This post is co-authored by Andrew Tsonchev, Jaeson Schultz, Alex Chiu, Seth Hanford, Craig Williams, Steven Poulson, and Joel Esler. Special thanks to co-author Brandon Stultz for the exploit reverse engineering.
Silverlight exploits are the drive-by flavor of the month. Exploit Kit (EK) owners are adding Silverlight to their update releases, and since April 23rd we have observed substantial traffic (often from Malvertising) being driven to Angler instances partially using Silverlight exploits. In fact in this particular Angler campaign, the attack is more specifically targeted at Flash and Silverlight vulnerabilities and though Java is available and an included reference in the original attack landing pages, it’s never triggered.
HTTP requests for a specific Angler Exploit Kit campaign
Angler exploit content types delivered to victims, application/x-gzip (Java) is notably absent
Read More »
Ed Paradise, Vice President of Engineering for Cisco’s Threat Response, Intelligence and Development Group
Much has been made of the industry-wide Heartbleed vulnerability and its potential exploitation. Cisco was among the first companies to release a customer Security Advisory when the vulnerability became public, and is now one of many offering mitigation advice.
Those dealing with this issue on a day-to-day basis know it’s not enough to just patch the OpenSSL software library. Organizations also need to revoke and reissue digital certificates for their Heartbleed-vulnerable sites. If your certificates were stored in a Trust Anchor Module (TAM), they are still safe. Otherwise, a few additional steps should be taken to ensure you and your customers are secure:
Read More »
Tags: Cisco PSIRT, Cisco Security, Heartbleed, OpenSSL, psirt, security
This post explains how to inspect the contents of windows DNS cache. Inspection can be used to check DNS entries, revealing if any malicious websites are being visited.
A Domain Name Server’s (DNS) cache of DNS records can be inspected to determine if your network is interacting with suspicious or malicious internet sites. To perform this task, perform the following:
For Windows 2003 and prior versions, you must install Windows Support Tools. Once installed, inspect and export the DNS cache using the command prompt (cmd.exe) window.
For Windows 2008 and later, The Windows PowerShell is a more advanced version of Windows Support Tools and is installed by default. Use the PowerShell window or run the PowerShell Script from the command prompt window to inspect and export the DNS cache.
How to Inspect the Cache from the CMD Prompt
Windows 2003 and Prior Using dnscmd
- From the support tools directory (\Program Files (x86)\Support Tools), run the following command to display the DNS cache output in the CMD window.
- To redirect the DNS cache output to a file, use the following command:
C:\Program Files (x86)\Support Tools>dnscmd /zoneprint ..cache > c:\cache_output.txt
Read More »
Tags: Cisco Security, dns, security
Cisco recently announced the availability of Managed Threat Defense (MTD), an innovative managed security solution that applies real-time, predictive analytics to detect attacks and protect against advanced malware across extended networks. MTD helps our customers address the ever-changing nature of threats that threaten their most important asset—data. MTD is delivered through a cost-effective business model that allows our customers to leverage Cisco’s investment in security technology, global threat intelligence knowledge base, talent, and global reach.
To learn more about MTD, watch the video datasheet below:
While developing this solution, the MTD development team talked to dozens of customers around the world. As a result of these discussions, two dominant themes emerged:
Read More »
Tags: Managed Threat Defense, security
Recently, a bug in Internet Explorer made it possible for hackers to take over a user’s computer causing government agencies to suggest using a different browser. The Heartbleed flaw opened the door for encrypted data to be intercepted. These latest challenges highlight one thing inherent to any application—whether on premise or in the cloud—it is not if but when the next flaw or bug will present exposure risks to your business. The key is to be prepared with a solid response strategy.
In two short years, 50% of Global 1000 companies will have customer data in the cloud according to Gartner. With more and more critical information moving to the cloud, IT needs to understand how cloud providers are responding to protect their data and users when these security challenges present themselves. For cloud services that IT is aware of, businesses can establish service level agreements and other safeguards to protect the integrity of their information.
Read More »
Tags: Cisco, cloud, Heartbleed, security