We’ve all been there, seen it, and even done it ourselves. We’re talking or texting on our phones while walking around the isles of our favorite store. Half the time people are in a venue they’re more fixated on what’s happening on their phone than what’s around them. What about those brick and mortars around us? How can they get our attention when our noses are in our devices?
The way people use their devices may never change, but the way in which businesses interact with their mobile phone loving customers can. Cisco’s Customer Mobile Experiences (CMX) solution provides businesses with the technology to leverage the mobile trend to their advantage by serving smartphone carrying visitors, guests, passengers, shoppers and students location-based services to get their attention.
Among these tools is a valuable set of API that can unlock location-based services, such as indoor navigation and push notifications to create a more personalized mobile experience. Read More »
This post was also authored by Andrew Tsonchev and Steven Poulson.
Update 2014-05-26: Thank you to Fox-IT for providing the Fiesta logo image. We updated the caption to accurately reflect image attribution.
Cisco’s Cloud Web Security (CWS) service provides TRAC researchers with a constant fire hose of malicious insight and now that we are collaborating with Sourcefire’s Vulnerability Research Team (VRT) we have additional capabilities to quickly isolate and prioritize specific web exploit activity for further analysis. Thus when we were recently alerted to an aggressive Fiesta exploit pack (EP) campaign targeting our customers, we quickly compared notes and found that in addition to the typical Java exploits, this EP was also using a Microsoft Silverlight exploit. In the Cisco 2014 Annual Security Report (ASR) we discuss how 2013 was a banner year for Java exploits, and while updating Java should remain a top priority, Silverlight is certainly worth patching as threat actors continue to search for new application exploits to leverage in drive-by attacks.
Image provided courtesy of Fox-IT
Over the past 30 days this specific Fiesta campaign was blocked across more than 300 different companies. The attacker(s) used numerous dynamic DNS (DDNS) domains -- that resolved to six different IP addresses -- as exploit landing pages. The chart below depicts the distribution of hosts used in this attack across the most blocked DDNS base domains.