Avatar

Jaeson Schultz

Technical Leader

Cisco Talos Security Intelligence & Research

Jaeson Schultz is a Technical Leader for Cisco Talos Security Intelligence & Research Group. Cisco's Talos Group is dedicated to advancing the state-of-the-art of threat defense and enhancing the value of Cisco's security products.

Jaeson has over 20 years’ experience in Information Security. Jaeson's computer experience ranges from hardware hacking, to log analysis and security policy recommendation, to thwarting misuse of Internet application layer protocols like DNS, HTTP, and SMTP. Prior to working in Information Security, Jaeson studied Computer Science at the University of Nevada at Las Vegas. Jaeson also currently holds an Amateur Extra radio license from the FCC under the call sign K8YJO.

Articles

October 7, 2013

SECURITY

Razzle Dazzle v2.0

2 min read

During World War I, British artist and navy officer Norman Wilkinson proposed the use of "Dazzle Camouflage" on ships. The concept behind Dazzle Camouflage, as Wilkinson explained, was to “paint...

September 19, 2013

SECURITY

High Stakes Gambling with Apple Stock

1 min read

Miscreants are always trying to put new twists on age-old schemes. However, I must admit that this latest twist has me slightly puzzled. Today, Cisco TRAC encountered a piece of stock related spam touting Apple’s stock, AAPL.

September 9, 2013

SECURITY

The Phishing Grounds

1 min read

On August 15, 2013, Brian Krebs featured a screen shot of a fake Outlook webmail login page used by the Syrian Electronic Army in a phishing attack against the Washington Post. If you look carefully at the location bar, you will note that the domain used in the phishing attack is ‘webmail.washpost.site88.net’.

August 27, 2013

SECURITY

Syrian Electronic Army Continues Spree: Cracks New York Times, Twitter and Huffington Post

1 min read

The Syrian Electronic Army continues to hammer away at media organizations.  This afternoon the Syrian Electronic Army appears to have compromised the registrar Melbourne IT which hosts the domains of notable media organizations like Twitter, The New York Times, and The Huffington Post.

August 22, 2013

SECURITY

Syrian Electronic Army Cracks ShareThis.com GoDaddy Account

1 min read

ShareThis provides a mechanism for web surfers to share content online through a customizable widget.  According to the information on their website, ShareThis interacts with “more than 94% of U.S. Internet users across more than 2 million publisher sites and 120+ social media channels.” On the evening of August 21, 2013, ShareThis reported that their […]

August 9, 2013

SECURITY

DEFCON 21 Wrapup

2 min read

My first DEFCON was DEFCON Three, held at the Tropicana Hotel in Las Vegas.  The computer security conference scene was much, much smaller back then, but DEFCON had already become THE security conference of the year. Since that time I’ve continued to regularly attend DEFCON, and over the years I have collected some very fond memories […]

August 2, 2013

SECURITY

Error Correction Using Response Policy Zones: Eliminating the Problem of Bitsquatting

3 min read

A memory error is a condition that occurs any time one or more bits being read from memory have changed state from what was previously written.  By even the most conservative of estimates Internet devices experience more than 600,000 memory errors per day.  Cosmic radiation, operating a device outside its recommended environmental conditions, and defects […]

June 20, 2013

SECURITY

‘Hijacking’ of DNS Records from Network Solutions

2 min read

UPDATE: This blog post is related to the redirection of domain name servers that occurred back in June 2013.  This post is NOT related to the ongoing activity occuring July 16, 2013.  Cisco TRAC is currently analyzing the ongoing issues with Network Solutions’ hosted domain names and has more information available here. Multiple organizations with […]

June 13, 2013

SECURITY

Scope of ‘KeyBoy’ Targeted Malware Attacks

2 min read

On June 6, 2013, malwaretracker.com released an analysis of Microsoft Office-based malware that was exploiting a previously unknown vulnerability that was patched by MS12-060. The samples provided were alleged to be targeting Tibetan and Chinese Pro-Democracy Activists. On June 7, 2013, Rapid7 released an analysis of malware dubbed ‘KeyBoy,’ also exploiting unknown vulnerabilities in Microsoft Office, similarly patched by MS12-060, […]

May 28, 2013

SECURITY

Massive Canadian Pharmacy Spam Campaign

1 min read

On Tuesday May 28, 2013 at 17:30 UTC a massive pharmaceutical-based spam campaign began, using the Subject: header “Only 24 Hours Left to Shop!”. Cisco witnessed volume rates peaking as high as 8 out of every 10 spam messages being sent. The indiscriminate nature of the attack’s recipients suggests that most anti-spam vendors, including Cisco, will have blocked […]

May 7, 2013

SECURITY

The Effects of #OpUSA

2 min read

In the days leading up to #OpUSA, security professionals were busy making preparations for the supposed flood of new attacks coming on 7 May 2013. As we mentioned on 1 May 2013, publicly announced attacks of this nature can have highly volatile credibility. In some cases, the announcements exist only for the purpose of gaining notoriety. In […]

May 6, 2013

SECURITY

Watering Hole Attacks an Attractive Alternative to Spear Phishing

2 min read

“Watering Hole” attacks, as evidenced by the recent attack involving the U.S. Department of Labor, are becoming increasingly popular as alternatives to attacks such as Spear Phishing. In a “Watering Hole” attack, the attacker compromises a site likely to be visited by a particular target group, rather than attacking the target group directly. Eventually, someone from […]

May 1, 2013

SECURITY

STOPhausDDoS: Suspect in Custody

1 min read

Back in March, Seth Hanford wrote about a distributed denial of service (DDoS) attack aimed at the SpamHaus organization. Since then, there have been some new developments in the aftermath of the DDoS attack, most notably the arrest of the attackers’ spokesperson, Sven Olaf Kamphuis. Update On April 26, Kamphuis, STOPhaus activist and possibly the person […]