Cisco Blogs

Cisco Blog > Security

DNSChanger Outbreak Linked to Adware Install Base

[Ed. note: This post was authored by Veronica Valeros, Ross Gibb, Eric Hulse, and Martin Rehak]

Late last autumn, the detector described in one of our previous posts, Cognitive Research: Learning Detectors of Malicious Network Traffic, started to pick up a handful of infected hosts exhibiting a new kind of malware behavior. Initially, the number of infections were quite low, and nothing had drawn particular attention to the findings. Recently, this changed when we observed a significant uptake in the number of infections during the first few weeks of 2016. These infections were linked to a Trojan commonly known as DNSChanger. In our findings, this Trojan was delivered by a modular malware called Mamba. Our root cause analysis strongly suggests that the Trojan is spread by leveraging an established base of adware, unwanted applications, and ad injectors.

Read More »

Tags: , , ,

Built-In Security: Sharing the ‘How’

I work with a lot of customers discussing how they can reduce their cyber risk and increase resiliency with an effective security strategy. It’s easy to talk about leading practices for security, but figuring out how to put them into practice can be a whole other story.

As I mentioned in a recent post, the Security and Trust team is headed to CiscoLive Berlin with the goal of sharing real and actionable security practices that are designed to be taken home and put into practice straight away. Read More »

Tags: , , , , ,

Small to Midsize Business Security Capabilities Falling as Attack Sophistication Rises

Working with limited resources and being asked to “do more with less” is often par for the course for small and midsize businesses (SMBs). Smaller companies are also credited with being more nimble than their enterprise counterparts, adopting next-generation tools more quickly and experimenting with new business models. However, a new survey of CSOs and SecOps Managers reveals that more SMBs are putting themselves at increased risk for cyber attacks by forgoing critical security capabilities and processes.

Attackers are Developing Sophisticated Tactics for Entering Networks and Remaining Undetected

In the 2016 Cisco Annual Security Report, Cisco researchers detail some of the latest advanced attacks and trends shaping the security industry. Online criminals are continually evolving their attack methods to evade detection and accomplish their goals. They’re building resiliency into their operations; if detected, attackers quickly reconfigure and reconstitute on new systems in minutes. Security professionals need to fill the gaps in their defenses and improve their own resilience to these advanced attacks.

Read More »

Tags: , ,

Microsoft Patch Tuesday – February 2016

Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release contains twelve bulletins addressing 37 vulnerabilities. Five bulletins are rated critical and address vulnerabilities in Internet Explorer, Edge, Windows Journal, Office and Windows PDF. The remaining seven bulletins are rated important and address vulnerabilities in the Network Policy Server (NPS), Active Directory, Windows, Remote Desktop Protocol, WebDAV, Kernel Mode Driver and the .NET Framework.

Bulletins Rated Critical

Microsoft bulletins MS16-009, MS16-011 through MS16-013, and MS16-015 are rated as critical in this month’s release.

MS16-009 and MS16-011 are this month’s Internet Explorer and Edge security bulletin respectively. In total, sixteen vulnerabilities were addressed with four vulnerabilities impacting both browsers. The vulnerabilities impacting both browsers include three critical memory corruption issues (CVE-2016-0060, CVE-2016-0061 and CVE-2016-0062) along with CVE-2016-0077 that addresses a critical spoofing vulnerability.

  • MS16-009 is the IE bulletin for IE versions 9 through 11. Three critical memory corruption issues specific to Internet Explorer are addressed (CVE-2016-0063, CVE-2016-0067 and CVE-2016-0072).
  • MS16-011 is the Edge bulletin. A critical memory corruption issues specific to Edge is addressed (CVE-2016-0084).


Protect Your Entire Digital Self

How much time do you spend at work?

For some the answer is too much! No matter how much time you spend, I’m willing to guess that it’s an important part of your week. Your work is part of who you are, where you go, and what you do.

That is why Cisco is proud to join the National Cybersecurity Alliance in its support of White House efforts to improve online security. Today’s announcement will educate and raise awareness about the importance of cybersecurity topics at home, and at work.

Our businesses help create the jobs, innovation, and economy that will underpin our future. Our homes help us foster the relationships that are the foundation of our society. As technology pushes both forward, it is clear that cybersecurity in one, without the other, is impossible.

Every day, our home and work lives get closer together. Smartphones and online collaboration services, like Cisco WebEx and Spark, increasingly allow us to work and play from anywhere. And with this added flexibility comes a shared responsibility to protect yourself and your colleagues.

Cybersecurity techniques, like Two Factor Authentication, may look a little different in the business world. At home you will receive a code in an email or SMS to access an online service or social media account. These same techniques are used by our OpenDNS and Meraki services. But at work you might supplement your network password with a security token or a smartcard.

Multifactor authentication can also be directly integrated into work tools. Cisco’s collaboration products are a great example, as they support standards-based identity authentication and authorization exchange techniques. These allow our customers to quickly and securely integrate these services into their existing identity-proofing methods.

Because our home and work lives get closer every day, we support the President’s focus on increasing general cybersecurity awareness. Stop. Think. Connect. is the common thread, and describes the basic steps needed to ensure our entire digital selves can remain safe and secure.

Tags: , , , , , , , ,