Cisco Blogs


Cisco Blog > Security

Implementing a Hot Threat Dashboard

Logjam, Freak, Shellshock, BEAST, POODLE, Heartbleed. Each new vulnerability requires a fire-drill to see if you’re vulnerable, if you have protective mechanisms, and to verify that your organization can detect attacks against your corporate network. On top of that, you may also receive bulletins from threat intelligence partners, law enforcement, and other warnings that require heightened vigilance and the ability to detect new attacks.

Hot threats board posted in each SOC.

Hot threats board posted in each SOC

Read More »

Tags: , , , ,

Angler EK: More Obfuscation, Fake Extensions, and Other Nonsense

This post was authored by Nick Biasini

Late last week Talos researchers noticed a drastic uptick in Angler Exploit Kit activity. We have covered Angler previously, such as the discussion of domain shadowing. This exploit kit evolves on an almost constant basis. However, the recent activity caught our attention due to  a change to the URL structure of the landing pages. This type of change doesn’t occur often and was coupled with some other interesting tidbits including how the HTTP 302 cushioning has evolved and the payload of another ransomware has changed.

During research Talos identified several active Angler campaigns delivering different payloads via different methods.  The first campaign was delivering Cryptowall, which will be covered in detail here. The second delivered Bedep with click fraud and illustrates the variety with which Angler can be used to deliver different payloads.  The details of Bedep with click fraud has been covered thoroughly and will not be specifically discussed in this article.

Read More »

Tags: , , , ,

SHA512 Checksums for All Cisco Software

Cisco continues to strengthen the security in and around its products, solutions, and services. This week Cisco began providing a Secure Hash Algorithm (SHA) 512 bits (SHA512) checksum to validate downloaded images on www.cisco.com. Cisco already provided a Message Digest 5 (MD5) checksum as the secured hash of the software but the newer SHA512 hash value is now generated on all software images, creating a unique output that is more secure than the MD5 algorithm.

Read More »

Trust and Transparency

In our increasingly interconnected world, the Internet of Everything is making trust a critical element of how people use network-connected devices to work, play, live, and learn. The relentless rise in information security breaches underscores the deep need for enterprises to trust that their systems, data, business partners, customers, and citizens are safe.” – John N. Stewart, SVP and Chief Security and Trust Officer at Cisco

Trust and security is more important than ever before throughout the industry. Why aren’t customers explicitly demanding it be in all their IT systems? Why aren’t they demanding software developed with processes and technologies that drive security into all aspects of IT systems they buy? Why aren’t they demanding supply chain security and strong data protection? In short, why aren’t they demanding IT vendors produce more robust and secure solutions? Read More »

Tags: , , ,

New Email Security Release Adds Graymail Protection, Web Interaction Tracking, AMP Threat Grid, and More

Each day more than 100 billion corporate email messages are exchanged1. Who doesn’t need to do a little housekeeping and eliminate unwanted emails? But you need to think twice before you click on “unsubscribe.”

As you likely read in the 2015 Cisco Annual Security Report, attackers are using applications users inherently trust or view as benign, like web browser add-ons, to distribute malware. One of the latest phishing techniques is graymail – directing the “unsubscribe” link at the bottom of a seemingly innocuous marketing email to a malware infested website. Many of us click on these links without a second thought. But instead of ridding ourselves of unwanted emails, we’re actually opening ourselves up to an attack.

This is just one example of how attackers continue to innovate, and Cisco does as well. Our new AsyncOS release for Cisco Email Security Appliance (Cisco ESA) demonstrates how Cisco empowers you with a threat-centric approach to security and more comprehensive management control.

Read More »

Tags: , ,