The Cisco security research team Talos posted a very good article on their research of the Upatre malware. In summary, the malware has advanced its ability to hide in SSL encryption making it tougher to track. For some reason, the latest version of the malware also seems to be using a “Say No To Drones” PDF for delivery. You can find the original post HERE. Here are the details on this interesting research.
Talos has observed an explosion of malicious downloaders in 2015 which we’ve documented on several occasions on our blog. These downloaders provide a method for attackers to push different types of malware to endpoint systems easily and effectively. Upatre is an example of a malicious downloader Talos has been monitoring since late 2013. However, in the last 24-48 hours, things have shifted dramatically. We’ve monitored at least fifteen different spam campaigns that are active between one and two days. While the topic associated with the spam message has varied over time, the common attachment provided is a compressed file (.zip or .rar) that contains an executable made to look like a PDF document by changing the icon. Continue reading →
I have posted about Lancope’s StealthWatch product line in the past. You can find a basic overview covering StealthWatch and ISE HERE. How to setup a StealthWatch lab can be found HERE. In summary, the Lancope StealthWatch solution uses NetFlow to turn general network equipment such as routers, switches, data center virtual switching, wireless access points, etc into sensor points for security and network performance. Think of it as turning general network gear into a IDS with some IPS capabilities. Most modern network equipment supports NetFlow so its something you probably have but not harvesting for threat intelligence.
For those familiar with StealthWatch, you have seen the java based interface to carve into data. One major new innovation with the product line is a web based GUI. This post will give a brief demo of the new GUI interface. Continue reading →
(DDoS) attacks have been around for a while but still a major problem today. Fossbytes.com just published a post covering how Github is being slammed by a massive DDoS attack from China. The original post can be found HERE. Thefastcompany.com also posted about the attack still happening against GitHub HERE.
My buddy Aamir Lakhani wrote a great post on Open Whisper used for secure messaging. The original post can be found HERE. Here is the post from Aamir.
I have been waiting for almost a year for Open Whisper systems to release an iOS Apple compatible application for secure messaging. This is free, it’s open source, its easy to use. Download it now. Continue reading →
The people at techcrunch.com published a interesting article on the recent Blue Cross Breach. The original post can be found HERE. According to datalossdb.orb, they listed the following lost.
“Up to 11,000,000 member names, Social Security numbers, dates of birth, addresses, phone numbers, email addresses, member identification numbers, financial and medical claims details possibly accessed by hackers”
Now this isn’t as big as the Anthem breach (80,000,000) but still very substantial. Here is the post from techcrunch. Continue reading →
This post will cover how to install Cisco Sourcefire FireSIGHT / Defense Center on a environment aka a virtualized FireSIGHT manager. The purpose is to setup the management system for central management of ASAx series appliances running the FirePOWER services. For more information on how to use Cisco Soucefire FireSIGHT and FirePOWER services go HERE. For more information on licensing go HERE. For more information on setting up the ASAx with FirePOWER services go HERE. Continue reading →
Earl Carter and Craig Williams from the Cisco Security Blog posted a great article on a recent wave of taxed related spear-phishing attacks (original post found HERE). What is interesting is how attackers leverage current trends as the theme for their malware. For example, we will probably see a bunch of March Madness attacks along with Tax related phishing this month since thats what people are searching for online. This contradictions the old belief that “safe searching” aka not going to adult websites or searching for free software will keep you safe from malware. The reality is the attackers want the most bang for their buck so they will target where the most people are at. In March, thats Tax season and March Madness. Here is the post from Cisco. Continue reading →
I have been asked a bunch of times “Which is the more secure mobile platform? Android or iOS?”. There are tons of articles on this topic found by searching on Google. Here is my two cents on the topic.
When looking at AppleiOS and Android, both take completely different approaches to security giving pros and cons to each option. Apple is extremely strict with how applications can leverage resources while Android is open source. For example, Apple devices sandbox APPs meaning they can’t interact with other APPs. Only “jail broken” phones open up the ability for applications to interact with other resources. So for those thinking its smart to jailbreak your iPhone, just be warned that you are also putting your device at risk for compromise. Continue reading →