security research

1 min read

This blog post discusses the technical details of a state-sponsored attack manipulating DNS systems. While this incident is limited to targeting primarily national security organizations in the Middle East and...

3 min read

Every year the Symposium on Usable Privacy and Security brings together an interdisciplinary group of researchers and practitioners in human computer interaction, security, and privacy, to present and discuss the latest research in the areas of usable security and privacy. Cisco’s sponsorship of SOUPS supports student research and mentorship in this area (see below), as […]

5 min read

As recently announced, Cisco AnyConnect 4.2 extends visibility to the endpoint with the Network Visibility Module (NVM).  Users are one of the most vulnerable parts of any security strategy, with 78% of organizations saying in a recent survey that a malicious or negligent employee had been the cause of a breach.  However, until now, IT Administrators […]

1 min read

We are happy to announce the final schedule for IRespondCon, a conference that is specifically designed for incident responders. IRespondCon is held annually at OpenDNS HQ and offers a day of free training, presentations, and networking with some of the top information security engineers, instructors, and fellow responders. They’ll be showing how to use freely […]

2 min read

Midsize organizations are among the earliest adopters of new technologies. In general, they conduct much of their business over the Internet and are quick to embrace new apps, online payment systems, cloud, and Bring Your Own Device (BYOD) technologies. Fast adoption of innovations helps them to compete against larger organizations by meeting customer demands more […]

5 min read

This post was co-authored by Jaeson Schultz, Joel Esler, and Richard Harman.  Update 7-8-14: Part 2 can be found here This is part one in a two-part series due to the sheer amount of data we found on this threat and threat actor. This particular attack was a combined spearphishing and exploit attempt. As we’ve seen in the past, this […]

2 min read

Update 2013-11-12: Watch our youtube discussion Update 2013-11-05: Upon further examination of the traffic we can confirm that a large percentage is destined for TCP port 445. This is indicative of someone looking for nodes running SMB/DCERPC. With that in mind it is extremely likely someone is looking for vulnerable windows machines or it is quite possible that […]

2 min read

On June 6, 2013, malwaretracker.com released an analysis of Microsoft Office-based malware that was exploiting a previously unknown vulnerability that was patched by MS12-060. The samples provided were alleged to be targeting Tibetan and Chinese Pro-Democracy Activists. On June 7, 2013, Rapid7 released an analysis of malware dubbed ‘KeyBoy,’ also exploiting unknown vulnerabilities in Microsoft Office, similarly patched by MS12-060, […]