This post was authored by Nick Biasini
Late last week Talos researchers noticed a drastic uptick in Angler Exploit Kit activity. We have covered Angler previously, such as the discussion of domain shadowing. This exploit kit evolves on an almost constant basis. However, the recent activity caught our attention due to a change to the URL structure of the landing pages. This type of change doesn’t occur often and was coupled with some other interesting tidbits including how the HTTP 302 cushioning has evolved and the payload of another ransomware has changed.
During research Talos identified several active Angler campaigns delivering different payloads via different methods. The first campaign was delivering Cryptowall, which will be covered in detail here. The second delivered Bedep with click fraud and illustrates the variety with which Angler can be used to deliver different payloads. The details of Bedep with click fraud has been covered thoroughly and will not be specifically discussed in this article.
Cisco continues to strengthen the security in and around its products, solutions, and services. This week Cisco began providing a Secure Hash Algorithm (SHA) 512 bits (SHA512) checksum to validate downloaded images on www.cisco.com. Cisco already provided a Message Digest 5 (MD5) checksum as the secured hash of the software but the newer SHA512 hash value is now generated on all software images, creating a unique output that is more secure than the MD5 algorithm.
“In our increasingly interconnected world, the Internet of Everything is making trust a critical element of how people use network-connected devices to work, play, live, and learn. The relentless rise in information security breaches underscores the deep need for enterprises to trust that their systems, data, business partners, customers, and citizens are safe.” – John N. Stewart, SVP and Chief Security and Trust Officer at Cisco
Trust and security is more important than ever before throughout the industry. Why aren’t customers explicitly demanding it be in all their IT systems? Why aren’t they demanding software developed with processes and technologies that drive security into all aspects of IT systems they buy? Why aren’t they demanding supply chain security and strong data protection? In short, why aren’t they demanding IT vendors produce more robust and secure solutions? Read More »
New Email Security Release Adds Graymail Protection, Web Interaction Tracking, AMP Threat Grid, and More
Each day more than 100 billion corporate email messages are exchanged1. Who doesn’t need to do a little housekeeping and eliminate unwanted emails? But you need to think twice before you click on “unsubscribe.”
As you likely read in the 2015 Cisco Annual Security Report, attackers are using applications users inherently trust or view as benign, like web browser add-ons, to distribute malware. One of the latest phishing techniques is graymail – directing the “unsubscribe” link at the bottom of a seemingly innocuous marketing email to a malware infested website. Many of us click on these links without a second thought. But instead of ridding ourselves of unwanted emails, we’re actually opening ourselves up to an attack.
This is just one example of how attackers continue to innovate, and Cisco does as well. Our new AsyncOS release for Cisco Email Security Appliance (Cisco ESA) demonstrates how Cisco empowers you with a threat-centric approach to security and more comprehensive management control.