode of Talos Takes, Pierre joins the show to discuss why it’s so important to keep logs for everything — log-ins, events, applications and more. | |||
| Talos Takes Ep. #41: Why you should upgrade to Snort 3 | 12 Aug 2022 | 00:06:02 | |
For this week’s episode of Talos Takes, we’re switching back to Snort talk. For anyone who hasn’t been on security Twitter over the past month, you may not know that we released the Snort 3 GA last month — formally known as Snort 3.1.0. To celebrate, Nick Mavis joins the show again to discuss Snort 3’s new features and upgrades over 2.9.X. Nick, who regularly writes Snort rules for Cisco Talos and has been working hands-on with both versions of Snort for years, talks about how the rules improve with Snort 3, why detection and protection are better and everything else he loves about Snort 3. For more, check out the Snort 3 page on Snort.org. | |||
| Talos Takes Ep. #47: Masslogger | 12 Aug 2022 | 00:04:51 | |
On this week’s episode of Talos Takes, we go back a month or so to reflect on the Masslogger trojan Talos wrote about earlier this year. This malware may not make national headlines, but that doesn’t mean you should just ignore it. Find out where this trojan is hiding and why it’s after your Outlook and Google Chrome login credentials. | |||
| Talos Takes Ep. #40: Lessons learned from our conversations with a ransomware operator | 12 Aug 2022 | 00:08:12 | |
For the first time in Talos Takes history, we have a whopping TWO guests on to talk about Talos’ latest research paper. In this episode, Dmytro Korzhevin and Azim Khodjibaev discuss their work interviewing a LockBit ransomware operator. They spent multiple weeks speaking to this actor over social media, and eventually turned their conversations into a paper that lays out what we learned about the ransomware landscape. Dmytro and Azim talked about lessons learned, what surprised them about the threat actor, and how actors choose their targets. | |||
| Talos Takes Ep. #39: An update on SolarWinds as it relates to IoT and OT | 12 Aug 2022 | 00:12:29 | |
We know we just talked about supply chain attacks and SolarWinds last week, but it’s still all anyone in security is talking about. Joe Marshall joins the show this time to approach the SolarWinds breach from an internet-of-things and operational security perspective. He recently co-wrote a blog for Cisco detailing how outsourcing OT over the past few years has made the SolarWinds compromise worse. Joe, a lifelong researcher and security practitioner in the OT and infrastructure space, discusses what we still don’t know about this attack, what you should do if you think you may be affected, and how we can learn from this going forward. For more on Talos’ coverage and defense against the SolarWinds campaign, check out our blog post here. | |||
| Talos Takes Ep. #37: What's with all this talk about supply chain attacks? | 12 Aug 2022 | 00:07:59 | |
The major SolarWinds campaign has been generating headlines for weeks now. And while its specific targets make this attack unique, this is far from the first-ever supply chain attack. So what is a supply chain attack? And should your organization be prepared for them? In this episode of Talos Takes, Nick Biasini talks about the history of supply chain attacks, and how they can even be traced back to the 1970s. | |||
| Talos Takes Ep. #36: Ransomware's big 2020 | 12 Aug 2022 | 00:07:09 | |
Everything was on fire this year, and the internet was no different. Ransomware was the leading cause of headaches and late night for defenders and IT experts this year. On the latest Talos Takes episode (and last of 2020), Azim Khodjibaev joins us to talk about ransomware’s big year. We talk about why adversaries wanted to go big-game hunting, and what this could mean for trends in 2021. | |||
| Talos Takes Ep. #46 (XL Edition): Snort 3 roundtable discussion | 12 Aug 2022 | 00:53:12 | |
We’ve got another special XL episode this week, this time about Snort 3. This roundtable covers everything you could know about Snort 3’s life, going back as far as its inception in the early 2010s. We even went out of our way to get Marty Roesch, the creator of Snort. Marty, along with our other panelists, discusses the origins of Snort 3, what benefits you can gain by upgrading and what other features you can expect to see in the future. | |||
| Talos Takes Ep. #35: If a deal seems too good to be true, it probably is | 12 Aug 2022 | 00:05:38 | |
More shoppers are expected to buy online this year than ever. Everyone’s encouraged to stay home and avoid lines and crowds due to the COVID-19 pandemic, which has left retailers offering deals earlier in November than ever before. So how can you stay safe while doing all your holiday shopping online? In this episode of Talos Takes, we’ll talk through some of the common schemes we’re seeing and talk about what makes this year unique when it comes to spam campaigns. | |||
| Talos Takes Ep. #34: Free and low-cost security tools | 12 Aug 2022 | 00:07:04 | |
Say you’ve got the basics of security down, and now you want to start putting it into practice. Where do you start? In this Talos Takes episode, we run through some free and low-cost security tools anyone can use to beef up their network. We talk about Snort, built-in security tools on operating systems and more. | |||
| How Talos IR and Splunk are teaming up | 13 Sep 2024 | 00:21:21 | |
Hazel Burton steps in as guest host this week to talk to Brad Garnett, the head of Cisco Talos Incident Response, and JK Lialias, the head of cybersecurity product marketing for Splunk. Brad and JK share two exciting in which Talos is being incorporated into Splunk now, and what that means for the ways we can keep users more secure. They also talk about what better visibility into attacker trends means for the end user and defenders. | |||
| Talos Takes Ep. #33: How to talk to your parents about cyber security | 12 Aug 2022 | 00:08:05 | |
It’s National Cyber Security Awareness Month! And you know what that means? It’s time to make everyone more aware! Since we all have that special someone in our lives who could use a refresher on internet hygenie, we figured it was time to talk about bringing up the topic of security to your friends and family who may not be as computer literate as you are. Jon Munshaw and Nick Biasini talk about basic tips to give even your oldest family members and user-friendly programs and services that can improve everyone’s security. | |||
| Talos Takes Ep. #32: How to keep your children safe while they attend school online | 12 Aug 2022 | 00:08:08 | |
Jon doesn’t have any children. So he found someone who does — Beers with Talos’ own Craig Williams — to talk about remote learning. Children are back to school, and many of them are doing so online. Craig and Jon talk about DNS filters, parental controls, meeting passwords and more that are sure to help parents and teachers adjust to this new normal. | |||
| Talos Takes Ep. #28: Sharing information on information-sharing | 12 Aug 2022 | 00:10:41 | |
Talos intakes a ridiculous amount of information every day. So how do we parse what is and isn’t important enough to share? In this episode of Talos Takes, Amy Henderson from our Threat Intelligence and Interdiction team talks about our information-sharing partnerships with both private and public entities. How do we disseminate important information to our friends in the field? And why are security organizations like the Cyber Threat Alliance so important? | |||
| Talos Takes Ep. #27: Why are we so obsessed with attribution? | 12 Aug 2022 | 00:09:56 | |
On this episode of Talos Takes, we talk all about attribution. Our guest, Martin Lee, recently co-authored a post on the hurdles government agencies and private researchers alike face when trying to place blame for a cyber attack. Martin talks about why we’re so obsessed with placing the blame, what false flags are and what helpful things can actually come from attributing a threat. | |||
| Talos Takes Ep. #26: How to safely browse the web | 12 Aug 2022 | 00:08:11 | |
There are so many options now for basic web browsing. There are ad-blocking plugins, privacy browsers, incognito mode, password managers — but for the average user, this can be a lot to keep up with. In this episode of Talos Takes, we dissect all these options and talk about what your best options are to keep your information safe while doing some everyday web browsing. | |||
| Talos Takes Ep. #25: WastedLocker | 12 Aug 2022 | 00:05:17 | |
This week’s Talos Takes episode is another malware deep dive. Edmund Brumaghin joins the show to talk about WastedLocker, a recent ransomware family he and some other Talos researchers reverse-engineered. Here’s everything you need to know about what makes this threat unique and how it uses LoLBins to survive. | |||
| Talos Takes Ep. #23: How Talos utilizes honeypots | 12 Aug 2022 | 00:10:31 | |
Honeypots are an important part of threat research and detection. In this episode of Talos Takes, we talk to Christopher Evans, who is our resident honeypot expert at Talos. Chris talks about how he uses them every day, why they’re important to Talos’ overall mission and balancing the use of them with the potential for making attackers smarter. | |||
| Talos Takes Ep. #24: LoLBins | 12 Aug 2022 | 00:05:27 | |
LoLBins sound like they’d be funny, but they’re anything but. These “living-off-the-land binaries” make it so that attackers can more easily hide on your system as they disguise themselves as legitimate processes. On this episode of Talos Takes, Nick Biasini talks about what LoLBins are, exactly, how adversaries use them and how you can spot them on your environment. | |||
| Talos Takes Ep. #29: Election security roundtable excerpt | 12 Aug 2022 | 00:06:56 | |
This week’s episode is actually an excerpt from our recently released roundtable on disinformation and American election security. This is a small part of our larger discussion on fake news, state-sponsored actors using fake social media accounts, and what can be done to combat the spread of disinformation. To see the whole thing, https://www.youtube.com/channel/UCPZ1DtzQkStYBSG3GTNoyfg. | |||
| Talos Takes Ep. #22: Snort 101 | 12 Aug 2022 | 00:06:27 | |
The quick and dirty beginner’s guide to what Snort is and how to use. This the podcast accompaniment to the rest of our Snort 101 materials, which can be found on Snort.org/Resources. | |||
| Why the BlackByte ransomware group may be more active than we initially thought | 06 Sep 2024 | 00:09:21 | |
James Nutland from Talos' Threat Intelligence team joins the show this week to talk to Jon about his report on the BlackByte ransomware group. They cover why this group is actually more active than we initially thought, and check on the general state of ransomware at this point in 2024. | |||
| Talos Takes Ep. #21: What's really hiding inside the dark web | 12 Aug 2022 | 00:09:02 | |
The dark web sounds scary — and it is. But what exactly does this dark web consist of? Despite what the name may suggest, it’s actually not people selling organs or stolen video games that happened to fall off the back of a truck. But what is actually on these forums? Azim Khodjibaev joins Jon Munshaw this week to discuss his experience with the dark web. | |||
| Talos Takes Ep. #20: What is an APT, exactly? | 12 Aug 2022 | 00:06:37 | |
We use the term “APT” in cyber security a lot. But what does it mean, exactly? Does a group have to break a certain threshold to become an APT? Does the term refer to a specific malware family or a group of actors? On this week’s Talos Takes, Jon Munshaw talks to Azim from Talos’ Threat Intelligence team about this very topic. | |||
| Talos Takes Ep. #19: How to keep your online meetings safe | 12 Aug 2022 | 00:05:05 | |
Everyone is meeting virtually now. Whether it be important business or the average happy hour with friends and family, there’s no shortage of invites to chat rooms, presentations and software you’ve never heard of before you started working from home. And, of course, this software comes with its own set of security concerns and vulnerabilities. So Matt Valites joins Jon Munshaw this week to talk about the basics of securing your next friendly meetup or presentation to the board. | |||
© My Podcast Data