zero day

New Ransomware, FessLeak, Taps Adobe Flash Flaws

In-brief: A new and sophisticated ransomware family dubbed “Fessleak” is spreading in malicious advertising (or “malvertising”) campaigns by exploiting newly disclosed flaws in Adobe’s Flash technology.

With Multi-Vector Attacks, Quality Threat Intelligence Matters

In the last year, the world’s attention has been riveted by a series of high-profile hacks of major corporations in retail, finance and the entertainment industry, among others. Each of these incidents is unique, involving different threat actors and motives. However, each of these attacks is also a sterling example of what we, at Cisco, term “multi-vector attack” that employs a range of technologies, deployed in numerous stages, to penetrate the defenses of the target organization. Here at Cisco, we have studied these attacks in-depth and have identified some commonalities among these multi-vector attack, and useful approaches to combat them. This blog post will discuss some of our findings. About Multi-Vector Attacks Any cyber attack, large or small is born from a weak link in the security chain. These weak links take many forms: poorly configured Web servers, gullible employees or vulnerable-but-common applications like Microsoft Office, Adobe Reader and Java are common examples. Multi-vector  attacks […]

Cyber Security and IoT: Fundamentals Matter

I really struggled to come up with a clever analogy to start this post. In doing so I realized that this exercise was itself, the exact problem I was trying to describe. So much conversation about cyber security, especially cyber security for the Internet of Things (IoT), focuses on the sexy, the complicated, the one-in-a-million. In doing so, we ignore the most common threats and basic attacks. I would like to argue that if we are to effectively defend ourselves in this new IoT world, we cannot ignore the fundamentals of security. But let’s be honest: the basics are boring. I know that. Many of the practices that are most important are also the ones we’ve heard about before. As we look at them: there isn’t anything new there. That’s true – but I take that as proof that they are sound practices, worthy of keeping top-of-mind, rather than old knowledge that can be discarded. Here’s […]

Discrete Malware Lures Execs At High-End Hotels

Kaspersky Lab has a fascinating write-up of malware it is calling “DarkHotel.” The information-stealing software is believed to target traveling executives. Curiously, Kaspersky says the malware may be almost a decade old and is found only on the wireless networks and business centers of select, high-end hotels. Reports about targeted attacks on traveling executives are nothing new. However, the Kaspersky report (PDF version here) may be the most detailed yet on a specific malicious software family that is devoted to hacking senior corporate executives. According to Kaspersky, the DarkHotel malicious software maintained a presence on hotel networks for years, with evidence of its operation going back as far as 2007. The malware used that persistent access to target select hotel guests, leveraging check-in/check-out and identity information on guests to limit attacks to high value targets. Targeted guests were presented with iFrame based attacks that were launched from the hotel’s website, […]

Cisco Updates ASA Security Appliance To Tackle Zero Day Malware

We’re used to writing about all the things that are changing in the security field: the onslaught of mobile devices and connected ‘stuff,’ the advent of ‘advanced’ and ‘persistent’ adversaries, the destruction of the network perimeter. But all this talk about change can obscure the fact that so much has not changed. Companies still maintain perimeters, after all, and they rely on nuts-and-bolts technologies to defend them. But these days, those products need to do more – especially in the area of ‘advanced threats’ that are likely to slip past traditional antivirus and IDS products. Enter Cisco Systems, which on Tuesday announced a new version of its ‘next generation firewall‘: the Cisco ASA (Adaptive Security Appliance) with FirePOWER Services. The appliance is the first to make full use of technology from Cisco’s acquisition of Sourcefire last year. Specifically, the latest ASA integrates Sourcefire’s Advanced Malware Protection (or AMP) technology, which gives the […]