Cisco Talos wrote a awesome post following a attack campaign that leveraged malware using RAT capabilities. They cover research on how the malware is delivered using phishing via SPAM, what happens when the malware is executed and what they found as they monitored the malware installed in their lab / sandbox systems. I have wrote about another remote access tool (RAT) in the past here here and love how Talos included details on the tool DarkKomet used for this particular campaign. The original post can be found HERE. Its a little longer than the usual posts on here but worth the read.
Talos is constantly observing malicious spam campaigns delivering various different types of payloads. Common payloads include things like Dridex, Upatre, and various versions of Ransomware. One less common payload that Talos analyzes periodically are Remote Access Trojans or RATs. A recently observed spam campaign was using freeware remote access trojan DarkKomet (a.k.a DarkComet). This isn’t a novel approach since threat actors have been leveraging tools like DarkKomet or Hawkeye keylogger for quite sometime. Continue reading →
Well it has been a tough time for Katherine Archuleta. With the recent cyber breach and other pressures, she has decided to step down. The Wall Street Journal wrote a great post on this HERE. You can learn more about the breach on datalossdb.org. Below is taken from the Wall Street Journal post.
WASHINGTON— Katherine Archuleta, the embattled director of the Office of Personnel Management, resigned Friday after her office this week disclosed new details on the hacking of millions of federal employee records, telling President Barack Obama it was best for her to step aside and allow the office to move forward with new leadership. Continue reading →
People have asked me to recommend a tool that can be used to analyze files for viruses that does more than standard anti-virus. Usually the need is to prove something being flagged by a security product is actually malicious verses a false positive alert. There are enterprise level sandbox solutions such as Cisco’s ThreatGRID sandbox that offer this (more on this found HERE) however one very popular open source free option is Cuckoo. Continue reading →
Cisco’s research team Talos wrote a interesting article on their research on Phishing. The original post can be found HERE. For those that don’t know what Phishing is, its the cyber attack where a malicious party pretends to be a legitimate source with the goal to trick a victim into clicking a email, accessing a website, or just giving up sensitive data. Here is the Talos article. Continue reading →
Trendmicro wrote a very good report covering the deep and dark web found HERE. It is worth the read and includes many examples with screenshots of the types of goods and services sold as well as statistics of the types of users and systems seen over the last few years. Here is the intro from the report. Continue reading →
SAN JOSE, Calif. – June 30, 2015 – Today, Cisco announced its intent to acquire OpenDNS, a privately held security company based in San Francisco. OpenDNS provides advanced threat protection for any device, anywhere, anytime. The acquisition will boost Cisco’s Security Everywhere approach by adding broad visibility and threat intelligence from the OpenDNS cloud delivered platform. Continue reading →
I finally received a brand new ASA5506 and thought I would share my experience along with the new FirePOWER ASDM GUI. For those that are not aware of this release or the ASA series, the history goes like this. Cisco released the VPN concentrator and PIX firewall a long time ago. Eventually those technologies were consolidated into the Adaptive Security Appliance (ASA) series of appliances. The smallest 1st generation ASA is the 5505 that has been around for a long time and designed for small offices or home networks (shown in the above picture on the right). Cisco released a new line of ASA appliances known as the X series however didn’t release a replacement for the 5505 until this past March. That replacement is the ASA5506 (the black appliance on the left). Continue reading →