IPS
Old and Persistent Malware
2 min read
Malware can find its way into the most unexpected of places. Certainly, no website can be assumed to be always completely free of malware. Typically, there are many ways that websites can be compromised to serve malware:
You Can’t Protect What You Can’t See
2 min read
The title seems like a simple enough concept, but when it comes to advanced threat protection, truer words were never written. This concept of visibility into your network, which in turn enables better protection and control of your network, is at the heart of Cisco’s Next-Generation Intrusion Prevention System (NGIPS). Visibility is what feeds critical […]
IE Zero Day – Managed Services Protection
1 min read
As of May 1, 2014, we can confirm Cisco customers have been targets of this attack. For the latest coverage information and additional details see our new post on the VRT blog. Protecting company critical assets is a continuing challenge under normal threat conditions. The disclosure of zero-day exploits only makes the job of IT […]
IWAN Wed: The Case for Direct Internet Breakout at Branch and IWAN
3 min read
Cloud services and SaaS applications is enabling customers to accelerate their business processes and improve employee productivity while lowering their total IT spending. The Cisco IWAN solution is helping organizations adopt cloud applications with an improved user experience by enabling local internet breakout from the branch environment, thus helping eliminate the need to backhaul internet-bound traffic […]
Cisco IPS Signature Coverage for OpenSSL Heartbleed Issue
2 min read
The Cisco IPS Signature Development team has released 4 signature updates in the past week. Each of the updates contains either modifications to existing signatures or additional signatures for detection of attacks related to the OpenSSL Heartbleed issue. I’m going to take a moment to summarize the signature coverage.
The Internet of Everything, Including Malware
3 min read
We are witnessing the growth of the Internet of Everything (IoE), the network of embedded physical objects accessed through the Internet, and it’s connecting new devices to the Internet which may not traditionally have been there before. Unfortunately, some of these devices may be deployed with a security posture that may need improvement. Naturally when we saw […]
Massive Increase in Reconnaissance Activity – Precursor to Attack?
2 min read
Update 2013-11-12: Watch our youtube discussion Update 2013-11-05: Upon further examination of the traffic we can confirm that a large percentage is destined for TCP port 445. This is indicative of someone looking for nodes running SMB/DCERPC. With that in mind it is extremely likely someone is looking for vulnerable windows machines or it is quite possible that […]
Botnets Riding Rails to your Data Center
3 min read
Cisco Security Intelligence Operations is tracking reports of ongoing exploitation of a vulnerability in the popular web application framework Ruby on Rails that creates a Linux-based botnet. The vulnerability dates back to January 2013 and affects Ruby on Rails versions prior to 3.2.11, 3.1.10, 3.0.19, and 2.3.15. Cisco Security Intelligence Operations’ has previously published an […]
Coordinated Attacks Against the U.S. Government and Banking Infrastructure
8 min read
Prologue On April 10, 2013, a collective of politically motivated hacktivists announced a round of planned attacks called #OPUSA. These attacks, slated to begin May 7, 2013, are to be launched against U.S.-based targets. #OPUSA is a follow-up to #OPISRAEL, which were a series of attacks carried out on April 7 against Israeli-based targets. Our goal here is to […]