malware

April 15, 2015

SECURITY

Three Key Considerations When Evaluating Threat Intelligence Solutions

2 min read

To address today’s evolving threat landscape, there’s been a shift from traditional event-driven security to intelligence-led security. Threat intelligence plays an integral role in this shift. When you hear the term “Threat Intelligence,” it’s easy to have preconceived notions of what it means. Gartner defines threat intelligence as “evidence-based knowledge, including context, mechanisms, indicators, implications […]

NAB 2015 Attendees: Is Your Security Model Threat-Centric?

3 min read

Cyber-Security: it has always been important for video entertainment companies. But times have changed- now it’s mission critical. Top of mind again this last few days, the events of the...

March 30, 2015

THREAT RESEARCH

Threat Spotlight: Dyre/Dyreza: An Analysis to Discover the DGA

12 min read

This post was authored by Alex Chiu & Angel Villegas. Overview Banking and sensitive financial information is a highly coveted target for attackers because of the high value and obvious financial implications.  In the past year, a large amount of attention has been centered on Point of Sale (PoS) malware due to its major role in […]

February 18, 2015

THREAT RESEARCH

Equation Coverage

1 min read

Cisco Talos is aware of the public discourse surrounding the malware family dubbed “The Equation Family”. As of February 17th the following rules (33543 – 33546 MALWARE-CNC Win.Trojan.Equation) were released to detect the Equation Family traffic. These rules may be found in the Cisco FireSIGHT Management Console (Defense Center), or in the Subscriber Ruleset on […]

January 21, 2015

SECURITY

Engaging All Layers of Defense: Incident Response in Action

4 min read

The Cisco 2015 Annual Security Report highlights many creative techniques that attackers are exploiting to conceal malicious activity, often taking advantage of gaps in security programs. They are continually refining and developing new techniques to gain a foothold in environments and, increasingly, they are relying on users and IT teams as enablers of attacks to […]

December 22, 2014

SECURITY

Continuous Protection on the Endpoint: Show Me

2 min read

Advanced malware is dynamic, elusive, and evasive. Once it slithers into the organization’s extended network, it can very quickly proliferate, cause problems, and remain undetected by traditional point-in-time security tools. These tools poll or scan endpoints for malware or indicators of compromise at a moment in time, and then do not evaluate again until the […]

December 17, 2014

THREAT RESEARCH

Wiper Malware – A Detection Deep Dive

5 min read

This post was authored by Christopher Marczewski with contributions from Craig WIlliams *This blog post has been updated to include Command and Control IP addresses used by the malware. A new piece of wiper malware has received quite a bit of media attention. Despite all the recent press, Cisco’s Talos team has historic examples of […]

December 15, 2014

THREAT RESEARCH

Ancient Mac Site Harbors Botnet that Exploits IE Vulnerability

6 min read

This post was authored by Alex Chiu and Shaun Hurley. Last month, Microsoft released a security bulletin to patch CVE-2014-6332, a vulnerability within Windows Object Linking and Embedding (OLE) that could result in remote code execution if a user views a maliciously crafted web page with Microsoft Internet Explorer. Since then, there have been several […]

December 9, 2014

THREAT RESEARCH

Dridex Is Back, then it’s gone again

2 min read

This post was authored by Armin Pelkmann and Earl Carter. Talos Security Intelligence and Research Group noticed a reappearance of several Dridex email campaigns, starting last week and continuing into this week as well. Dridex is in a nutshell, malware designed to steal your financial account information. The attack attempts to get the user to install the […]