Cisco Blogs


Cisco Blog > Threat Research

Hook, Line & Sinker: Catching Unsuspecting Users Off Guard

This post was authored by Earl Carter.

Attackers are constantly looking for ways to monetize their malicious activity. In many instances this involves targeting user data and accounts. Talos continues to see phishing attacks targeting customers of multiple high profile financial institutions.  In the past couple of months, we have observed phishing attacks against various financial customers including credit card companies, banks, credit unions, and insurance companies, as well as online businesses such as Paypal and Amazon. These phishing attacks have gone old-school in that they either attach an HTML document or include HTML data in the actual email to present the user with official looking pages that appear to be from the actual businesses being targeted.

Read More »

Tags: , , ,

Responding to Third Party Vulnerabilities

We are now more than one year on from the release of HeartBleed, the first major vulnerability disclosed in widely used third-party code. This is an excellent point in time to look back at what Cisco and our customers have achieved since, including how the Cisco Product Security Incident Response Team (PSIRT) has evolved to meet this new type of threat. It’s also a key time for us to confirm and clarify our commitment to transparency in the vulnerability disclosure process.

Read More »

Tags: , , ,

Securing the Supply Chain is a Collaborative Effort

I’ve been thinking lately about how collaboration can work for the IT industry as we strive to address security. Cisco’s supply chain security capability focuses on three key exposures: taint, counterfeit and misuse of intellectual property.

Specifically, I’ve been thinking about how we might detect and mitigate against counterfeit ASICs. I have a hunch that working with the semiconductor industry, we can achieve this goal. Read More »

Tags: , ,

Domain Shadowing Goes Nuclear: A Story in Failed Sophistication

This post was authored by Nick Biasini

Exploit Kits are constantly altering their techniques to compromise additional users while also evading detection. Talos sees various campaigns start and stop for different exploit kits all the time. Lately a lot of focus has been put on Angler, and rightly so since it has been innovating continually. Nuclear is another sophisticated exploit kit that is constantly active. However, over the last several weeks the activity had ramped down considerably to a small trickle. Starting several days ago that activity began ramping up again and Talos has uncovered some interesting findings during its analysis.

There are several large scale concurrent campaigns going on with Nuclear right now, but one in particular stood out. This campaign is using some familiar techniques borrowed from other exploit kits as well as a new layer of sophistication being added with mixed success. Attackers are always trying to work the balance of evasion and effectiveness trying to evade detection while still being effective in compromising systems. This is especially evident in those hacking for monetary gain in non-targeted attacks. Talos has found a Nuclear campaign using both Domain Shadowing and HTTP 302 cushioning prevalent in Angler. The biggest change is that it appears to be so sophisticated that it’s not working properly. Read More »

Tags: , , ,

Cisco brings proven ASA security to AWS marketplace customers

We are very excited to announce the availability of Cisco’s best-selling Cisco Adaptive Security Virtual Appliance (ASAv) for the Amazon Web Services (AWS) cloud platform.

Our customers can now use Cisco ASAv to protect their on-demand AWS workloads and achieve consistency across hybrid cloud environments. The Cisco Adaptive Security Virtual Appliance (ASAv) runs the same software as physical Cisco ASAs to deliver proven security functionality in a virtual form factor.

Cisco ASAv on the AWS Marketplace offers: Read More »

Tags: , , ,