Cisco Blogs


Cisco Blog > Threat Research

Microsoft Internet Explorer Out of Band Advisory

Today an out of band advisory was released by Microsoft to address CVE-2015-2502. This vulnerability is addressed by MS15-093.

MS15-093 address a memory corruption vulnerability in Internet Explorer versions 7, 8, 9, 10, and 11. This affects all currently supported versions of Windows, including Windows 10.

This advisory is rated critical. An attacker can craft a web page designed to exploit this vulnerability and lure a user into visiting it.  The compromise will result in remote code execution at the permission level of the affected user. The use of proper user access controls can limit the severity of the compromise.

As with most out of band releases, it has been reported that this attack is being exploited in the wild. Users should patch immediately.

Read More »

Tags: , , , , ,

Attack Analysis with a Fast Graph

TRAC-tank-vertical_logo-300x243This post is co-authored by Martin Lee, Armin Pelkmann, and Preetham Raghunanda.

Cyber security analysts tend to redundantly perform the same attack queries with different input data. Unfortunately, the search for useful meta-data correlation across proprietary and open source data sets may be laborious and time consuming with relational databases as multiple tables are joined, queried, and the results inevitably take too long to return. Enter the graph database, a fundamentally improved database technology for specific threat analysis functions. Representing information as a graph allows the discovery of associations and connection that are otherwise not immediately apparent.

Within basic security analysis, we represent domains, IP addresses, and DNS information as nodes, and represent the relationships between them as edges connecting the nodes. In the following example, domains A and B are connected through a shared name server and MX record despite being hosted on different servers. Domain C is linked to domain B through a shared host, but has no direct association with domain A.

graph_image_1 This ability to quickly identify domain-host associations brings attention to further network assets that may have been compromised, or assets that will be used in future attacks.

Read More »

Tags: , , , , , , , , , , , , , , , , , , , , , ,