It was a LONG weekend — Here’s the vital info on REvil and Kaseya VSA
We speak to Cisco Talos’ US Outreach Team lead Nick Biasini about the unfolding events of the REvil ransomware campaign and Kaseya VSA supply chain attack.
Cisco Secure: Supporting NIST Cybersecurity Framework
Mapping Cisco Security Products to NIST Cybersecurity Framework Categories. We discuss the basics of NIST then extend the mapping done earlier.
MITRE ATT&CK: The Magic of Application Mitigations
This blog supports our ATT&CK thought leadership material by focusing on our application and workload security story, including how we at Cisco protect our own software.
MITRE ATT&CK: The Magic of Segmentation
It's easy to overlook essential suppliers, partners, and service providers as possible pathways for cyberattacks. But the shocking cyberattack discovered in December shined a bright light on supply chain vulnerabilities, showing how trust can be exploited.
3 Ways to Stay Safe During National Cybersecurity Awareness Month (and Beyond)
Organizations must remain constantly alert to detect and defend against the latest cybersecurity threats. Taking basic protection steps can go a long way in reducing vulnerabilities.
MITRE ATT&CK: The Magic of Endpoint Protection
In our first blog, we introduced the Magic of Mitigations. They’re the key to getting started with MITRE ATT&CK. Now let’s look at some of the most magical ones, starting today with Behavior Prevention on Endpoint (M1040), Exploit Protection (M1050) and Execution Prevention (M1038). Wait, what’s the difference? At a quick glance, they might all […]
MITRE ATT&CK: The Magic of Mitigations
When learning new things, sometimes we need to slow down and take it all in. For me, understanding MITRE ATT&CK was like that. Sure, the notion of thinking like an attacker made sense, and its structure was clear. Then came the “now what?” moment. Soon I discovered the key to getting started. May I share it with you?
Disk Image Deception
Cisco's Computer Security Incident Response Team (CSIRT) detected a large and ongoing malspam campaign leveraging the .IMG file extension to bypass automated malware analysis tools and infect machines with a variety of Remote Access Trojans. During our investigation, we observed multiple tactics, techniques, and procedures (TTPs) that defenders can monitor for in their environments. Our incident response and security monitoring team's analysis on a suspicious phishing attack uncovered some helpful improvements in our detection capabilities and timing.