SYNful Knock: Acting to protect Cisco customers

/in /von

By Omar Santos The security of our customers is critical, and when needed, we pull out all stops to protect them. Cisco participates in a large ecosystem of partners, industry peers (yes, that includes competitors), and non-profits that provides insight and awareness into a multitude of security threats. We also have deep internal expertise. The Cisco Talos organization is focused on threat research and content for our security offerings, our Information Security teams protect Cisco’s own network, and our PSIRT organization delivers coordinated []

Source:: Cisco Security Notice

IT Security: When Maturity is Overrated

/in /von

By Anthony Grieco In so many parts of life, the passing of time is a benefit. Wine and whisky mature, intelligence is gained, and friendships grow stronger. For those of us working in IT security, however, the passing of time brings new challenges. Prolonging the use of older technology exponentially increases risk and the resulting problems can cost more than recommended maintenance/upgrades. Let’s consider three facts: Fact 1: IT is fundamental to the economy, safety, health, and well-being of the world’s societies. Today’s []

Source:: Cisco Security Notice

IT Security: When Maturity is Overrated

/in /von

By Anthony Grieco In so many parts of life, the passing of time is a benefit. Wine and whisky mature, intelligence is gained, and friendships grow stronger. For those of us working in IT security, however, the passing of time brings new challenges. Prolonging the use of older technology exponentially increases risk and the resulting problems can cost more than recommended maintenance/upgrades. Let’s consider three facts: Fact 1: IT is fundamental to the economy, safety, health, and well-being of the world’s societies. Today’s []

Source:: Cisco Security Notice

SYNful Knock: Protect Your Credentials, Protect Your Network

/in /von

By Omar Santos Interest in IT security has never been higher. So when a new type of attack comes along, it attracts the attention of our customers and others in the industry. Earlier this week Cisco and Mandiant/Fireye released information about the so-called SYNful Knock malware found on Cisco networking devices. You can read my earlier blog on this subject here: SYNful Knock: Detecting and Mitigating Cisco IOS Software Attacks . This attack isn’t caused by a problem or vulnerability with a Cisco product. It results from an attacker stealing administrative credentials []

Source:: Cisco Security Notice

SYNful Knock: Protect Your Credentials, Protect Your Network

/in /von

By Omar Santos Interest in IT security has never been higher. So when a new type of attack comes along, it attracts the attention of our customers and others in the industry. Earlier this week Cisco and Mandiant/Fireye released information about the so-called SYNful Knock malware found on Cisco networking devices. You can read my earlier blog on this subject here: SYNful Knock: Detecting and Mitigating Cisco IOS Software Attacks . This attack isn’t caused by a problem or vulnerability with a Cisco product. It results from an attacker stealing administrative credentials []

Source:: Cisco Security Notice

Hello World!

/in /von

By Dan Hubbard This post is officially my first after coming over as part of the Cisco acquisition of OpenDNS . Since 2012, I’ve served as the CTO and am proud to be part of an incredible research team, OpenDNS Labs. Like the Talos Research Group we are focussed on detecting and preventing threats that help protect our customers globally. We are uniquely positioned to do this through statistical models and classification techniques that are fueled by our satellite view of the internet’s infrastructure with more than 80 Billion active DNS queries per day. Today I’d like []

Source:: Cisco Security Notice

Hello World!

/in /von

By Dan Hubbard This post is officially my first after coming over as part of the Cisco acquisition of OpenDNS . Since 2012, I’ve served as the CTO and am proud to be part of an incredible research team, OpenDNS Labs. Like the Talos Research Group we are focussed on detecting and preventing threats that help protect our customers globally. We are uniquely positioned to do this through statistical models and classification techniques that are fueled by our satellite view of the internet’s infrastructure with more than 80 Billion active DNS queries per day. Today I’d like []

Source:: Cisco Security Notice

When Does Software Start Becoming Malware?

/in /von

By Talos Group This post was authored by Earl Carter , Alex Chiu , Joel Esler , Geoff Serrao, and Brandon Stultz. Defining what is malware relies on determining when undesirable behavior crosses the line from benign to clearly unwanted. The lack of a single standard regarding what is and what is not acceptable behavior has established a murky gray area and vendors have taken advantage of this to push the limits of acceptable behavior. The “Infinity Popup Toolkit” is a prime example of software that falls into this []

Source:: Cisco Security Notice

When Does Software Start Becoming Malware?

/in /von

By Talos Group This post was authored by Earl Carter , Alex Chiu , Joel Esler , Geoff Serrao, and Brandon Stultz. Defining what is malware relies on determining when undesirable behavior crosses the line from benign to clearly unwanted. The lack of a single standard regarding what is and what is not acceptable behavior has established a murky gray area and vendors have taken advantage of this to push the limits of acceptable behavior. The “Infinity Popup Toolkit” is a prime example of software that falls into this []

Source:: Cisco Security Notice

SYNful Knock: Detecting and Mitigating Cisco IOS Software Attacks

/in /von

By Omar Santos Historically, threat actors have targeted network devices to create disruption through a denial of service (DoS) situation. While this remains the most common type of attack on network devices, we continue to see advances that focus on further compromising the victim’s infrastructure. Recently, the Cisco Product Security Incident Response Team (PSIRT) has alerted customers around the evolution of attacks against Cisco IOS Software platforms . Today, Mandiant/FireEye published an article describing an example of this type of attack. This involved a router “implant” that they dubbed SYNful Knock, reported to have been found in []

Source:: Cisco Security Notice