Threat Roundup for September 6 to September 13

Threat Research Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between Sep. 6. to Sep 13. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the…

September 14, 2019
Read More >>

New Threat Grid App for IBM QRadar SIEM

Download the app for faster, more effective threat detection and response Two years ago, Cisco and IBM Security announced a strategic alliance to address the growing threat of cybercrime. This collaboration builds on each organization’s strengths and complementary offerings to provide integrated solutions, managed services and shared threat intelligence to drive more effective security for our joint customers. We continue to develop new applications for IBM’s QRadar security analytics platform…

September 11, 2019
Read More >>

Watchbog and the Importance of Patching

Threat Research By Luke DuCharme and Paul Lee. What Happened? Cisco Incident Response (CSIRS) recently responded to an incident involving the Watchbog cryptomining botnet. The attackers were able to exploit CVE-2018-1000861 to gain a foothold and install the Watchbog malware on the affected systems. This Linux-based malware relied heavily on Pastebin for command and control (C2) and operated openly. CSIRS gained an accurate understanding of the attacker’s intentions and abilities…

September 11, 2019
Read More >>

Ingredients Needed to Manage Network Tribbles

Cybersecurity – the final frontier, these are the trials and tribulations that network admins face on an ongoing basis. Sometimes it feels like network admins are Starfleet captains navigating unknown galaxies as the infrastructure of organizations become more complex.  Using a complicated mix of cloud apps, on-prem systems, BYOD, IoT, and more, gone are the days of purely corporate-owned assets. This means that it is more challenging to trust all the devices on your network anymore. Let’s face it,…

September 11, 2019
Read More >>

The Value of Threat Hunting

It can happen to the best of us. You can have robust security software deployed in your environment, and yet a threat slips through. Often it happens at a weak point that you hadn’t considered critical or just overlooked entirely. It can be a humbling experience and something that many security professionals, while loath to admit, have faced. What follows is a cautionary tale, but one with a silver lining….

September 9, 2019
Read More >>

Threat Roundup for August 30 to September 6

Threat Research Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between Aug. 30 and Sep. 6. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the…

September 6, 2019
Read More >>

GhIDA: Ghidra decompiler for IDA Pro

Threat Research Cisco Talos is releasing two new tools for IDA Pro: GhIDA and Ghidraaas. GhIDA is an IDA Pro plugin that integrates the Ghidra decompiler in the IDA workflow, giving users the ability to rename and highlight symbols and improved navigation and comments. GhIDA assists the reverse-engineering process by decompiling x86 and x64 PE and ELF binary functions, using either a local installation of Ghidra, or Ghidraaas ( Ghidra…

September 5, 2019
Read More >>

The latest on BlueKeep and DejaBlue vulnerabilities — Using Firepower to defend against encrypted DejaBlue

Threat Research Over the past few months, Microsoft has released several security updates for critical Remote Desktop Protocol (RDP)-related security bugs. These bugs are significant for IT infrastructure because they are classified as “wormable,” meaning future malware that exploits them could spread from system to system without requiring explicit user interaction. These vulnerabilities could be exploited by an attacker sending a specially crafted request to the target system’s Remote Desktop…

September 4, 2019
Read More >>

New Forensic Investigation Procedures for First Responder Guides

Cisco is pleased to announce a new series of Forensic Investigation Procedures for First Responders guides that will help customers and partners triage Cisco products that are suspected of being tampered with or compromised. These guides provide step-by-step instructions for collecting information that first responders can use for forensic analysis for several different platforms, including devices that run Cisco IOS and IOS XE Software, and devices that run Cisco ASA…

August 30, 2019
Read More >>

Threat Roundup for August 23 to August 30

Threat Research Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between Aug. 23 and Aug. 30. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the…

August 30, 2019
Read More >>