Best Cisco Talos Podcasts (2025)

1
Breaking Down Chaos: Tactics and Origins of a New RaaS Operation 15:33

Play Pause

20d ago15:33

15:33

Hazel is joined by threat intelligence researcher James Nutland to discuss Cisco Talos’ latest findings on the newly emerged Chaos ransomware group. Based on real-world incident response engagements, James breaks down Chaos’ fast, multi-threaded encryption, their use of social engineering and remote access tools like Quick Assist, and the group’s l…

1
So You Wanna Be an Incident Commander? Meet Alex Ryan 51:57

20d ago51:57

51:57

We welcome new Talos teammate and incident commander Alex Ryan to the pod this week. Bill, Joe and Hazel chat with Alex about what it really takes to lead through the chaos of a cybersecurity incident, from coordinating stressed-out teams, fielding exec questions, and making sure people eat. Much to Bill's dismay, we have something resembling a "fo…

1
Why Attackers Love Your Remote Access Tools 14:22

1M ago14:22

14:22

Attackers are increasingly abusing the same remote access tools that IT teams rely on every day. In this episode, Hazel sits down with Talos security researcher Pierre Cadieux to unpack why these legitimate tools have become such an effective tactic for adversaries. Pierre explains how the flexibility, legitimacy, and built-in capabilities of remot…

1
Terms and conceptions may apply 31:28

2M ago31:28

31:28

Welcome back to the podcast where the structure is theoretical and the only certainty is uncertainty. In this episode, the crew reassembles after a totally intentional and not-at-all accidental hiatus (blame is assigned, forgiveness is not). We cover: AI-assisted IVF (spoiler: it's mostly robots and headlines) The dawning of Mind-games-as-a-service…

1
Teaching LLMs to spot malicious PowerShell scripts 16:16

2M ago16:16

16:16

Hazel welcomes back Ryan Fetterman from the SURGe team to explore his new research on how large language models (LLMs) can assist those who work in security operations centers to identify malicious PowerShell scripts. From teaching LLMs through examples, to using retrieval-augmented generation and fine-tuning specialized models, Ryan walks us throu…

1
How cybercriminals are camouflaging threats as fake AI tool installers 17:05

3M ago17:05

17:05

Chetan Raghuprasad joins Hazel to discuss his threat hunting research into fake AI tool installers, which criminals are using to distribute ransomware, RATS, stealers and other destructive malware. He discusses the attack chain of three different campaigns, including one which even tries to justify its ransom as "humanitarian aid." For the full res…

1
Inside the attack chain: A new methodology for tracking compartmentalized threats 16:29

3M ago16:29

16:29

Edmund Brumaghin joins Hazel to discuss how threat actors (including state sponsored attackers), are increasingly compartmentalizing their attacks i.e they're bringing in specialist skillsets from other groups to handle different aspects of the attack chain. Edmund discusses why this is happening, and the challenges this poses for defenders when it…

1
Follow the motive: Rethinking defense against Initial Access Groups 16:38

3M ago16:38

16:38

In this episode, Hazel welcomes Talos researcher Ashley Shen to discuss the evolution of initial access brokers (IABs) and the importance of distinguishing between different types of IABs. We talk about the need for a new taxonomy to categorize IABs into three types: financially motivated (FIA), state-sponsored (SIA), and opportunistic (OIA) initia…

1
Year in Review special pt. 4: How AI is influencing the threat landscape? 32:19

4M ago32:19

32:19

A jam packed episode of guests means a slightly longer Talos Takes for your feed today! We welcome Amy Chang and Omar Santos from Cisco, Vitor Ventura from Talos, and Ryan Fetterman from Splunk. Together, we discuss how AI isn't rewriting the cybercrime playbook, but it is turbo charging some of the old tricks, particularly on the social engineerin…

1
Year in Review special part 3: Identity and MFA attacks 22:58

4M ago22:58

22:58

Steven Leung from Cisco Duo joins Hazel to discuss the prevalence of identity-based attacks, why they're happening, and the various methods attackers are using to circumvent MFA (Multi-Factor Authentication), based on data in Talos' 2024 Year in Review. Topics we touch on include phishing, push spray attacks, and Adversary-in-the Middle campaigns, …

1
Year in Review special part 2: The biggest ransomware trends 18:41

4M ago18:41

18:41

Azim Khodjibaev and Lexi DiScola join Hazel to discuss some of the most prolific ransomware groups (and why LockBit may end this year very differently to how they ended 2024). They also discuss the dominant techniques of ransomware actors, where low-profile tactics led to high-impact consequences. For the full analysis, download Talos' 2024 Year in…

1
Year in Review special part 1: vulnerabilities, email threats, and adversary tooling 18:15

4M ago18:15

18:15

Talos researchers Martin Lee and Thorsten Rosendahl join Hazel for the first of our dedicated episodes on the top findings from Talos' 2024 Year in Review. We discuss the vulnerabilities that attackers most targeted, how this compares with CISA's list, and how to protect network devices. Given how email lures are evolving, we spend some time chatti…

1
Year in Review 2024 43:37

5M ago43:37

43:37

Joe, Hazel, Bill and Dave break down Talos' Year in Review 2024 and discuss how and why cybercriminals have been leaning so heavily on attacks that are routed in stealth in simplicity. The team also provide insights into some of the topics of the report, including the top-targeted vulnerabilities of the year, network-based attacks, adversary toolse…

1
The truth about Tasmanian devils, and getting into cybersecurity 43:09

6M ago43:09

43:09

Bill springs a surprise topic on the team in this episode - how did you get into cybersecurity, and what skills have you brought with you throughout your career? What ensues is a rather lovely, vulnerable conversation that we hope will be helpful for anyone currently thinking about their next career move. Before that Dave has some surprising facts …

1
A blueprint for protecting major events 13:43

6M ago13:43

13:43

Have you ever wondered what it takes to put on a major event like a World Cup or the Olympics, and all the cybersecurity and threat intelligence that needs to be done beforehand? Today’s episode is all about that. Hazel is joined by one of our global Cisco Talos Incident Response leaders, Yuri Kramarz, who has helped some of the biggest events arou…

1
Why attackers are using hidden text salting to evade email filters 9:59

6M ago9:59

9:59

In this episode Hazel chats with Omid Mirzaei, a security research lead in the email threat research team at Cisco Talos. Omid and several Talos teammates recently released a blog on hidden text salting (or poisoning) within emails and how attackers are increasingly using this technique to evade detection, confuse email scanners, and essentially tr…

1
How to establish a threat intelligence program (Cisco Live EMEA preview) 16:01

7M ago16:01

16:01

It's an European takeover this week, as Hazel sits down with Talos EMEA threat researchers Martin Lee and Thorsten Rosendahl. They're heading to Cisco Live EMEA next week (February 9-14) to deliver a four hour session on how to establish a threat intelligence program. If you can't make it - here's a 15 minute version! Thorsten and Martin provide be…

1
Web shell frenzies, the first appearance of Interlock, and why hackers have the worst cybersecurity: IR Trends Q4 2024 13:59

7M ago13:59

13:59

Joe Marshall and Craig Jackson join Hazel to discuss the biggest takeaways from Cisco Talos Incident Response's latest Quarterly Trends report. This time the spotlight is on web shells and targeted web applications – both have seen large increases. There’s a brand new ransomware actor on the scene – we’ll talk about the new Interlock ransomware and…

1
Social Media Bans, Live Experiments, Cybersecurity Crosswords, and Nine Lives: The B team returns 37:08

7M ago37:08

37:08

More hijinks and silliness ensue in the second episode of the BWT B Team podcast. Joe shares his frustration with being involuntarily removed from a social media platform, Hazel conducts a live experiment, Dave talks about his newfound addiction to crossword puzzles and its parallels to cybersecurity, and Bill recommends the game "Nine Lives" and s…

1
Exploring vulnerable Windows drivers 15:24

7M ago15:24

15:24

Hazel sits down with Vanja Svajcer from Talos' threat research team. Vanja is a prolific malware hunter and this time he's here to talk about vulnerable Windows drivers. We've been covering these drivers quite a bit on the Talos blog over the last year, and during our research we investigated classes of vulnerabilities typically exploited by threat…

1
It's the 35th anniversary of ransomware - let's talk about the major shifts and changes 23:28

8M ago23:28

23:28

Ransomware is 35 years old this month, which isn't exactly something to celebrate. But in any case, do join Hazel and special guest Martin Lee to discuss what happened in the very first ransomware incident in December 1989 and why IT "wasn't ready". They then discuss how ransomware evolved to become the criminal entity it is today, which involves l…

1
Misadventures, Rabbit Holes, and Turkey Lurkey Goes to the Movies 47:52

9M ago47:52

47:52

With Mitch, Matt and Lurene currently stuck in the void, the Beers with Talos B team duly elect themselves to reopen the sacred BWT airwaves with their own brand of nonsense. Hazel, Joe, Bill and Dave each share the security rabbit hole they went down this week - from analyst in-jokes about AI, oligarchs and bad actors refusing to learn good op sec…

1
Unwrapping the emerging Interlock ransomware attack 15:02

9M ago15:02

15:02

Chetan Raghuprasad is our guest today as he breaks down the relatively new Interlock ransomware attack. Cisco Talos Incident Response recently observed this attacker conducting big-game hunting and double extortion attacks. Chetan talks about the initial access tactics, deployment of the ransomware encryptor, and how Interlock communicates with its…

1
It's Taplunk! Talos and Splunk threat researchers meet to put the security world to rights 50:38

10M ago50:38

50:38

What happens when two sets of threat researchers from Talos and Splunk's SURGe team meet? Aside from some highly controversial opinions and omissions about the best horror movie, the team discuss what security trends are FUD, and what's actually fearful/ most challenging at the moment. Also, what is the security industry not aware of enough, and al…

1
The biggest takeaways from Talos IR's new report: New ransomware variants, EDR tool uninstallation, and password spray attacks increasing 15:26

10M ago15:26

15:26

The Talos IR Quarterly Trends Q3 2024 is out now! In this episode Hazel Burton, Craig Jackson and Bill Largent discuss three big themes: some new ransomware players, the 'Bring Your Own Vulnerable Driver' trend, and why password spray attacks are making a comeback. Check out the full report at https://blog.talosintelligence.com/incident-response-tr…

1
How Talos IR and Splunk are teaming up 21:21

11M ago21:21

21:21

Hazel Burton steps in as guest host this week to talk to Brad Garnett, the head of Cisco Talos Incident Response, and JK Lialias, the head of cybersecurity product marketing for Splunk. Brad and JK share two exciting in which Talos is being incorporated into Splunk now, and what that means for the ways we can keep users more secure. They also talk …

1
Why the BlackByte ransomware group may be more active than we initially thought 9:21

12M ago9:21

9:21

James Nutland from Talos' Threat Intelligence team joins the show this week to talk to Jon about his report on the BlackByte ransomware group. They cover why this group is actually more active than we initially thought, and check on the general state of ransomware at this point in 2024.By Cisco Talos

1
AI, critical infrastructure dominate conversation at Hacker Summer Camp 14:07

12M ago14:07

14:07

It's quite the gang for Talos Takes this week with Joe Marshall, Nick Biasini and Mick Baccio (from Splunk's SURGe team) joining Jon this week to recap Black Hat and DEF CON. They share all the conversations and talking points they heard around AI, and the renewed importance of a software bill of goods for industrial control system environments.…

1
A 1-on-1 with Talos VP Matt Watchinski 30:04

1y ago30:04

30:04

He's been here since the beginning, and now he's ready to reflect on the past 10 years of Cisco Talos. Matt Watchinski, the Vice President of Talos for Cisco, joins Jon this week to talk about Talos' recently celebrated 10th birthday and talk about the company's origins, how we've managed to balance growth and culture, and his favorite memories fro…

1
What should we be doing to better support open-source software? 11:03

1y ago11:03

11:03

People who maintain, create and update open-source software are the unsung heroes of the internet. Their work keeps much of our networks running on a daily basis, and the vast majority of them do it for free! While there are some security pitfalls that can come with using OS software, Martin Lee and Jon get together to discuss what (if anything) we…

1
Black Hat 2024 preview 38:20

1y ago38:20

38:20

It's been a while huh? Apologies for our absence, but the team are back with a run through of everything we've got going on at Black Hat - from our 10 year birthday celebrations, the interesting lightning talks in our booth, and Joe Marshall's "Backdoors and Breaches" game. Come and visit us at Cisco Booth 1732 and Splunk Booth 1940. Before that, M…

1
Threat actor trends and the most prevalent malware from the past quarter 15:57

1y ago15:57

15:57

Hazel Burton guest hosts this week to recap the top threats observed by Cisco Talos Incident Response (Talos IR) in the second quarter of 2024. She’s then joined by Talos’ Joe Marshall and Craig Jackson to pick out some of the most interesting stories from the report.By Cisco Talos

1
You got a data breach notification. Now what? 22:03

1y ago22:03

22:03

Joe Marshall, Talos' resident ICS and IoT expert, and Pierre Cadieux from Talos Incident Response join Jon this week to discuss data breaches. Between Snowflake, AT&T, Ticketmaster and more, we should probably assume our data has been part of a leak somewhere. So what steps should you take to prepare for this inevitability? Or what should you do wh…

1
What we learned from studying the TTPs of the 14 most active ransomware groups 8:15

1y ago8:15

8:15

Fresh off an analysis of the 14 most active ransomware groups, James Nutland joins Jon this week to discuss his findings. They talk about the most common TTPs shared among these groups, and the potential outliers among these gangs and how they try to infect victims. For more on this topic, watch the inaugural episode of "The Talos Threat Perspectiv…

1
Time to catch up on the wide-reaching Snowflake incident 16:57

1y ago16:57

16:57

Over 160 companies have been affected by a data breach at data storage company Snowflake, including Ticketmaster, Nieman Marcus and more. But the issue wasn't a security vulnerability or some sophisticated malware — it was just someone who exposed their login credentials at a different company. Host Jon Munshaw got Pierre Cadieux from Talos IR and …

1
Everything we know about denial-of-service attacks in 2024 10:10

1y ago10:10

10:10

You may think a DDoS attack is so early aughts. But some of the largest attacks of this type have occurred in just the past few years. Talos recently updated our advice for how to best mitigate and prepare for this threat, so Aliza Johnson from Talos' Threat Intelligence & Interdiction team joins the show this week to discuss her recent findings an…

1
The many shades of LilacSquid 10:00

1y ago10:00

10:00

Anna Bennett, one of Talos' threat hunters, joins the show this week to talk about one of her recent findings — the LilacSquid APT. This is a newly discovered threat actor that Talos found hiding on networks for months and years at a time, silently stealing sensitive information the entire time. Anna discusses LilacSquid's activities, potential mot…

1
A mid-year checkin on Volt Typhoon 11:20

1y ago11:20

11:20

The Volt Typhoon threat actor is one of the longest-running cybersecurity storylines this year. The Chinese state-sponsored actor has already been accused of a range of attacks, specifically targeting critical infrastructure and U.S. military bases. Since it's been a few months without any new developments with this group, we thought it'd be a good…

1
How much has AI helped bad actors who spread disinformation? 19:20

1y ago19:20

19:20

Inspired by his quotes in a recent CNBC article, Jon Munshaw wanted to have Martin Lee on the show this week to discuss AI and how adversaries can use these tools to create deepfakes and disinformation. Martin shares why he thinks the threats of increasing fake news with the advent of AI tools are a bit overblown, and how the dangers in spreading f…

1
Recapping RSA 12:15

1+ y ago12:15

12:15

Nicole Hoffman, fresh off her trip to the RSA Conference, joins host Jon Munshaw this week to talk about her major takeaways from the week in San Francisco. Nicole talks about how most of the discussions on the floor centered around AI, and what lessons other defenders are learning from some of our past mistakes. If you'd like to check out Nicole's…

1
Why CoralRaider is looking to steal your login credentials 6:45

1+ y ago6:45

6:45

Joey Chen from Talos' Outreach team is here to tell us all about his research into the CoralRaider threat actor. He's helped write two posts on the recently discovered APT, disclosing new information about how this Vietnamese-based actor is targeting login credentials. After stealing those credentials, they go on to try and sell them on the dark we…

1
4 takeaways from what Talos IR is seeing in the field 14:15

1+ y ago14:15

14:15

Hazel Burton steps in to host this week's episode as we cover the recent Cisco Talos Incident Response Quarterly Trends Report from the first quarter of this year. Hazel talks to different Talosians to find out why business email compromise is on the rise, how attackers are bypassing MFA, and more.By Cisco Talos

1
How to defend against brute force attacks 7:30

1+ y ago7:30

7:30

After a recent spike in brute force attempts targeting SSH and VPN services, we felt it was a good time to give listeners a lesson on brute force attacks. Nick Biasini joins host Jon Munshaw this week to discuss the basics of these methods, how administrators can protect their accounts, and other potential defense mechanisms (or whether to just tak…