The city in the forest—Atlanta, Georgia—extended a double dose of Southern charm to Cisco in April by awarding two prestigious information security industry awards at the 2nd Annual CSO40 Awards. The awards program recognizes projects and initiatives demonstrating innovative use of security in delivering outstanding business value.
Top honors went to the teams representing Cisco’s Enterprise ACL Management (EACLM) and Unified Security Metrics (USM) projects. Team members included: EACLM – Mark Sullivan, Network Engineer and Oisin MacAlasdair, Technical Staff and Security Prime for networking; USM – Gerwin Tijink, Information Security (InfoSec) Architect, Hessel Heerebout, USM Program Manager, and Ranjan Jain, IT Architect and Security Prime.
This post is co-authored by Andrew Tsonchev, Jaeson Schultz, Alex Chiu, Seth Hanford, Craig Williams, Steven Poulson, and Joel Esler. Special thanks to co-author Brandon Stultz for the exploit reverse engineering.
Silverlight exploits are the drive-by flavor of the month. Exploit Kit (EK) owners are adding Silverlight to their update releases, and since April 23rd we have observed substantial traffic (often from Malvertising) being driven to Angler instances partially using Silverlight exploits. In fact in this particular Angler campaign, the attack is more specifically targeted at Flash and Silverlight vulnerabilities and though Java is available and an included reference in the original attack landing pages, it’s never triggered.
HTTP requests for a specific Angler Exploit Kit campaign
Angler exploit content types delivered to victims, application/x-gzip (Java) is notably absent
Those dealing with this issue on a day-to-day basis know it’s not enough to just patch the OpenSSL software library. Organizations also need to revoke and reissue digital certificates for their Heartbleed-vulnerable sites. If your certificates were stored in a Trust Anchor Module (TAM), they are still safe. Otherwise, a few additional steps should be taken to ensure you and your customers are secure: Read More »
This post explains how to inspect the contents of windows DNS cache. Inspection can be used to check DNS entries, revealing if any malicious websites are being visited.
A Domain Name Server’s (DNS) cache of DNS records can be inspected to determine if your network is interacting with suspicious or malicious internet sites. To perform this task, perform the following:
For Windows 2003 and prior versions, you must install Windows Support Tools. Once installed, inspect and export the DNS cache using the command prompt (cmd.exe) window.
For Windows 2008 and later, The Windows PowerShell is a more advanced version of Windows Support Tools and is installed by default. Use the PowerShell window or run the PowerShell Script from the command prompt window to inspect and export the DNS cache.
How to Inspect the Cache from the CMD Prompt
Windows 2003 and Prior Using dnscmd
From the support tools directory (\Program Files (x86)\Support Tools), run the following command to display the DNS cache output in the CMD window.
Cisco recently announced the availability of Managed Threat Defense (MTD), an innovative managed security solution that applies real-time, predictive analytics to detect attacks and protect against advanced malware across extended networks. MTD helps our customers address the ever-changing nature of threats that threaten their most important asset—data. MTD is delivered through a cost-effective business model that allows our customers to leverage Cisco’s investment in security technology, global threat intelligence knowledge base, talent, and global reach.
To learn more about MTD, watch the video datasheet below:
While developing this solution, the MTD development team talked to dozens of customers around the world. As a result of these discussions, two dominant themes emerged: