Cisco’s security team Talos posted very interesting research on a common exploit kit known as RIG (previously known as Goon). The original post can be found HERE.
Exploit Kits are one of the biggest threats that affects users, both inside and outside the enterprise, as it indiscriminately compromises simply by visiting a web site, delivering a malicious payload. One of the challenges with exploit kits is at any given time there are numerous kits active on the Internet. RIG is one of these exploit kits that is always around delivering malicious payloads to unsuspecting users. RIG first appeared in our telemetry back in November of 2013, back then we referred to it as Goon, today it’s known as RIG.
We started focusing on RIG and found some interesting data similar to what we found while analyzing Angler. This post will discuss RIG, findings in the data, and what actions were taken as a result. Continue reading →
Cisco Systems just released the 2015 Midyear Security Report found HERE. This report provides an overview of major threats observed in the first half of 2015. There are also parts that look at future trends and offers for small, midsize and enterprise organizations. Topics on the latest threats include exploit kits, Microsoft office exploits, malware research, java exploits and so on. Its free to download. Check it out.
Today Cisco announced the full integration of Application Centric Infrastructure (ACI) embedded security with the threat detection of FirePOWER Next Generation Intrusion Prevention System (NGIPS), providing automated threat protection to combat emerging datacenter security threats. Combining best of breed FirePOWER NGIPS with ACI, customers are now able to build highly secure infrastructure with fine-grained control (including application level security), visibility and centralized automation all the way from infrastructure to the application level. In addition, customers benefit from lower total cost of ownership including infrastructure and management costs as well as costs associated with security breaches. Cisco also announced that ACI is now validated by independent auditors for deployment in PCI compliant networks, which can help reduce the scope of a PCI audit and lower audit costs and time.
Cisco just announced the intent to acquire Embrane (see the Cisco blog HERE or Embrane announcement HERE). This will enhance efforts Cisco has invested in its Application Centric Infrastructure (ACI) project (more found HERE) by adding the ability to centrally manage network services on a per-application basis very quickly. Embrane is able to provide application-centric network services such as firewalls, VPNs, load balancers and SSL off engines making a nice fit into the Cisco catalog.
The security research team at Cisco known as Talos released a huge discovery of complete hidden whois data attached to more than 282,000 domains registered through the company’s Google Apps for work service. This accounts for around 94% of the addresses Google Apps has registered through a partnership with eNom. The original post can be found HERE. The post was created by Nick Biasini, Alex Chiu, Jaeson Schultz, Craig Williams and William McVey.Continue reading →
This post will cover how to install Cisco Sourcefire FireSIGHT / Defense Center on a environment aka a virtualized FireSIGHT manager. The purpose is to setup the management system for central management of ASAx series appliances running the FirePOWER services. For more information on how to use Cisco Soucefire FireSIGHT and FirePOWER services go HERE. For more information on licensing go HERE. For more information on setting up the ASAx with FirePOWER services go HERE. Continue reading →
I am asked about Cisco Next Generation Security aka FireSIGHT licensing at least once a week. This post will explain the license options for Cisco FirePOWER and what is needed to request demo licenses to enable your demo system. NOTE: This is the current license model as of March 8th 2015.
For those that are not familiar with the new Cisco FirePOWER offering, it is a blend of Content Filtering, Reputation Security, Application Visibility and Controls, Vulnerability Scanning, IPS/IDS, Network and Endpoint Day Zero protection. These features are offered as a dedicated physical or virtual appliance, as a software option ran inside of a X generation ASA or as a Cloud service. For the dedicated appliance, virtual appliance and ASA version, there are three license options. Continue reading →
Earl Carter and Craig Williams from the Cisco Security Blog posted a great article on a recent wave of taxed related spear-phishing attacks (original post found HERE). What is interesting is how attackers leverage current trends as the theme for their malware. For example, we will probably see a bunch of March Madness attacks along with Tax related phishing this month since thats what people are searching for online. This contradictions the old belief that “safe searching” aka not going to adult websites or searching for free software will keep you safe from malware. The reality is the attackers want the most bang for their buck so they will target where the most people are at. In March, thats Tax season and March Madness. Here is the post from Cisco. Continue reading →