Cisco Blogs


Cisco Blog > Security

Threat Spotlight: “Kyle and Stan” Malvertising Network Threatens Windows and Mac Users With Mutating Malware

This post was authored by Shaun Hurley, David McDaniel and Armin Pelkmann.

img_MetricsHave you visited amazon.com, ads.yahoo.com, www.winrar.com, youtube.com, or any of the 74 domains listed below lately? If the answer is yes, then you may have been a victim to the “Kyle and Stan” Malvertising Network that distributes sophisticated, mutating malware for Windows and even Macs.

Table of contents

Attack in a Nutshell
Timeline
Technical Breakdown
Reversing of the Mac Malware
Reversing of the Windows Malware
IOCs
Conclusion
Protecting Users Against These Threats

Malvertising is a short form for “malicious advertising.” The idea is very simple: use online advertising to spread malware. Read More »

Tags: , , , , , , , , , , , , , , , , , ,

Summary: Extended By Popular Demand: The Cisco IoT Security Grand Challenge

June 16, 2014 at 8:49 am PST

Since its announcement at the RSA 2014 conference, the security community has been actively involved in the Cisco IoT Security Grand Challenge. The response has been so great that we’ve decided to extend the deadline by two more weeks -- so you now have until July 1st, 2014 to make your submission! Visit www.CiscoSecurityGrandChallenge.com for full details about the challenge and prepare your response. Good luck!

Read the full blog for more information.

Tags: , , , , , , , , , , ,

New Standards May Reduce Heartburn Caused by the Next Heartbleed

Ed Paradise, Vice President of Engineering for Cisco’s Threat Response, Intelligence and Development Group

Much has been made of the industry-wide Heartbleed vulnerability and its potential exploitation. Cisco was among the first companies to release a customer Security Advisory when the vulnerability became public, and is now one of many offering mitigation advice.

Those dealing with this issue on a day-to-day basis know it’s not enough to just patch the OpenSSL software library. Organizations also need to revoke and reissue digital certificates for their Heartbleed-vulnerable sites. If your certificates were stored in a Trust Anchor Module (TAM), they are still safe. Otherwise, a few additional steps should be taken to ensure you and your customers are secure:
Read More »

Tags: , , , , ,

Windows Server DNS Cache: How to Use the Command Line Inspection of Microsoft Windows DNS Cache

This post explains how to inspect the contents of windows DNS cache. Inspection can be used to check DNS entries, revealing if any malicious websites are being visited.

A Domain Name Server’s (DNS) cache of DNS records can be inspected to determine if your network is interacting with suspicious or malicious internet sites. To perform this task, perform the following:

For Windows 2003 and prior versions, you must install Windows Support Tools. Once installed, inspect and export the DNS cache using the command prompt (cmd.exe) window.

For Windows 2008 and later, The Windows PowerShell is a more advanced version of Windows Support Tools and is installed by default. Use the PowerShell window or run the PowerShell Script from the command prompt window to inspect and export the DNS cache.

How to Inspect the Cache from the CMD Prompt

Windows 2003 and Prior Using dnscmd

  1. From the support tools directory (\Program Files (x86)\Support Tools), run the following command to display the DNS cache output in the CMD window.
  2. To redirect the DNS cache output to a file, use the following command:
    • C:\Program Files (x86)\Support Tools>dnscmd /zoneprint ..cache > c:\cache_output.txt

Read More »

Tags: , ,

Dimension Data Series #3: Closing the Gap Between the Secure Mobility Vision and Real-World Implementation

Mobile security is a top concern for IT and business leaders. This blog series with Dimension Data explores how organizational leaders can work together to mitigate concern and implement clearly defined policies and mobility goals. This blog will address closing the gap between secure mobility vision and real-world implementation. The first blog in this series discussing how concerns outweigh actions when it comes to mobility security is here. The second blog in this series highlighting how IT and business leaders can work together to develop secure mobility policies is here.

There is a gap between the vision for secure mobility and the real-world implementation.

How do we know a gap exists? A recent Dimension Data Secure Mobility Survey report indicates 79% of IT leaders believe mobility is a top priority and 69% of those surveyed already have a mobility roadmap in place. The vision looks good, right? However, only 29% of those implementing their roadmap have tested their core applications, and only 32% have conducted a security audit of the applications.

Today, IT is faced with the challenge of providing any user from any location on any device access to any of the corporate applications, all while keeping assets and users secure. These perimeters add up to a complex equation and it’s contributing to this gap in IT leaders’ approach to vision and action for mobility deployments. How can IT and business leaders work to address this disparity?

Listed below are a few steps that should be considered to help turn the secure mobility vision into a reality. Taking a careful assessment of what mobility can offer and applying these steps can make the difference between a successful implementation and being derailed by unforeseen problems.

Read More »

Tags: , , , , ,