My personal email has 4 characteristics that drive me crazy:
- I get way too much email
- Most of my emails are a waste of time
- Emails carry the risk of, very rarely, nasty virus payloads (or link you to sites that have worse)
- Despite all this, I can’t live without email Read More »
Tags: coc-unified-communications, email security, esa, malware, trojan, virus, web security, wsa
Web surfers in February 2014 experienced a median malware encounter rate of 1:341 requests, compared to a January 2014 median encounter rate of 1:375. This represents a 10% increase in risk of encountering web-delivered malware during the second month of the year. February 8, 9, and 16 were the highest risk days overall, at 1:244, 1:261, and 1:269, respectively. Interestingly, though perhaps not unexpectedly, web surfers were 77% more likely to encounter Facebook scams on the weekend compared to weekdays. 18% of all web malware encounters in February 2014 were for Facebook related scams.
Read More »
Tags: CSIRT, malware, security, Threat Metrics 2014, TRAC
This post is co-authored with Levi Gundert and Andrew Tsonchev.
Update 2014-03-21: For clarity, the old kernel is a common indicator on the compromised hosts. We are still investigating the vulnerability, and do not yet know what the initial vector is, only that the compromised hosts are similarly ‘old’.
Update 2014-03-22: This post’s focus relates to a malicious redirection campaign driven by unauthorized access to thousands of websites. The observation of affected hosts running Linux kernel 2.6 is anecdotal and in no way reflects a universal condition among all of the compromised websites. Accordingly, we have adjusted the title for clarity. We have not identified the initial exploit vector for the stage zero URIs. It was not our intention to conflate our anecdotal observations with the technical facts provided in the listed URIs or other demonstrable data, and the below strike through annotations reflect that. We also want to thank the community for the timely feedback.
All of the affected web servers that we have examined use the Linux 2.6 kernel. Many of the affected servers are using Linux kernel versions first released in 2007 or earlier. It is possible that attackers have identified a vulnerability on the platform and have been able to take advantage of the fact that these are older systems that may not be continuously patched by administrators.
Read More »
Tags: malware, TRAC
Last week at RSA 2014, Chris Young and I joined a Live Social Broadcast from the Cisco Booth to discuss our announcements of Open Source Application Detection and Control and Advanced Malware Protection, as well as to answer questions from you, our partners and customers, about the trends, the challenges, the opportunities we’ve seen in the security industry this year.
Below is a link to view the recording of the broadcast. If you have any questions that didn’t get answered, please leave them in the comments, and Chris or I will get back to you.
Tags: malware, open source, RSA 2014, security
January 2014 started with a bang, with one in every 191 web requests resulting in a web malware encounter. The Cisco Computer Security Incident Response Team (CSIRT) observed this same trend, witnessing a 200% increase in web malware encounters experienced by Cisco employees for the month. Overall, January 1, 25, and 26 were the highest risk days for encountering web delivered malware. In the chart below, the lower the number, the higher the risk of encounters. Still, with a median encounter rate of 1:375 requests, every day of January 2014 represented significant risk for web browsing.
Read More »
Tags: 2014 annual security report, CSIRT, malware, Threat Metrics 2014, TRAC