Microsoft’s Patch Tuesday has arrived. Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release contains 12 bulletins addressing 53 vulnerabilities. Four bulletins are rated critical and address vulnerabilities in Edge, Internet Explorer, Windows Journal, and Windows. The remaining eight bulletins are rated important and address vulnerabilities in .NET, IPsec, Kerberos, Lync/Skype for Business, NDIS, Office, SChannel, and Winsock.
Bulletins Rated Critical
Microsoft bulletins MS15-112 through MS15-115 are rated as critical in this month’s release.
MS15-112 and MS15-113 are this month’s Internet Explorer and Edge security bulletin respectively. In total, 25 vulnerabilities are addressed with four of them specifically affecting both IE and Edge. The remaining 21 vulnerabilities only affect Internet Explorer. The majority of the vulnerabilities that are resolved in this month’s release are memory corruption defects. In addition, an ASLR bypass, an information disclosure vulnerability, and a couple of scripting engine flaws are also addressed.
Read More >>
Tags: Microsoft, patch tuesday, Snort, Talos
We introduced OpenAppID in early 2014 with the goal of empowering customers and the open source community to control application usage in their network environments. Since then, we have increased our coverage from 1,000 OpenAppID detectors to more than 2,600, and have received valuable feedback from the community on ways to improve the product.
The case of having an open, application-focused detection language and processing module for Snort has attracted the attention of the Internet of Everything (IoE) world. There are countless devices out there using the Internet on their own, varying from a remote IP based camera to an industrial based sensor in which may include some security features on them.
With the combination of OpenAppID and Snort we are giving the capability to the open source community to create their own application-based protocols and classifications, which can be used to Read More »
Tags: IoE, IPS, open source, OpenAppID, security, Snort, Sourcefire
Earlier this Year, Cisco introduced the Cisco ASA 5506-X with FirePOWER Services. This Model should replace the successful and smallest Security Solution, the ASA 5505. Designed for the Small Business and a new era of threat and advanced malware protection Cisco ASA with FirePOWER Services delivers an integrated threat defense for the entire attack continuum. BEFORE, DURING and AFTER.
As Desktop version, the Cisco ASA 5506-X builds an easy entry for a:
- Superior Multilayered Protection
- Site-to-site and remote access VPN
- Granular Application Visibility and Control (AVC)
- Highly effective threat prevention and full contextual awareness
- Reputation- and category-based URL filtering
- AMP provides industry-leading breach detection effectiveness
- Unprecedented Network Visbility
- Reduced Costs and Complexity security Solution
Read More »
Tags: #ciscochampion, AMP, ASA, AVC, Cisco FirePOWER, cisco ips, cloud, FireSIGHT, lab, NGIPS, PBR, policy based control, Snort, Sourcefire
Historically, networks have always been at risk for new, undiscovered threats. The risk of state sponsored hackers or criminal organizations utilizing 0-day was a constant, and the best defense was simply to keep adding on technologies to maximize the odds of detecting the new threat – like adding more locks to the door if you will. Here at Cisco Talos we’re constantly pushing the envelope. Recently after some thinking juice we started brainstorming ways to better address the constant threat of attacker utilizing unknown 0-day. Today, we’re happy to inform our customer base about our new inspection technology code name project Faster Than Realtime, or FTR. Project FTR is the next generation of detection technology, that which will truly revolutionize the industry.
To mitigate the ever-growing threat of new and unknown attacks we simply decided to add a few options to our existing inspection infrastructure. Snort’s new Quantum Pre-Detection (QPD) leverages Predictive Attack Detection (PAD) by putting packets into an Ethereally-Buffered Capture (EBC) file. Snort then reads the .ebc via PAD so that QPD can tell you that you are under attack before you’re even under attack.
Read More »
Tags: 0-day, FTR, gamma-ray, physics, Snort, spacetime, Talos, wormholes
Cisco Talos is aware of the public discourse surrounding the malware family dubbed “The Equation Family”. As of February 17th the following rules (33543 – 33546 MALWARE-CNC Win.Trojan.Equation) were released to detect the Equation Family traffic. These rules may be found in the Cisco FireSIGHT Management Console (Defense Center), or in the Subscriber Ruleset on Snort.org. Talos security researchers have also added the associated IPs, Domains, URLs, and hashes to all Cisco security devices to provide immediate protection across the network. Talos will continue to monitor public information as well as continue to independently research to provide coverage to this malware family.
Advanced Malware Protection (AMP) is ideally suited to prevent the execution of the malware used by these threat actors.
CWS or WSA web scanning prevents access to malicious websites and detects malware used in these attacks.
The Network Security protection of IPS and NGFW have up-to-date signatures to detect malicious network activity by threat actors.
While email has not been observed as an attack vector, ESA is capable of blocking the malware used in this campaign.
Tags: AMP, clamAV, Equation, malware, security, Snort, Talos