Proxy auto-config or PAC files are commonly used by IT departments to update browser settings so that internet traffic passes through the corporate web gateway. The ability to redirect web traffic to malicious proxy servers is particularly attractive for malicious actors since it gives them a method of intercepting and modifying traffic to and from websites from which they can gain financially.
Malicious PAC files have been described since 2005 , but this obfuscated example contains a timely festive message. The Portuguese phrase for “Happy Christmas”, “Feliz Natal” is used to encode the IP address of the malicious proxy, 126.96.36.199.
Read More »
Tags: banking malware, security, TRAC
SecCon is our internal security conference, which for the past five years has taken place live in San Jose. Many industry recognized experts over the years have graced the stage, and the security community at Cisco looks forward to each December where we gather together to network and learn about the new threats that face our products. In past years, remote sites around the globe were linked into San Jose, sharing part of the speaker line-up and also giving local security people at remote sites the ability to speak to a local audience. In 2013, for the first time ever, SecCon events were hosted in remote locations.
The goal of these events is twofold: first, to provide high-quality, topical security education to those people responsible for building our products, and second, to growthe security community amongst our engineering population. We believe that security must be part of everyone’s job description at Cisco. We are all part of the security solution, and we use these SecCon events to band together. Read More »
Tags: cisco sdl, Cisco Security, cisco sio, CSDL, seccon 2013, security training
BayThreat 2013, the fourth annual information security conference in the San Francisco South Bay, will be held December 6th & 7th. Many South Bay security professionals attend this technical conference. Cisco is a proud sponsor and my colleague, Joe Karpenko, and I will be presenting Beware of Network: Unleash your Network on Threats and Adversaries.
We’ll discuss the results of Cisco’s ongoing threat analysis research and how to leverage network instrumentation as critical incident response components that will help protect your network infrastructure, proprietary and customer information, servers, clients, and users. Network instrumentation is the basis of many of our incident response recommendations and ideally should be implemented while we are preparing to respond to incidents, not in the middle of one. Once we’ve instrumented the network we can leverage the information it provides to gain insight into and quickly respond to threats.
The full list of presenters for the two day conference is here. Please join us and all of the other attending security professionals on December 6 & 7, 2013 at the Hacker Dojo in Mountain View, CA for BayThreat 2013!
Tags: Baythreat 2013, beware of network, Cisco Security, Cisco Security Training, cisco sio, Hacker Dojo, Security Conferences
Securing critical internet infrastructure is an ongoing challenge for operators that require collaboration across administrative boundaries. Last September, something exceptional happened in the small South American country of Ecuador: the entire local network operation community got together to be pioneers in securing the local Internet infrastructure by registering its networks in the RPKI system and implementing secure origin AS validation. Please visit my original blog post over on the Cisco Perspectives Blog to read more!
Tags: BGP, BGP Security, critical infrastructure, RPKI, security
For those who are not familiar with the Cisco Prime Security Manager, it is a management application that was introduced in 2012 to manage Cisco ASA 5500-X Series Next-Generation Firewalls. It is built on Web 2.0 technologies and supports both single-device and multi-device manager form factors to help manage various features such as Application Visibility and Control (AVC), along with web security in a simple, light-weight, and scalable manner. The AVC capability helps to block around 1200+ applications and 150,000+ micro-applications, in addition to specific users, behaviors, micro-applications, and devices. The web security service also provides URL filtering and Web reputation features to proactively restrict web application usage based on reputation of the site. Through Cisco Security Intelligence Operations (SIO), these services provide a comprehensive view of the local and global threat intelligence landscape. This is eventually translated to actionable items such as security polices and information feeds that protect your business from near real-time zero-day threats. Read More »
Tags: Application Visibility and Control, AVC, cisco prime, Cisco PRIME Security Manager, Cisco Security Intelligence Operations, next-generation, Next-Generation Firewalls, security, sio