Researchers from the Cisco Talos Security Intelligence and Research Team recently discovered an elaborate attack dubbed the String of Paerls. The attack, a combined spearphishing and exploit attempt, was able to bypass most antivirus engines and used a targeted phishing email that included a malicious Word document attachment. Upon opening the Word attachment, a macro downloaded and launched an executable on the victim’s machine, which then called out to command and control servers.
In the graphic below you can see an illustration of each of the major steps of the attack. A common thread is that Cisco security provides protection against attacks like this one using the approach of integrated threat defense. Specifically, Advanced Malware Protection tools were used throughout the discovery and analysis process to expose the exploit.
For a complete play-by-play of this attack, read the String of Paerls blog post from Talos. For more about integrated threat defense in our products, see the new Cisco ASA with FirePOWER Services.
Tags: Advanced Malware Protection, AMP, malware, phishing, security, spear phishing, spearphishing
It’s the 25th anniversary of the film Field of Dreams, the movie about an Iowa farmer who hears a whisper that says, “If you build it, he will come.” Given the need for control with context for secure access initiatives, we did build it–and they have come.
After its introduction last year, momentum has continued for the Cisco Identity Services Engine (ISE) partner ecosystem, enabled by Cisco pxGrid, our robust context-sharing platform.
The Cisco ISE partner ecosystem began with an idea to create a group of best-in-class IT infrastructure partners who use the deeper level of contextual data collected by ISE, our security policy management platform for access control and security compliance, enabling IT organizations to have a consistent method of making their IT platforms identity, device and network aware. This enables deeper, broader network and security insight, makes network and security events more actionable and allows for consistent, cross-platform user and device visibility and control. Read More »
Tags: Cisco AnyConnect Secure Mobility Client, Cisco ISE, security
This post was authored by Joel Esler & Martin Lee.
The recently discovered Bash vulnerability (CVE-2014-6271) potentially allows attackers to execute code on vulnerable systems. We have already blogged about the issue and provided more technical detail in a further blog. The rapid release of IPS signatures for our platforms allowed us to follow very quickly, the attempts at exploitation of the vulnerability in the wild.
For further details of our response to the issue, please see the Event Response Page.
Read More »
Tags: bash, CVE-2014-6271, malware, security, shell shock, Talos, worm
Businesses today are required to meet multiple challenges with respect to connecting users to applications.
First, it is no secret that the demands of employees and users are great–they expect access to enterprise resources and their work via more mediums than ever before–by personal laptops, tablets and smartphones, both at home and on the road. The Internet of Things (IoT) is the latest technology where we must now prepare for a world where everything is connected. From Wi-Fi-enabled sensors for treatment care to vending machines for restocking or even sensors linked to power controls.
In addition to meeting demands of workers and all of these connected devices, there are also security challenges associated with connecting these devices into business networks to balance productivity with keeping advanced security threats, insider misuse and data breaches at bay. Read More »
Tags: Cisco AnyConnect Secure Mobility Client, Cisco ISE, mobility, mobility security, security
Cisco’s internal security conference (SecCon) is just around the corner and this year marks our seventh anniversary!
In previous years SecCon participants heard from a renowned privacy specialist, a Chief Security Officer from a large customer, a cyber security coordinator for two U.S. Presidents, and a self-described gentleman thief. This year we are delighted to welcome another lineup of top-notch industry-leading speakers, including:
- Alex Stamos, Chief Information Security Officer (CISO), Yahoo
- Dave Kennedy, Chief Executive Officer (CEO), TrustedSec
- Mano Paul, CEO, SecuRisk Solutions
- Josh Corman, Chief Technology Officer for Sonatype
- Adam Shostack, Microsoft’s Trustworthy Computing Usable Security Team
- James Wickett, DevOps and InfoSec expert from Signal Sciences Corp
- John Stewart, CSO, Cisco
The security community and talent at Cisco is growing at a very fast pace. SecCon has brought together hundreds of engineers, live and virtually, from Cisco offices around the globe with one common goal: to share their knowledge and increase the overall security posture of Cisco products.
Read More »
Tags: SecCon, security