Vulnerability Spotlight: Remote code execution vulnerabilities in Simple DirectMedia Layer

By Talos Group Simple DirectMedia Layer contains two vulnerabilities that could an attacker to remotely execute code on the victim’s machine. Both bugs are present in the SDL2_image library, which is used for loading images in different formats. There are vulnerabilities in the function responsible for loading PCX files. A specially crafted PCX file can lead to a heap buffer overflow and remote code execution in both cases.
In accordance with our coordinated disclosure policy, Cisco Talos worked with SDL to ensure that these issues are resolved and that an update is available for affected customers. Check out the Talos blog for all the details and coverage.

Source:: Cisco Security Notice

FortiGate 100F – F wie flott

Eine neue Generation der weit verbreiteten 100er Serie der FortiGate geht an den Start. Die FortiGate 100F (wobei das F durchaus für flott stehen könnte) punktet z.B. mit dem nagelneuen SoC4, der von Fortinet als SD-WAN ASIC konzipiert wurde. Diese Vorteile bietet die FortiGate 100F:

  • SD-WAN optimierte Hardware dank SoC4
  • 20 Gbps Firewall Durchsatz
  • 700 Mbps Threat Protection Durchsatz
  • 2x 10 GE SFP+
  • Eingebautes redundantes Netzteil

Das Highlight ist hierbei, dass SD-WAN-Funktionalität direkt mit dem Thema Sicherheit vereint in einer Lösung geliefert wird.

Das Datenblatt zur FortiGate 100F finden Sie hier.

Über den Einsatz auch in Ihrem Hause sprechen wir sehr gerne mit Ihnen.

DSC_2012 klein
Frank Erlinghagen
02261 9155055
Dirk Zurawski
02261 9155051
DSC_2022 klein

Bastian Breidenbach

RATs and stealers rush through “Heaven’s Gate” with new loader

By Talos Group Malware is constantly finding new ways to avoid detection. This doesn’t mean that some will never be detected, but it does allow adversaries to increase the period of time between initial release and detection. Flying under the radar for just a few days is enough to infect sufficient machines to earn a decent amount of revenue for an attack. Cisco Talos recently discovered a new campaign delivering the HawkEye Reborn keylogger and other malware that proves attackers are constantly creating new ways to avoid antivirus detection. In this campaign, the attackers built a complex loader to ensure antivirus systems to not detect the payload malware. Among these features is the infamous “Heaven’s Gate” technique — a trick that allows 32-bit malware running on 64-bit systems to hide API calls by switching to a 64-bit environment. In this blog, we will show how to analyze this loader quickly, and provide an overview of how these attackers deliver the well-known HawkEye Reborn malware. During our analysis, we also discovered several notable malware families, including Remcos and various cryptocurrency mining trojans, leveraging the same loader in an attempt to evade detection and impede analysis.

Source:: Cisco Security Notice

Get a Security System, not a Security Smorgasbord

By John Dominguez If you’re still juggling a lot of cyber security tools, you’re not alone. Even as businesses make headway on trimming point-solutions, the recently released Cisco CISO Benchmark Report found that 14% of security leaders are managing more than 20 vendors. And 3% are dealing with over 50.
It’s easy for this to get out of hand. Customers tell us they acquired product A to solve problem A, product B to solve problem B, and so on. Before long, they’re overloaded with point-products that work independently and create tons of siloed data points. The products don’t draw connections between the data to help network administrators understand event context.
It’s almost like having alarm sensors from different security companies on every door to your home. It’s not better, simpler, or easier to manage.
Cisco is helping customers simplify their security ecosystems with powerful tools that work together to automatically thwart cyber attacks. The Cisco Integrated Security Portfolio includes Cisco Next-Generation Firewalls (NGFW) and Cisco Advanced Malware Protection (AMP) for Endpoints. These two tools automatically work together to provide comprehensive threat protection from the network edge to the endpoint. And using the Cisco Threat Response management console, you can take corrective action directly from a single interface.
The power of coordination
This powerful partnership starts with breach prevention. Stopping cyberattacks before they can embed themselves in your extended network is crucial. The Cisco NGFW and AMP for Endpoints both draw threat intelligence from the Cisco Talos Security Intelligence and Research Group to actively block threats in real time. Cisco NGFW monitors and blocks malicious traffic and files at the network perimeter, while Cisco AMP for Endpoints blocks malicious files at the endpoint point-of-inspection.
But what if an attacker or extremely sophisticated malware manages to creep inside? It can happen—cybercriminals are persistent, and malware gets smarter every day. This is where the coordination of Cisco NGFW and AMP can really make a difference. If NGFW sees a threat on the network, it’s contained there and blocked access to the endpoint. If AMP for Endpoints sees trouble on the endpoint, it is automatically quarantined there and blocked from traversing the network. Threat information and event data is shared amongst all Cisco security tools. The system works together so that if a threat is seen once, it is stopped everywhere. This provides continuous visibility across multiple attack vectors for rapid, automatic detection and response.
And the best part? This network and endpoint information is all aggregated in one place – the Cisco Threat Response management console. You can see all of this information in intuitive, configurable graphs for better situational awareness and quick conclusions. You can take corrective action and make decisions across your entire network from one management plane. You can block suspicious files, domains, and more—without having to log in to another product first. Want to see even more network or endpoint detail? One click and you’re inside Cisco AMP for Endpoints or the Cisco NGFW native console.
One proven, efficient system
We work with businesses every day to help them defend their networks and keep security management simple so their teams can be as efficient as possible. Cisco Next-Generation Firewalls and Cisco AMP for Endpoints, along with the Cisco Threat Response management console, offer breach prevention, continuous visibility, rapid detection, automated response, and efficient management from one console.
To learn more about Cisco NGFW and Cisco AMP for Endpoints, click here.

Source:: Cisco Security Notice