Bypassing MiniUPnP Stack Smashing Protection

/in /von

By Talos Group This post was authored by Aleksandar Nikolic, Warren Mercer, and Jaeson Schultz. Summary MiniUPnP is commonly used to allow two devices which are behind NAT firewalls to communicate with each other by opening connections in each of the firewalls, commonly known as “hole punching”. Various software implementations of this technique enable various peer-to-peer software applications, such as Tor and cryptocurrency miners and wallets, to operate on the network. In 2015 Talos identified and reported a buffer overflow vulnerability in client []

Source:: Cisco Security Notice

Where is my (intermediate) TLS certificate?

/in /von

By Tobias Mayer When dealing with TLS connections, it is important to understand how a client (in most cases this is a web browser) will be acting. Let’s quickly check some of the steps that are happening when a TLS connection is made. A web server will send its certificate down to the requesting client during the TLS handshake. But it is not only a single certificate but usually a complete chain of certificates. There is the server certificate , in many cases []

Source:: Cisco Security Notice

Where is my (intermediate) TLS certificate?

/in /von

By Tobias Mayer When dealing with TLS connections, it is important to understand how a client (in most cases this is a web browser) will be acting. Let’s quickly check some of the steps that are happening when a TLS connection is made. A web server will send its certificate down to the requesting client during the TLS handshake. But it is not only a single certificate but usually a complete chain of certificates. There is the server certificate , in many cases []

Source:: Cisco Security Notice

Link Arms Against the Attackers: Observations from the 2016 Cisco ASR

/in /von

By Martin Nystrom Remember 2007, when the underground economy began to flourish, using simple protocols and static subnet ranges to control their infrastructure? That was the same year Cisco published the first Annual Security Report (ASR) . Nine years later, the drumbeat of cyberthreats grow louder, but the actors and threats are familiar, just as John reminded us when this year’s report was released. What’s Changed? Attackers have vastly increased the sophistication of their infrastructure, incorporated evasive techniques such as encryption and obfuscation, and diversified their revenue streams through ransomware . Defenders are sharing cyber threat intelligence and recognizing []

Source:: Cisco Security Notice

Link Arms Against the Attackers: Observations from the 2016 Cisco ASR

/in /von

By Martin Nystrom Remember 2007, when the underground economy began to flourish, using simple protocols and static subnet ranges to control their infrastructure? That was the same year Cisco published the first Annual Security Report (ASR) . Nine years later, the drumbeat of cyberthreats grow louder, but the actors and threats are familiar, just as John reminded us when this year’s report was released. What’s Changed? Attackers have vastly increased the sophistication of their infrastructure, incorporated evasive techniques such as encryption and obfuscation, and diversified their revenue streams through ransomware . Defenders are sharing cyber threat intelligence and recognizing []

Source:: Cisco Security Notice

McAfee Mail Security – End of Sales

/in , /von

McAfee Mail Security – End of Sales

Intel Security stellt den Verkauf der Gateway-Security Produkte von McAfee ein. Dies zeichnete sich bereits ab, da die Lösung im Januar 2014 (VBSpam) letztmalig extern getestet wurde. Mit unserem Technologie-Partner Fortinet bieten wir einen einfachen Weg, Ihren Mailverkehr auch weiterhin aktuell zu schützen.

FortiMail bietet „Top Rated Protection“ – insbesondere im Zusammenspiel mit der FortiSandbox-Lösung. Dabei gibt es für McAfee Kunden nicht nur einen einfachen Ersatz, sondern handfeste Vorteile:

  • Verbesserte Sicherheit (VBSpam sagt, 99,9% Catch-rate, 0% False Positives)
  • Top Empfehlung der NSS-Labs (Breach Detection)
  • einfachere Preisgestaltung (keine Funktionslizenzen, keine Kosten je einzelner Mailbox)
  • kein User-Limit und Multi-Domain-Support

Oberberg-Online bietet Ihnen die FortiMail Services sowohl als Lösung für Ihre Infrastruktur, als auch als managed Service in unserer Regio-Cloud in Gummersbach an.

Sprechen Sie mit uns über Ihr Migrationskonzept unter 02261 9155050 oder schreiben Sie uns Ihren Terminwunsch an vertrieb@oberberg.net

Hiding in Plain Sight: Malware’s Use of TLS and Encryption

/in /von

By Blake Anderson Introduction TLS (Transport Layer Security) is a cryptographic protocol that provides privacy for applications. TLS is usually implemented on top of common protocols such as HTTP for web browsing or SMTP for email. HTTPS is the usage of TLS over HTTP, which is the most popular way of securing communication between a web server and client and is supported by the bulk of major web servers. As TLS has become more popular and easier to use, we have seen the []

Source:: Cisco Security Notice

Hiding in Plain Sight: Malware’s Use of TLS and Encryption

/in /von

By Blake Anderson Introduction TLS (Transport Layer Security) is a cryptographic protocol that provides privacy for applications. TLS is usually implemented on top of common protocols such as HTTP for web browsing or SMTP for email. HTTPS is the usage of TLS over HTTP, which is the most popular way of securing communication between a web server and client and is supported by the bulk of major web servers. As TLS has become more popular and easier to use, we have seen the []

Source:: Cisco Security Notice

Overcoming the DNS “Blind Spot”

/in /von

By John Stuppi [ed. note – this post was authored jointly by John Stuppi and Dan Hubbard ] The Domain Name Service (DNS) provides the IP addresses of intended domain names in response to queries from requesting end hosts. Because many threat actors today are leveraging DNS to compromise end hosts monitoring DNS is often a critical step in identifying and containing malware infections and investigating attacks. Yet our research found that few organizations actually monitor DNS for security purposes—or at all—which makes DNS a security “blind []

Source:: Cisco Security Notice

Overcoming the DNS “Blind Spot”

/in /von

By John Stuppi [ed. note – this post was authored jointly by John Stuppi and Dan Hubbard ] The Domain Name Service (DNS) provides the IP addresses of intended domain names in response to queries from requesting end hosts. Because many threat actors today are leveraging DNS to compromise end hosts monitoring DNS is often a critical step in identifying and containing malware infections and investigating attacks. Yet our research found that few organizations actually monitor DNS for security purposes—or at all—which makes DNS a security “blind []

Source:: Cisco Security Notice