cyber attack

July 8, 2021

SECURITY

It was a LONG weekend — Here’s the vital info on REvil and Kaseya VSA

8 min read

We speak to Cisco Talos’ US Outreach Team lead Nick Biasini about the unfolding events of the REvil ransomware campaign and Kaseya VSA supply chain attack.

June 18, 2021

SECURITY

Cisco Secure: Supporting NIST Cybersecurity Framework

2 min read

Mapping Cisco Security Products to NIST Cybersecurity Framework Categories. We discuss the basics of NIST then extend the mapping done earlier.

March 17, 2021

SECURITY

MITRE ATT&CK: The Magic of Application Mitigations

5 min read

This blog supports our ATT&CK thought leadership material by focusing on our application and workload security story, including how we at Cisco protect our own software.

January 22, 2021

SECURITY

MITRE ATT&CK: The Magic of Segmentation

4 min read

It's easy to overlook essential suppliers, partners, and service providers as possible pathways for cyberattacks. But the shocking cyberattack discovered in December shined a bright light on supply chain vulnerabilities, showing how trust can be exploited.

October 23, 2020

CISCO SERVICES (CX)

3 Ways to Stay Safe During National Cybersecurity Awareness Month (and Beyond)

3 min read

Organizations must remain constantly alert to detect and defend against the latest cybersecurity threats. Taking basic protection steps can go a long way in reducing vulnerabilities.

September 17, 2020

SECURITY

MITRE ATT&CK: The Magic of Endpoint Protection

4 min read

In our first blog, we introduced the Magic of Mitigations. They’re the key to getting started with MITRE ATT&CK. Now let’s look at some of the most magical ones, starting today with Behavior Prevention on Endpoint (M1040), Exploit Protection (M1050) and Execution Prevention (M1038). Wait, what’s the difference? At a quick glance, they might all […]

August 19, 2020

SECURITY

MITRE ATT&CK: The Magic of Mitigations

3 min read

When learning new things, sometimes we need to slow down and take it all in. For me, understanding MITRE ATT&CK was like that. Sure, the notion of thinking like an attacker made sense, and its structure was clear. Then came the “now what?” moment. Soon I discovered the key to getting started. May I share it with you?

January 15, 2020

SECURITY

Disk Image Deception

11 min read

Cisco's Computer Security Incident Response Team (CSIRT) detected a large and ongoing malspam campaign leveraging the .IMG file extension to bypass automated malware analysis tools and infect machines with a variety of Remote Access Trojans. During our investigation, we observed multiple tactics, techniques, and procedures (TTPs) that defenders can monitor for in their environments. Our incident response and security monitoring team's analysis on a suspicious phishing attack uncovered some helpful improvements in our detection capabilities and timing.