Threat Spotlight: Upatre – Say No to Drones, Say Yes to Malware

PDFMalwareThe Cisco security research team Talos posted a very good article on their research of the Upatre malware. In summary, the malware has advanced its ability to hide in SSL encryption making it tougher to track. For some reason, the latest version of the malware also seems to be using a “Say No To Drones” PDF for delivery. You can find the original post HERE. Here are the details on this interesting research.

Talos has observed an explosion of malicious downloaders in 2015 which we’ve documented on several occasions on our blog. These downloaders provide a method for attackers to push different types of malware to endpoint systems easily and effectively. Upatre is an example of a malicious downloader Talos has been monitoring since late 2013. However, in the last 24-48 hours, things have shifted dramatically. We’ve monitored at least fifteen different spam campaigns that are active between one and two days.  While the topic associated with the spam message has varied over time, the common attachment provided is a compressed file (.zip or .rar) that contains an executable made to look like a PDF document by changing the icon. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Raytheon to buy cybersecurity firm Websense in $1.9 billion deal

One of Raytheon's Integrated Defense buildings is seen in San DiegoRaytheon, a major American defense contractor just announced they will be acquiring Websense for 1.9 billion dollars. You can find more on the announcement from reuters.com HERE or from the bloomberg.com post HERE. Below is from the bloomberg post.

Raytheon Co. agreed to acquire Websense Inc. from private-equity firm Vista Equity Partners LLC for $1.9 billion and plans to combine it with its cyber-products unit, people with knowledge of the matter said. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

The Leap Second Impact On Cisco Products

leapsecondSome people are starting to freak out about Leap Second like it is the next Y2K, which is strange. Just like Y2K, there is a fear that systems will crash due to time adjustments. The reality of it is yes, some systems will need to be patched or adjusted, but there is no reason to stock up on water and prepare for dooms day. Manufactures just dealt with this in June 2012 and will be prepared again this June. For those not familiar with Leap Second, this will be the 26th adjustment since 1972. For more information, check out an article on wired.com HERE.

Cisco published a Leap Second page HERE showing which products could be impacted by Leap Second and what is being offered to prepare prior to June 30th. This page will continue to update as we approach June so check out which products you own and how they may be impacted.  Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

How the U.S. thinks Russians hacked the White House

hacked

Washington CNN posted about a recent breach of a unclassified system at the White House HERE. In summary, it is believed Russian hackers accessed a system that is considered unclassified yet contained some sensitive information such as the president’s schedule. The original article can be found below.

Russian hackers behind the damaging cyber intrusion of the State Department in recent months used that perch to penetrate sensitive parts of the White House computer system, according to U.S. officials briefed on the investigation.

Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Cisco Launches New Advanced Malware Protection Capabilities and Incident Response Services

malware1Yahoo just posted a great article on the new Cisco Advanced Malware Protection Capabilities and Incident Response Services found HERE. In Summary, the day zero detection option available on multiple Cisco security products known as AMP added more ThreatGRID capabilities. One ThreatGRID feature example is having the ability to submit identified low prevalent files for dynamic malware analysis (IE if a file seems funny, submit it to cisco to evaluate it for threats). This can help surface previously undetected and targeted threats that were only seen by a small number of users. There are also end point indicators of compromises (iocs) that provide deeper levels of investigation on lesser known advanced threats specific to applications in a customer’s environment.

The Incident Response Services span infrastructure breach preparedness assessments, security operations readiness assessments and breach communications assessments among others. Here is the article from Yahoo covering the details.  Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Check Point to Acquire Israels Lacoon Mobile Security

icona_tCheck Point announced they will be acquiring Lacoon Mobile Security. You can find Check Point’s formal announcement HERE. In summary, the dollar amount wasn’t announced but estimated to be a 80-100 million dollar acquisition and the second Isreal based company acquired by Check Point. Lacoon offers a solution that protection mobile users from zero-day attacks, remote takeovers of apps, data theft and attempts to harm user data. So in summary, its a smartphone play.

Zacks did a pretty good write up on the event. That post can be found HERE and below.  Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Cisco Announces Intent to Acquire Embrane

embraneCisco just announced the intent to acquire Embrane (see the Cisco blog HERE or Embrane announcement HERE). This will enhance efforts Cisco has invested in its Application Centric Infrastructure (ACI) project (more found HERE) by adding the ability to centrally manage network services on a per-application basis very quickly. Embrane is able to provide application-centric network services such as firewalls, VPNs, load balancers and SSL off engines making a nice fit into the Cisco catalog.

Here is the post from Cisco. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

GitHub Facing Massive DDoS Attack From China

github-ddos-attack-china-1(DDoS) attacks have been around for a while but still a major problem today. Fossbytes.com just published a post covering how Github is being slammed by a massive DDoS attack from China. The original post can be found HERE. Thefastcompany.com also posted about the attack still happening against GitHub HERE.

Here is the post from Fossbytes.com. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)