You can lock every window and bolt every door to keep out intruders, but it won’t be of much use if the attacker is already inside; if the attacker is an insider. Most security reports and headlines highlight stories of organizations that are attacked by an external party, but incident statistics highlight a growing number of attacks from insiders and partners. These incidents are real, and threaten your most sensitive information. How do you know when an insider is exfiltrating data from your organization? Cisco Managed Threat Defense (MTD) monitors for advanced network security intrusions using expert staff and OpenSOC, which Pablo Salazar introduced last month. Our staff has a decade of experience investigating security attacks and resolving benign anomalies. In my twelve years as an InfoSec professional, I’ve seen cases where employees conceal their activity for a variety of reasons. In one particularly interesting incident, it was discovered an employee was encrypting and obfuscating outbound traffic from his laptop over a period of several weeks, using for-purchase VPN software called Private Internet Access.
Talos Security Intelligence and Research Group noticed a reappearance of several Dridex email campaigns, starting last week and continuing into this week as well. Dridex is in a nutshell, malware designed to steal your financial account information. The attack attempts to get the user to install the malicious software on their system through an until lately, rarely exploited attack vector: Microsoft Office Macros. Recently, we noticed a resurgence of macro abuse. If macros are not enabled, social engineering techniques are utilized to try to get the user to enable them. Once the malware is installed on the system, it is designed to steal your online banking credentials when you access your banking site from an infected system.
Talos analyzed three separate campaigns in the last days, all distinguishable from their subject lines. Read More »
This post was authored by Yves Younan.
Today, Microsoft is releasing their final Update Tuesday of 2014. Last year, the end of year update was relatively large. This time, it’s relatively light with a total of seven bulletins, covering 24 CVEs. Three of those bulletins are rated critical and four are considered to be important. Microsoft has made a few changes to the way they report their bulletins. Microsoft has dropped the deployment priority (DP) rating, which was very much environment-specific and might not be all that useful for non-default installations. Instead, they are now providing an exploitability index (XI), which ranges from zero to three. With zero denoting active exploitation and three denoting that it’s unlikely that the vulnerability would be exploited. Another change is to more clearly report on how the vulnerability was disclosed: was Microsoft notified via coordinated vulnerability disclosure or was the vulnerability publicly known before being released? Read More »
Understanding and Addressing the Challenges of Managing Information Security – A More Responsive Approach
Just like bad weather conditions found in nature, such as typhoons, hurricanes, or snowstorms, technology system defects and vulnerabilities are inherent characteristics found in a cyber system environment.
Regardless of whether it’s a fair comparison, weather changes are part of the natural environment that we have little direct control over, whereas the cyber environment is fundamentally a human creation. Despite these differences, the choices we make do have a direct implication even if they are not obvious. Take for example the use of lead-based or diesel fuel in vehicles, or controlled burns in the forest to clear land for agricultural use. Both have negative effects on air quality. The same is true for information technology developers, whose actions in designing software programs may unknowingly create software bugs or potential security risks because of their interactions with other non-tested, non-secure network systems and cyber environments.
The week of November 10 was filled with learning and excitement for security technology enthusiasts at Cisco’s Bangalore campus as people gathered for SecCon-X 2014, Cisco’s largest annual cross-company security conference. The event scaled in scope and content compared to last year, starting with a dedicated customer engagement event, and was followed by two days of conference activities, including 21 presentations and 2 panel discussions by a varied mix of speakers and panelists from industry, academia, and Cisco. All the sessions were packed with 250+ participants and 350+ IP TV viewers each day, which was proof of how the Cisco community in Bangalore relished the event. The huge buzz around the vendor expo booths and the poster walls was heartening to see.
What was new this year?
- 11 boot camp and training sessions on a wide range of security technology topics.
- The Customer Engagement Event was a huge success with 20+ customers participating in the event, which enabled Cisco to communicate our vision, demonstrate our solutions, and hear from customers on the challenges they faced in the evolving threat landscape.
- Events like Hack Your Device (7 teams filed security defects on various products), Capture The Flag (116 participated and 10 captured all the flags), and a Lunch & Learn session for Cisco Women in Cyber Security, were well arranged and much appreciated by all attendees.