Cisco Blogs

Cisco Blog > Threat Research

Domain Shadowing Goes Nuclear: A Story in Failed Sophistication

This post was authored by Nick Biasini

Exploit Kits are constantly altering their techniques to compromise additional users while also evading detection. Talos sees various campaigns start and stop for different exploit kits all the time. Lately a lot of focus has been put on Angler, and rightly so since it has been innovating continually. Nuclear is another sophisticated exploit kit that is constantly active. However, over the last several weeks the activity had ramped down considerably to a small trickle. Starting several days ago that activity began ramping up again and Talos has uncovered some interesting findings during its analysis.

There are several large scale concurrent campaigns going on with Nuclear right now, but one in particular stood out. This campaign is using some familiar techniques borrowed from other exploit kits as well as a new layer of sophistication being added with mixed success. Attackers are always trying to work the balance of evasion and effectiveness trying to evade detection while still being effective in compromising systems. This is especially evident in those hacking for monetary gain in non-targeted attacks. Talos has found a Nuclear campaign using both Domain Shadowing and HTTP 302 cushioning prevalent in Angler. The biggest change is that it appears to be so sophisticated that it’s not working properly. Read More »

Tags: , ,

Cisco brings proven ASA security to AWS marketplace customers

We are very excited to announce the availability of Cisco’s best-selling Cisco Adaptive Security Virtual Appliance (ASAv) for the Amazon Web Services (AWS) cloud platform.

Our customers can now use Cisco ASAv to protect their on-demand AWS workloads and achieve consistency across hybrid cloud environments. The Cisco Adaptive Security Virtual Appliance (ASAv) runs the same software as physical Cisco ASAs to deliver proven security functionality in a virtual form factor.

Cisco ASAv on the AWS Marketplace offers: Read More »

Tags: , , ,

Delivering Advanced Threat Protection with AnyConnect 4.1

The rise of malware created specifically for endpoints like mobile devices is forcing IT Security teams to focus increasingly on endpoint security solutions. According to a survey by the Ponemon Institute[1] published in January, 75 percent of respondents (an increase from 68 percent in last year’s study) believe their mobile endpoints have been the target of malware over the past 12 months. Read More »

Tags: , , ,

Enabling the Next-Generation Data Center with FirePOWER + ACI Security

As IT organizations look to the cloud to become more efficient and achieve the agility their business demands, one of the biggest security challenges they typically face is right at the heart of any enterprise – the data center. In cloud environments, where applications have to be location-independent and mobile, it can be overwhelming to manage traffic that needs to go to specific security services when you have applications that are mobile, but physical security that’s not. To secure these virtual and mobile applications, a new security framework must be deployed – one that works equally well within the physical and virtualization layer of the data center, and addresses additional requirements of scalable, multitenant environments. Read More »

Tags: , , ,

Microsoft Patch Tuesday – June 2015

Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release sees a total of 8 bulletins being released which address 45 CVE. Two of the bulletins are listed as Critical and address vulnerabilities in Internet Explorer and Windows Media Player. The remaining six bulletins are marked as Important and address vulnerabilities in Microsoft Office, Windows Kernel, Active Directory, Microsoft Exchange Server, and Microsoft Common Controls.

Read More »

Tags: , , , ,