The Cisco security research team Talos posted a very good article on their research of the Upatre malware. In summary, the malware has advanced its ability to hide in SSL encryption making it tougher to track. For some reason, the latest version of the malware also seems to be using a “Say No To Drones” PDF for delivery. You can find the original post HERE. Here are the details on this interesting research.
Talos has observed an explosion of malicious downloaders in 2015 which we’ve documented on several occasions on our blog. These downloaders provide a method for attackers to push different types of malware to endpoint systems easily and effectively. Upatre is an example of a malicious downloader Talos has been monitoring since late 2013. However, in the last 24-48 hours, things have shifted dramatically. We’ve monitored at least fifteen different spam campaigns that are active between one and two days. While the topic associated with the spam message has varied over time, the common attachment provided is a compressed file (.zip or .rar) that contains an executable made to look like a PDF document by changing the icon. Continue reading →
Raytheon, a major American defense contractor just announced they will be acquiring Websense for 1.9 billion dollars. You can find more on the announcement from reuters.com HERE or from the bloomberg.com post HERE. Below is from the bloomberg post.
Raytheon Co. agreed to acquire Websense Inc. from private-equity firm Vista Equity Partners LLC for $1.9 billion and plans to combine it with its cyber-products unit, people with knowledge of the matter said. Continue reading →
Some people are starting to freak out about Leap Second like it is the next Y2K, which is strange. Just like Y2K, there is a fear that systems will crash due to time adjustments. The reality of it is yes, some systems will need to be patched or adjusted, but there is no reason to stock up on water and prepare for dooms day. Manufactures just dealt with this in June 2012 and will be prepared again this June. For those not familiar with Leap Second, this will be the 26th adjustment since 1972. For more information, check out an article on wired.com HERE.
Cisco published a Leap Second page HERE showing which products could be impacted by Leap Second and what is being offered to prepare prior to June 30th. This page will continue to update as we approach June so check out which products you own and how they may be impacted. Continue reading →
My buddy Aamir Lakahani wrote a cool post on how to create exploits with Metasploit. The original post can be found HERE.
Metasploit has the ability to create an executable payload. This can be extremely useful if you can get a target machine to run the executable. Attackers often use social engineering, phishing, and other attacks to get a victim to run a payload. If attackers can get their a victim to run a payload, there is no reason for an attacker to find and exploit vulnerable software.Continue reading →
Washington CNN posted about a recent breach of a unclassified system at the White House HERE. In summary, it is believed Russian hackers accessed a system that is considered unclassified yet contained some sensitive information such as the president’s schedule. The original article can be found below.
Russian hackers behind the damaging cyber intrusion of the State Department in recent months used that perch to penetrate sensitive parts of the White House computer system, according to U.S. officials briefed on the investigation.
Yahoo just posted a great article on the new Cisco Advanced Malware Protection Capabilities and Incident Response Services found HERE. In Summary, the day zero detection option available on multiple Cisco security products known as AMP added more ThreatGRID capabilities. One ThreatGRID feature example is having the ability to submit identified low prevalent files for dynamic malware analysis (IE if a file seems funny, submit it to cisco to evaluate it for threats). This can help surface previously undetected and targeted threats that were only seen by a small number of users. There are also end point indicators of compromises (iocs) that provide deeper levels of investigation on lesser known advanced threats specific to applications in a customer’s environment.
The Incident Response Services span infrastructure breach preparedness assessments, security operations readiness assessments and breach communications assessments among others. Here is the article from Yahoo covering the details. Continue reading →
Check Point announced they will be acquiring Lacoon Mobile Security. You can find Check Point’s formal announcement HERE. In summary, the dollar amount wasn’t announced but estimated to be a 80-100 million dollar acquisition and the second Isreal based company acquired by Check Point. Lacoon offers a solution that protection mobile users from zero-day attacks, remote takeovers of apps, data theft and attempts to harm user data. So in summary, its a smartphone play.
I have posted about Lancope’s StealthWatch product line in the past. You can find a basic overview covering StealthWatch and ISE HERE. How to setup a StealthWatch lab can be found HERE. In summary, the Lancope StealthWatch solution uses NetFlow to turn general network equipment such as routers, switches, data center virtual switching, wireless access points, etc into sensor points for security and network performance. Think of it as turning general network gear into a IDS with some IPS capabilities. Most modern network equipment supports NetFlow so its something you probably have but not harvesting for threat intelligence.
For those familiar with StealthWatch, you have seen the java based interface to carve into data. One major new innovation with the product line is a web based GUI. This post will give a brief demo of the new GUI interface. Continue reading →