DNSChanger Outbreak Linked to Adware Install Base

DNSChanger11Cisco Talos just posted a very interested article on research around the DNSChanger Trojan. A summery of their post is how DNSChanger changes the host’s DNS settings so traffic is directed to a C&C network. Cisco talks about the trends they have seen from the massive amount of infected hosts and how the Trojan functions. The original post can be found HERE.

Late last autumn, the detector described in one of our previous posts, Cognitive Research: Learning Detectors of Malicious Network Traffic, started to pick up a handful of infected hosts exhibiting a new kind of malware behavior. Initially, the number of infections were quite low, and nothing had drawn particular attention to the findings. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Why You Need an SSL Certificate

certificate1My buddy Dr. Chaos posted about why you need an SSL Certificate HERE. This is a simple 101 overview for those unaware of why this matters.

You can count on a Secure Sockets Layer Certificate to protect your website and customers from security threats. This technology will make sure that your site and private information is protected. There are a variety of different SSL Certificates out there. You want to choose the best one for your specific needs that will authenticate your site to browsers and customers. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Configure Cisco ASA5506 For Proof Of Value With FirePOWER 6.0

Security-ASA-5506-X_frnt_lt_1000This post will cover how to use a ASA5506 to test FirePOWER functions only using ASDM and command line. Best practices is to leverage a centralized manager however some people have asked if its possible to use the new ASDM management functions meaning performing a Proof of Value (POV) only using a single Cisco ASA5506. The steps will be similar to the recommended way however all management will happen in ASDM.

I posted about setting up a standard FirePOWER POV HERE. Using the standard approach IE having a separate manager offers more functions such as the built in vulnerability scanner and auto IPS tuning. Also the list price for a VM manager for up to two ASAs is dirt cheap. Regardless, some may want to stick with the ASDM manager. For those people, this post is for you. Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (2 votes cast)

Rigging Compromise – Rig Exploit Kit

malware_keyboard_idg-100311220-primary.idgeCisco’s security team Talos posted very interesting research on a common exploit kit known as RIG (previously known as Goon). The original post can be found HERE.

Exploit Kits are one of the biggest threats that affects users, both inside and outside the enterprise, as it indiscriminately compromises simply by visiting a web site, delivering a malicious payload. One of the challenges with exploit kits is at any given time there are numerous kits active on the Internet. RIG is one of these exploit kits that is always around delivering malicious payloads to unsuspecting users. RIG first appeared in our telemetry back in November of 2013, back then we referred to it as Goon, today it’s known as RIG.

We started focusing on RIG and found some interesting data similar to what we found while analyzing Angler. This post will discuss RIG, findings in the data, and what actions were taken as a result. Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (1 vote cast)

Ransom32 – First JavaScript-powered Ransomware affecting Windows, Mac and Linux

Ransom32Thehackernews.com posted a interesting article on a new ransomware that leverages JavaScript called Ransom32. The original post can be found HERE. Here’s New Year’s first Ransomware: Ransom32.
A new Ransomware-as-a-service, dubbed Ransom32, has been spotted that for the first time uses a ransomware written in JavaScript to infect Mac, Windows as well as Linux machines.

Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

China passes law to curtail encryption

data1Amarjit Singh posted on drchaos.com about how China just added a new law regarding how the Chinese government can request to view encrypted communications. The original post can be found HERE.

China has passed a new law that goes into effect that will January 1st. It requires technology companies to comply with government requests to help with viewing encrypted communications, including handing over encryption keys. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Healthcare Security: Improving Network Defenses While Serving Patients

CiscoHealth1Cisco posted a really good article on security for healthcare environments. Links can be found at the bottom of this post.

Safeguarding the privacy of patient information is critical for healthcare providers. However, Cisco has found that the industry’s security executives appear to have less understanding of the threats facing their organizations than executives in other industries. They also tend not to use the best tools for meeting security challenges. In the Cisco 2014 Security Capabilities Benchmark Study, we found that: Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

5 Steps to Building and Operating an Effective Security Operations Center (SOC)

NewSOCBookCoverI posted about 5 Steps to Building and Operating an Effective Security Operations Center (SOC) on the Ciscopress (HERE) and informit (HERE) websites. The concepts come from my recent Cisco press book. Below is a the first part of the article and link to continue reading. Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (1 vote cast)