Cisco Blogs


Cisco Blog > Security

Angling for Silverlight Exploits

VRT / TRACThis post is co-authored by Andrew Tsonchev, Jaeson Schultz, Alex Chiu, Seth Hanford, Craig Williams, Steven Poulson, and Joel Esler. Special thanks to co-author Brandon Stultz for the exploit reverse engineering. 

Silverlight exploits are the drive-by flavor of the month. Exploit Kit (EK) owners are adding Silverlight to their update releases, and since April 23rd we have observed substantial traffic (often from Malvertising) being driven to Angler instances partially using Silverlight exploits. In fact in this particular Angler campaign, the attack is more specifically targeted at Flash and Silverlight vulnerabilities and though Java is available and an included reference in the original attack landing pages, it's never triggered.

Rise in Angler Attacks

HTTP requests for a specific Angler Exploit Kit campaign

Exploit Content Type

Angler exploit content types delivered to victims, application/x-gzip (Java) is notably absent

 

Read More »

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Java Bindings for Open MPI

April 30, 2014 at 12:10 pm PST

Today's guest blog post is from Oscar Vega-Gisbert and Dr. Jose Roman from the Department of Information Systems and Computing at the Universitat Politècnica de València, Spain.

We provide an overview of how to use the Java bindings included in Open MPI. The aim is to expose MPI functionality to Java programmers with minimal performance penalties.

Read More »

Tags: , , ,

Summary: Cisco is bringing together networking and programming

January 29, 2014 at 9:00 am PST

With the announcements on NX-OS APIs, Application Centric infrastructure APIs, python scripting support, SDN, open source projects OpenStack, OpenDaylight, and Puppet, I have opened an account at codecademy.com and will start with Python and Java. I see many late nights in my future. This stubborn old networker is finally onboard.

Read my full article for a closer look!

Tags: , , , , , , , , , , , , , , , , , , ,

Fiesta Exploit Pack is No Party for Drive-By Victims

This post was also authored by Andrew Tsonchev and Steven Poulson.

TRAC-tank-vertical_logo

Update 2014-05-26Thank you to Fox-IT for providing the Fiesta logo image. We updated the caption to accurately reflect image attribution.

Cisco’s Cloud Web Security (CWS) service provides TRAC researchers with a constant fire hose of malicious insight and now that we are collaborating with Sourcefire's Vulnerability Research Team (VRT) we have additional capabilities to quickly isolate and prioritize specific web exploit activity for further analysis. Thus when we were recently alerted to an aggressive Fiesta exploit pack (EP) campaign targeting our customers, we quickly compared notes and found that in addition to the typical Java exploits, this EP was also using a Microsoft Silverlight exploit. In the Cisco 2014 Annual Security Report (ASR) we discuss how 2013 was a banner year for Java exploits, and while updating Java should remain a top priority, Silverlight is certainly worth patching as threat actors continue to search for new application exploits to leverage in drive-by attacks.

Fiesta Exploit Pack

Image provided courtesy of Fox-IT

Over the past 30 days this specific Fiesta campaign was blocked across more than 300 different companies. The attacker(s) used numerous dynamic DNS (DDNS) domains - that resolved to six different IP addresses - as exploit landing pages. The chart below depicts the distribution of hosts used in this attack across the most blocked DDNS base domains.

CWS Fiesta Blocks by Distinct Requests

Read More »

Tags: , , , , , , , , , , , , , , , , , , , , , , ,

Cisco is bringing together networking and programming

January 16, 2014 at 11:03 am PST

Well Cisco has done it.

I have worked in IT since 1995 and never learned programming. Sure, I can do a little HTML, and years ago, I learned just enough Perl to configure MRTG, but I have never written a program. The good old CLI has kept me very busy and brought home the bacon.

With the announcements on NX-OS APIs, Application Centric infrastructure APIs, python scripting support, SDN, and open source projects OpenStack, OpenDaylight, and Puppet, I cannot hold back anymore.

Therefore, I have opened an account at codecademy.com. I will start with Python and Java. I see many late nights in my future.

I have thought about learning code, but I could never think of an app I wanted to write. Now Cisco is bringing together networking and programming. Cisco is not only making APIs available, Cisco is contributing code to the open source community. In fact, Cisco has created a Data Center repository, a Nexus 9000 community, and a general Cisco Systems repository on GitHub.

DevNet

Cisco has recently overhauled the developer program and its content. The new DevNet website is filled with developer information on products such as AVC, Collaboration, UCS, CTI, Energywise, FlexPod, UCS Microsoft Manager, Jabber, onePK, XNC, Telepresence.

Cisco is bringing the networking and programing worlds together and this stubborn old networker is finally onboard.

Happy Coding!

NewAssistantNetworkEngineerBill Carter is a Senior Network Engineer with more than 18 years of experience. He works for Sentinel Technologies and specializes in next-generation data center, campus and WAN network services.  

Follow Bill on Twitter  @billyc5022 and read his blog  http://billyc5022.blogspot.com/
Bill is a Cisco Champion - Check here to learn more about the Cisco Champion program .

 

Bill's New Assistant Network Engineer

Tags: , , , , , , , , , , , , , , , , , , ,