Cisco Blogs

Cisco Blog > Security

Fiesta Exploit Pack is No Party for Drive-By Victims

This post was also authored by Andrew Tsonchev and Steven Poulson.


Update 2014-05-26Thank you to Fox-IT for providing the Fiesta logo image. We updated the caption to accurately reflect image attribution.

Cisco’s Cloud Web Security (CWS) service provides TRAC researchers with a constant fire hose of malicious insight and now that we are collaborating with Sourcefire’s Vulnerability Research Team (VRT) we have additional capabilities to quickly isolate and prioritize specific web exploit activity for further analysis. Thus when we were recently alerted to an aggressive Fiesta exploit pack (EP) campaign targeting our customers, we quickly compared notes and found that in addition to the typical Java exploits, this EP was also using a Microsoft Silverlight exploit. In the Cisco 2014 Annual Security Report (ASR) we discuss how 2013 was a banner year for Java exploits, and while updating Java should remain a top priority, Silverlight is certainly worth patching as threat actors continue to search for new application exploits to leverage in drive-by attacks.

Fiesta Exploit Pack

Image provided courtesy of Fox-IT

Over the past 30 days this specific Fiesta campaign was blocked across more than 300 different companies. The attacker(s) used numerous dynamic DNS (DDNS) domains – that resolved to six different IP addresses – as exploit landing pages. The chart below depicts the distribution of hosts used in this attack across the most blocked DDNS base domains.

CWS Fiesta Blocks by Distinct Requests

Read More »

Tags: , , , , , , , , , , , , , , , , , , , , , , ,

Digital Philanthropy – How Are You Giving this Holiday Season?

It’s the holiday season, and ’tis the season for giving!

Since one-third of donations occur in the month of December (source: Network for Good, Chronicle of Philanthropy), digital plays an increasing role in expanding the reach of requests for donations, in creating a propensity to give, and in delivering connected experiences that even themselves provide community benefit.

Known as ‘digital philanthropy,’ more and more donations are digital and utilizing mobile, social media, web and video. Growth of online donating has increased to 11.8% year-over-year, while overall giving increased 3.8% (source: Blackbaud, Charitable Giving Report: How Nonprofit Fundraising Performed in 2012, February 2013).

salvation armyEasy Giving via Text Message

Donations come in all sizes and packages. The one we often hear about most is donating money  via text message. To donate for typhoon relief in the Philippines via the Salvation Army, for example, all you need to do is text TYPHOON to 80888. And with just a click or two you’ve made a contribution. Quick, simple and immediate.

Read More »

Tags: , , , , , ,

Digital Transformation: Is Your Company Making the Pivot?

80% of survey respondents [administered by MIT/Sloan and Cap Gemini] believe that their companies need to go through a significant digital transformation. However, 63% of those respondents also believe that their current pace is too slow.

Sound familiar? Is your company moving too slowly? Are you moving at all?

I heard these stats while attending the recent Digital Leaders Summit in San Francisco. Aimed at those responsible for guiding their enterprises into the new digital future, the summit highlighted trends, best practices and case studies from a number of media and other companies including leaders from The New York Times, The Economist, Turner Broadcasting, Jump Associates, Coca-Cola, The LA Times, Politico, and others.

Digital Leader Summit

Read More »

Tags: , , , , , , , ,

What is ‘digital’?

How would you define ‘digital’?  As a communication channel or method?  A convenience enabler?  1s & 0s?  The inverse of analog? Bits versus atoms? Something we can no longer live without?

I am often asked ‘what is digital’? … ‘is it just our website, or broader than that?’ … ‘what exactly do you mean?’

So, I asked around to find out the word-on-the-street around ‘digital’.  I was impressed with how many different, nuanced, and insightful answers I was given on the definition — I had to put it all together into a video in order to capture the rich and diverse viewpoints.  In the video, you can learn what others think ‘digital’ is, as well as how we define it.

Watch the video to see how our colleagues and members of the public describe it; listen to hear if your definition is included; and let me know whether you’d add a different perspective.

Tags: , , , , , ,

Christmas Packets: Web Browsing and the Festive Period

The web browsing behaviour of users changes as the end of the year approaches. The holiday season can provide a large distraction from work duties that may need to be managed. Equally, even during periods when the office is closed, there will be some individuals who cannot resist accessing work systems. Managing these changes in behaviour is difficult for network administrators unless they know what to expect.
Read More »

Tags: , , ,