This post was authored by Nick Biasini
Exploit Kits are constantly altering their techniques to compromise additional users while also evading detection. Talos sees various campaigns start and stop for different exploit kits all the time. Lately a lot of focus has been put on Angler, and rightly so since it has been innovating continually. Nuclear is another sophisticated exploit kit that is constantly active. However, over the last several weeks the activity had ramped down considerably to a small trickle. Starting several days ago that activity began ramping up again and Talos has uncovered some interesting findings during its analysis.
There are several large scale concurrent campaigns going on with Nuclear right now, but one in particular stood out. This campaign is using some familiar techniques borrowed from other exploit kits as well as a new layer of sophistication being added with mixed success. Attackers are always trying to work the balance of evasion and effectiveness trying to evade detection while still being effective in compromising systems. This is especially evident in those hacking for monetary gain in non-targeted attacks. Talos has found a Nuclear campaign using both Domain Shadowing and HTTP 302 cushioning prevalent in Angler. The biggest change is that it appears to be so sophisticated that it’s not working properly. Read More »
Tags: domain shadowing, Nuclear EK, Talos
We are very excited to announce the availability of Cisco’s best-selling Cisco Adaptive Security Virtual Appliance (ASAv) for the Amazon Web Services (AWS) cloud platform.
Our customers can now use Cisco ASAv to protect their on-demand AWS workloads and achieve consistency across hybrid cloud environments. The Cisco Adaptive Security Virtual Appliance (ASAv) runs the same software as physical Cisco ASAs to deliver proven security functionality in a virtual form factor.
Cisco ASAv on the AWS Marketplace offers: Read More »
Tags: amazon, ASA, cloud, CLUS15
The rise of malware created specifically for endpoints like mobile devices is forcing IT Security teams to focus increasingly on endpoint security solutions. According to a survey by the Ponemon Institute published in January, 75 percent of respondents (an increase from 68 percent in last year’s study) believe their mobile endpoints have been the target of malware over the past 12 months. Read More »
Tags: AMP, anyconnect, CLUS15, security
As IT organizations look to the cloud to become more efficient and achieve the agility their business demands, one of the biggest security challenges they typically face is right at the heart of any enterprise – the data center. In cloud environments, where applications have to be location-independent and mobile, it can be overwhelming to manage traffic that needs to go to specific security services when you have applications that are mobile, but physical security that’s not. To secure these virtual and mobile applications, a new security framework must be deployed – one that works equally well within the physical and virtualization layer of the data center, and addresses additional requirements of scalable, multitenant environments. Read More »
Tags: ACI, AMP, CLUS15, security
Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release sees a total of 8 bulletins being released which address 45 CVE. Two of the bulletins are listed as Critical and address vulnerabilities in Internet Explorer and Windows Media Player. The remaining six bulletins are marked as Important and address vulnerabilities in Microsoft Office, Windows Kernel, Active Directory, Microsoft Exchange Server, and Microsoft Common Controls.
Read More »
Tags: coverage, ms tuesday, rules, security, Talos