Cisco Blogs


Cisco Blog > Threat Research

Microsoft Patch Tuesday – February 2016

Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release contains twelve bulletins addressing 37 vulnerabilities. Five bulletins are rated critical and address vulnerabilities in Internet Explorer, Edge, Windows Journal, Office and Windows PDF. The remaining seven bulletins are rated important and address vulnerabilities in the Network Policy Server (NPS), Active Directory, Windows, Remote Desktop Protocol, WebDAV, Kernel Mode Driver and the .NET Framework.

Bulletins Rated Critical

Microsoft bulletins MS16-009, MS16-011 through MS16-013, and MS16-015 are rated as critical in this month’s release.

MS16-009 and MS16-011 are this month’s Internet Explorer and Edge security bulletin respectively. In total, sixteen vulnerabilities were addressed with four vulnerabilities impacting both browsers. The vulnerabilities impacting both browsers include three critical memory corruption issues (CVE-2016-0060, CVE-2016-0061 and CVE-2016-0062) along with CVE-2016-0077 that addresses a critical spoofing vulnerability.

  • MS16-009 is the IE bulletin for IE versions 9 through 11. Three critical memory corruption issues specific to Internet Explorer are addressed (CVE-2016-0063, CVE-2016-0067 and CVE-2016-0072).
  • MS16-011 is the Edge bulletin. A critical memory corruption issues specific to Edge is addressed (CVE-2016-0084).

Read More >>

Protect Your Entire Digital Self

How much time do you spend at work?

For some the answer is too much! No matter how much time you spend, I’m willing to guess that it’s an important part of your week. Your work is part of who you are, where you go, and what you do.

That is why Cisco is proud to join the National Cybersecurity Alliance in its support of White House efforts to improve online security. Today’s announcement will educate and raise awareness about the importance of cybersecurity topics at home, and at work.

Our businesses help create the jobs, innovation, and economy that will underpin our future. Our homes help us foster the relationships that are the foundation of our society. As technology pushes both forward, it is clear that cybersecurity in one, without the other, is impossible.

Every day, our home and work lives get closer together. Smartphones and online collaboration services, like Cisco WebEx and Spark, increasingly allow us to work and play from anywhere. And with this added flexibility comes a shared responsibility to protect yourself and your colleagues.

Cybersecurity techniques, like Two Factor Authentication, may look a little different in the business world. At home you will receive a code in an email or SMS to access an online service or social media account. These same techniques are used by our OpenDNS and Meraki services. But at work you might supplement your network password with a security token or a smartcard.

Multifactor authentication can also be directly integrated into work tools. Cisco’s collaboration products are a great example, as they support standards-based identity authentication and authorization exchange techniques. These allow our customers to quickly and securely integrate these services into their existing identity-proofing methods.

Because our home and work lives get closer every day, we support the President’s focus on increasing general cybersecurity awareness. Stop. Think. Connect. is the common thread, and describes the basic steps needed to ensure our entire digital selves can remain safe and secure.

Tags: , , , , , , , ,

Bedep Lurking in Angler’s Shadows

This post is authored by Nick Biasini.

In October 2015, Talos released our detailed investigation of the Angler Exploit Kit which outlined the infrastructure and monetary impact of an exploit kit campaign delivering ransomware. During the investigation we found that two thirds of Angler’s payloads were some variation of ransomware and noted one of the other major payloads was Bedep. Bedep is a malware downloader that is exclusive to Angler. This post will discuss the Bedep side of Angler and draw some pretty clear connections between Angler and Bedep.

Adversaries continue to evolve and have become increasingly good at hiding the connections to the nefarious activities in which they are involved. As security researchers we are always looking for the bread crumbs that can link these threats together to try and identify the connections and groups that operate. This is one of those instances were a couple of crumbs came together and formed some unexpected connections. By tying together a couple of registrant accounts, email addresses, and domain activity Talos was able to track down a group that has connections to threats on multiple fronts including: exploit kits, trojans, email worms, and click fraud. These activities all have monetary value, but are difficult to quantify unlike a ransomware payload with a specific cost to decrypt.

 

Read More >>

Tags: , , , , , ,

Simplifying Security Architectures with SAFE

Safe. The very sound of it resonates with security. It is with some irony that Cisco has decided to reuse the term. Why ironic? For one, there is the idea among security folk that in reality, nothing is entirely safe. Why would Cisco sell intrusion detection if no intruders can, well…intrude? For those of you who remember SAFE from the early days of Cisco, it might seem like a familiar friend that has grown up a bit. Cisco historians ask, “What does SAFE stand for?” In our underground tunnels that forge firewalls and FirePOWER, you might get responses such as “Security Architecture for Enterprise” or “Secure Architecture for Everything.” In truth, the meaning has been lost to the annals of time.

One thing that everyone can agree on is that security is growing more complex by the day. While attackers are developing more lucrative schemes and advanced threats, security professionals have been running faster and faster in a race to keep up. Most organizations have deployed security technologies across some combination of networks, endpoints, web and email gateways, virtual systems, mobile devices, and the cloud. But how do we know that we have all of the right capabilities at the right places across the extended network? This is where SAFE comes in.

SAFE simplifies security.

Read More »

Tags: ,

The Internet of Things Is Not Always So Comforting

Over the past few years, the Internet of Things (IoT) has emerged as reality with the advent of smart refrigerators, smart HVAC systems, smart TVs, and more. Embedding internet-enabled devices into everything presents new opportunities in connecting these systems to each other, making them “smarter,” and making our lives more convenient than ever before.

Despite the new possibilities, there are major concerns about the IoT which inspire a legitimate question: “What happens if it’s not ‘done right’ and there are major vulnerabilities with the product?

The unfortunate truth is that securing internet-enabled devices is not always a high priority among vendors and manufacturers. Some manufactures do not have the necessary infrastructure to inform the public about security updates or to deliver them to devices. Other manufacturers are unaccustomed to supporting products past a certain time, even if a product’s lifespan may well exceed the support lifecycle. In other cases, the lack of a secure development lifecycle or a secure public portal to report security defects makes it near impossible for researchers to work with a vendor or manufacturer. These problems expose users and organizations to greater security risks and ultimately highlight a major problem with the Internet of Things.

What does this mean for the average user? For starters, a smart device on their home or office network could contain unpatched vulnerabilities. Adversaries attacking the weakest link could exploit a vulnerable IoT device, then move laterally within an organization’s network to conduct further attacks. Additionally, patching vulnerable devices can be complicated, if not impossible, for the average user or for those who are not technically savvy. For organizations that maintain large amounts of IoT devices on their network, there may not be a way to update a device that scales, creating a nightmare scenario.

 

Read More >>

Tags: , , , , , ,