Cisco Talos just posted a very interested article on research around the DNSChanger Trojan. A summery of their post is how DNSChanger changes the host’s DNS settings so traffic is directed to a C&C network. Cisco talks about the trends they have seen from the massive amount of infected hosts and how the Trojan functions. The original post can be found HERE.
My buddy Dr. Chaos posted about why you need an SSL Certificate HERE. This is a simple 101 overview for those unaware of why this matters.
You can count on a Secure Sockets Layer Certificate to protect your website and customers from security threats. This technology will make sure that your site and private information is protected. There are a variety of different SSL Certificates out there. You want to choose the best one for your specific needs that will authenticate your site to browsers and customers. Continue reading →
This post will cover how to use a ASA5506 to test FirePOWER functions only using ASDM and command line. Best practices is to leverage a centralized manager however some people have asked if its possible to use the new ASDM management functions meaning performing a Proof of Value (POV) only using a single Cisco ASA5506. The steps will be similar to the recommended way however all management will happen in ASDM.
I posted about setting up a standard FirePOWER POV HERE. Using the standard approach IE having a separate manager offers more functions such as the built in vulnerability scanner and auto IPS tuning. Also the list price for a VM manager for up to two ASAs is dirt cheap. Regardless, some may want to stick with the ASDM manager. For those people, this post is for you. Continue reading →
Cisco’s security team Talos posted very interesting research on a common exploit kit known as RIG (previously known as Goon). The original post can be found HERE.
Exploit Kits are one of the biggest threats that affects users, both inside and outside the enterprise, as it indiscriminately compromises simply by visiting a web site, delivering a malicious payload. One of the challenges with exploit kits is at any given time there are numerous kits active on the Internet. RIG is one of these exploit kits that is always around delivering malicious payloads to unsuspecting users. RIG first appeared in our telemetry back in November of 2013, back then we referred to it as Goon, today it’s known as RIG.
We started focusing on RIG and found some interesting data similar to what we found while analyzing Angler. This post will discuss RIG, findings in the data, and what actions were taken as a result. Continue reading →
Amarjit Singh posted on drchaos.com about how China just added a new law regarding how the Chinese government can request to view encrypted communications. The original post can be found HERE.
China has passed a new law that goes into effect that will January 1st. It requires technology companies to comply with government requests to help with viewing encrypted communications, including handing over encryption keys. Continue reading →
Cisco posted a really good article on security for healthcare environments. Links can be found at the bottom of this post.
Safeguarding the privacy of patient information is critical for healthcare providers. However, Cisco has found that the industry’s security executives appear to have less understanding of the threats facing their organizations than executives in other industries. They also tend not to use the best tools for meeting security challenges. In the Cisco 2014 Security Capabilities Benchmark Study, we found that: Continue reading →
I posted about 5 Steps to Building and Operating an Effective Security Operations Center (SOC) on the Ciscopress (HERE) and informit (HERE) websites. The concepts come from my recent Cisco press book. Below is a the first part of the article and link to continue reading. Continue reading →