Threat Roundup for August 16 to August 23

By Talos Group
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between Aug. 16 and Aug. 23. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats.
As a reminder, the information provided for the following threats in this post is non-exhaustive and current as of the date of publication. Additionally, please keep in mind that IOC searching is only one part of threat hunting. Spotting a single IOC does not necessarily indicate maliciousness. Detection and coverage for the following threats is subject to updates, pending additional threat or vulnerability analysis. For the most current information, please refer to your Firepower Management Center, Snort.org, or ClamAV.net.
Read More
Reference:
TRU08232019 – This is a JSON file that includes the IOCs referenced in this post, as well as all hashes associated with the cluster. The list is limited to 25 hashes in this blog post. As always, please remember that all IOCs contained in this document are indicators, and that one single IOC does not indicate maliciousness. See the Read More link above for more details.

Source:: Cisco Security Notice

New 4CAN tool helps identify vulnerabilities in on-board car computers

By Talos Group Modern automobiles contain hundreds of sensors and mechanics that communicate via computers to understand their surrounding environment. Those components provide real-time information to drivers, connect the vehicle to a global network, and in some cases use that telemetry to automatically drive the vehicle. Like any computer, those in vehicles are susceptible to threats, such as vulnerabilities in software, abuse via physical-access, or even allowing remote control of the vehicle, as recently demonstrated by Wired and a DARPA-funded team of researchers.
During a recent engagement, the Connected Vehicle Security practice identified a gap in tooling for automobile security assessments. With ease-of-use, modern car computing requirements, and affordability as motivating factors, the Connected Vehicle Security practice has built and is open-sourcing a hardware tool called “4CAN” with accompanying software, for the benefit of all automobile security researchers. We hope 4CAN will give researchers and car manufacturers the ability to test their on-board computers for potential vulnerabilities, making the vehicles safer and more secure for drivers before they even leave the lot.
Check out the complete FAQ here.

Source:: Cisco Security Notice

What you — and your company — should know about cyber insurance

By Talos Group It’s no longer a question of “if” any given company or organization is going to be hit with a cyber attack — it’s when. And when that attack comes, who is willing to take on that risk?
For some groups, it may be that they feel they are fully prepared to take on the challenge of defending against an attack or potentially recover from one. But cyber security insurance offers the ability to transfer that risk to an insurance company that can help you with everything from covering lost revenue to providing incident response as soon as you detect an attack.
Is cyber insurance the right choice for your company or organization? Talos spoke to two cyber insurance experts to get answers to the questions we had around cyber insurance to help you make an informed decision.
Check out the complete FAQ here.

Source:: Cisco Security Notice

Threat Roundup for August 9 to August 16

By Talos Group
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between Aug. 9 and Aug. 16. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats.
As a reminder, the information provided for the following threats in this post is non-exhaustive and current as of the date of publication. Additionally, please keep in mind that IOC searching is only one part of threat hunting. Spotting a single IOC does not necessarily indicate maliciousness. Detection and coverage for the following threats is subject to updates, pending additional threat or vulnerability analysis. For the most current information, please refer to your Firepower Management Center, Snort.org, or ClamAV.net.
Read More
Reference:
TRU08162019 – This is a JSON file that includes the IOCs referenced in this post, as well as all hashes associated with the cluster. The list is limited to 25 hashes in this blog post. As always, please remember that all IOCs contained in this document are indicators, and that one single IOC does not indicate maliciousness. See the Read More link above for more details.

Source:: Cisco Security Notice

Three Reasons to Upgrade Your Legacy AV/Endpoint Security

By Gedeon Hombrebueno What technology do you remember the most from the ‘80s – ‘90s? Portable CD players? Floppy disks? 2G flip phones? None of these, of course, survived the digital evolution. Do you know which technology developed in that era that did survive? Legacy antivirus (AV).
That’s right. While many other technologies have evolved in the last few decades to keep up with today’s digital environment, legacy AV is still around. Despite the fact that, according to a 2018 Ponemon survey, security practitioners believe AV catches only about 43% of attacks.
As we learned from our CISO Benchmark Survey, 90% of incidents are related to malware, and malware is the most common attack that results in loss of data. From the Ponemon survey, we also know that 76% of endpoint attacks come from zero-day or unknown threats. If your security defense relies on traditional endpoint security using legacy AV technology — how well does it protect your organization given today’s sophisticated and fast-evolving threat environment?
Why It’s Time to Give Up ‘Traditional‘
According to a SANS report, endpoints are the second top type of system (behind cloud apps) that is most commonly involved in data breaches. Given how critical it is to protect endpoints, and how vulnerable they are without the right defense, your organization can’t afford to stick with traditional endpoint security.
Here is where legacy endpoint security falls short — and how next-generation endpoint security technology is different:
Detection:Legacy AV solutions are no match for evolved threats like fileless and polymorphic malware. Since attackers are skilled at remaining stealthy until they’re ready to make their move, traditional AV is unlikely to detect those stealthy threats when they first enter your environment, masquerading as benign files.
To detect advanced threats, next-generation endpoint solutions use a combination of techniques while constantly monitoring file activity. They excel at fast and accurate threat detection because they can detect malicious behavior and stop the threat in its tracks.
Response: Hours, even minutes, count when containing and remediating an attack. One of the many challenges of incident responders is the ability to gather data in an investigation for incident scoping. Traditional AV gives you limited visibility into the trajectory of files, whereas next generation AV enables a granular view of threat activity.
You can’t afford not to have more robust capabilities — the ability to shrink hours and even days off your remediation cycle greatly decreases the likelihood of data exposure and could potentially save your organization millions of dollars. In fact, according to a Ponemon study about the Cost of a Data Breach, containing a breach in fewer than 30 days could save you more than $1 million. No small change, even for a large enterprise.
Efficiency: Many traditional AV providers try keep pace with the evolving threats by adding new components via various discrete agents, resulting in a bloated infrastructure that is labor-intensive for the security practitioner to operate. The more time you spend in and out of multiple consoles, trying to connect the dots, the more time you give the attackers to meet their objectives — especially if many of your tasks are manual.
Think of the bucket brigades of yesteryear, before fire engines were invented. By the time the human chain of the brigade delivered enough water by hand, the blaze had ample time to devour the building. If you’re fighting a proverbial fire inside your environment, would you want to rely on a series of manual tasks, or would you feel much more confident using the latest technology that delivers advanced capabilities, leveraging more automation and integration?
What Cisco Offers for Your Next-Generation Endpoint Security
Next generation AV from Cisco helps you uncover the riskiest 1% of threats that legacy AV solutions miss. Capabilities that Cisco offers you include:
Prevention and detection: Backed by the best global threat intelligence from Cisco Talos, detect and block both signature-based and advanced threats, including fileless malware and ransomware. Use dynamic file analysis to instantly gain visibility into the behavior of an unknown or suspect file, and get a fast verdict.
Response: Continuously monitor all file activity with retrospective capabilities, so you can quickly block stealthy malware at the first sign of malicious behavior, and isolate compromised hosts to stop the spread of an infection. With device and file trajectory, you can also scope an incident more efficiently, speeding up remediation time.
Efficiency: An integrated security architecture simplifies your workflow and doesn’t require you to add multiple agents to your endpoints. Additionally, you only have to see a threat once, then automatically block it across your entire environment.
Traditional AV is just that. Traditional. Click here to learn more on how you can prevent, detect and respond to today’s modern threats better, faster with next generation AV.

Source:: Cisco Security Notice

Breath Deeply, Relax…Now Focus…on Integrating Your Security Architecture

By Scott Pope “Relax” and “security” are not often found in the same sentence. There is not much about the current threat environment that elicits relaxation.
But in this era of mindfulness and getting focused, Cisco has done just that. We have put a single-minded focus on integrating our own security portfolio so that we close attack vectors and decrease deployment complexity. And we have also forged pathways for integration with our security products so that your multi-vendor security environment can work in unison to focus on the same problem set, together.
Today we welcome 15 new industry partners with 20 new product integrations to the Cisco Security Technology Alliance(CSTA)–Cisco’s security development, integration and certification framework. CSTA is focused on enabling product integrations that deliver easier and better security in multi-vendor deployments. There are now over 175 development partners representing 300+ product-to-product integrations in CSTA. See details of the new partners and product integrations below.
Customers can integrate existing technology with Cisco security products to improve security telemetry, prioritize the urgent alerts, streamline workflows and get better security outcomes. No two customer environments are alike and that’s why we have built a customizable integration framework for nearly every product in the Cisco security portfolio. We’ve also got a talented services team that can help implement all of this, from a small integration to a turnkey solution.
In other big news, the Cisco Platform Exchange Grid (pxGrid) security integration framework is now the foundation of an IETF-approved Internet standard. Read all about it Here
Here’s a summary of what’s new:
New Cisco Advanced Malware Protection (AMP) for Endpoints Integrations
Using the Cisco AMP for Endpoints APIs partner integrations provide analysts with rich threat information and actions on endpoint events like retrieving endpoint information, hunting indicators on endpoints, searching events, etc. Panaseer, JASK, IBM BigFix and IBMResilient are 4 integrations that are now available for AMP for Endpoint customers to integrate with. These integrations collect all AMP for Endpoint event data via the streaming API for correlation or other uses.
New Cisco Cloud Security Integrations
The Cisco Cloud Security ecosystemalso expands with more integrations. BlueCat and NS1 are DDI solutions that integrate and share DNS context with Cisco Umbrella. EclecticIQ and JASK now integrate with Umbrella to enrich their domain context.
Bringing 3rd Party Threat Intelligence into Cisco Next-Gen Firewall
By ingesting threat intelligence from 3rd party threat feeds, Cisco Threat Intelligence Director (CTID) capabilities in the Cisco Firepower Next-Gen Firewall correlate threat intelligence with events in the Firepower Management Console, simplifying threat investigation. CTID has a new integration with Seclytics.
Multi-Vendor Threat Event & Platform Management for Cisco Next-Gen Firewall and ASA
Cisco Firepower and ASA have new partner integrations. AppviewX uses the ASA Management API to manage ASA policies. Firesec’s SOAR platform now supports both Firepower and ASA. Picus identifies security gaps and exposures now supports Firepower.
Cisco ISE Partners being added
The Cisco pxGrid ecosystem is adding 4 new partner integrations to its long list of integrations.
CyberX joins the IoT visibility partners providing enhanced visibility of IoT devices on the network. Nyansa Voyanceprovides IoT threat defense by using ISE to take RTC actions. Smokescreen joins the Deception technology vendors with its IllusionBLACKproduct integrating its decoys and ISE to take remediation actions. Panaseer Smart Inventorywhich provides visibility into risk integrates with ISE to enhance its context of the endpoints. Besides the above pxGrid partners, Noovus Apolois a custom application which integrates with ISE to provide Service Provider customers with an easier method to automate operational functions with ISE.
Cisco Security Connector (CSC) Integrations
Cisco Security Connectorfor Apple iOS provides organizations with the visibility and control they need to confidently accelerate deployment of mobile devices. CSC is the only Apple approved security application for supervised iOS devices, and integrates with best-in-class MDM/EMM platforms. CSC now adds support for InventIT’s MobiConnect.
Sharing Cisco Threat Grid Threat Intelligence
Using the powerful and insightful Cisco Threat Grid API, a new integration in the Cisco Threat Grid ecosystem being announced with Minerva.This integration simplifies threat investigation for our joint customers by incorporating Threat Grid threat intelligence directly into the Minerva platform.
Cisco Threat Response Integrations
Cisco Threat Response automates integrations across select Cisco Security products and accelerates key security operations functions: detection, investigation, and remediation. It also has support for 3rdParty products through its API. Signal Sciences a next-gen WAF and RASP solution now integrates with CTR.
For details on each partner integration in this announcement, please read through the individual partner highlights below.
Happy integrating!
More details about our new partners and their integrations:
[1]New Cisco Advanced Malware Protection (AMP) for Endpoints Integrations
We are announcing two new integrations with IBM Security:
The Cisco AMP4EP integration with IBM Big Fix enables customers to deploy, manage and upgrade AMP connectors quickly in one unified solution; for deeper visibility and control of endpoints. Security and infrastructure teams can track and upgrade AMP4EP across the environment and multiple operating systems (OS); and perform service-related tasks such as reboot computers, start and stop services, enable debug logging, cache clearing and creating support packages. The app includes graphic-rich reporting displaying overviews of the environment; where the AMP connectors are installed and different connector versions, across OS types.
The Cisco AMP4EP integration with IBM Resilient combines enrichment and containment in one consolidated tool; providing the actionable insights needed to accelerate threat detection and incident response. Analysts within Resilient can investigate AMP4EP events for possible malicious activities. Security teams can then automatically pull findings into an incident, rapidly drill down on a threat detected for further analysis and quickly quarantine any malware detected.
JASK ASOC platform seamlessly ingests logs and alerts from Cisco AMP4EP. With this out-of-the-box integration, mutual customers enjoy better context of the endpoint alerts created by AMP4EP. As a SIEM, JASK correlates this data with all other data-sources in the SOC – network, logs, IAM, Threat Intel feeds and more. JASK then automates the triage process by creating Insights – correlated, aggregated, prioritized group of alerts – serving as a real call-for-action for the SOC analyst. This is all done in a cloud-native environment that allows infinite scalability.
The Panaseer Platform enables CISOs and security leaders to quantify business risk and get a grip on RoI. And, by giving analysts the power to model data at scale and freeing IT teams from firefighting it drives continuous, enterprise-wide improvement. The Panaseer Platform fully integrates with Cisco AMP for Endpoints to extract device and event information, feeding the Anti-Malware and Device Inventory data models and enabling end-users to summarize and explore the performance and coverage of AMP for Endpoints.
[2]New Cisco Cloud Security Integrations
Cisco Umbrella uses DNS to block malicious queries at the network boundary and in the cloud, providing a strong external defense. BlueCat offers similar control at the device level by acting as the “first hop” recursive server, applying security policies to DNS activity right at the source of a query. The integration provides source IP and other contextual data from BlueCat to Cisco Umbrella. Data sharing between the two applications provides a consistent, unified approach to DNS-based security which touches every relevant point on the network.
The EclecticIQ Platform is an analyst-centric threat intelligence platform based on STIX/TAXII. By integrating with Umbrella analysts can quickly discern threats and attribution intelligence from observables used in active campaigns as the cloud-based enricher provides information relating domains, IP addresses and file hashes. The integration enables analysts to dynamically build a repository of intelligence relating to domain activity.

JASK ASOC platform seamlessly ingests logs and alerts from CISCO Umbrella. With this out-of-the-box integration, our mutual customers enjoy the better context of the DNS & IP layer, proxy and C&C alerts created by CISCO Umbrella: as a SIEM, JASK correlates this data with all other data sources in the SOC – endpoint, network, logs, IAM, Threat Intel feeds and more. JASK then automates the triage process by creating Insights – correlated, aggregated, prioritized group of alerts – serving as a real call-for-action for the SOC analyst. This is all done in a cloud-native environment that allows infinite scalability.

NS1 is a modern DDI solution that integrates with Cisco Umbrella to offer a unified solution to support agile application deployment and delivery while protecting your most critical assets. Easy to use and simple to manage, the integration allows customers to get the best of intelligent DNS traffic steering behind the firewall while protecting outbound queries with Umbrella security. Designed to be API-first, NS1 delivers flexible, next-generation DNS solutions that solve complex performance, traffic management, and automation challenges. With Cisco Umbrella’s predictive and analytical approach to security, DNS becomes a control plane for the modern enterprise.
[3]New Cisco Threat Intelligence Director (CTID) for Firepower Integrations
Seclytics uses science to identify the origin of attacks 51+ days before they strike. We use patent-pending science to hunt adversaries in the wild during their precrime setup stages, resulting in over 5,000 unique adversary profiles to date. Continuous surveillance ensures we know when they go live on day zero and remove the element of surprise – leveling the playing field for the first time. Our SaaS-based platform uniquely provides prevention at the precrime stage, at zero day when they go live and beyond. The Seclytics Attack Prediction feed has been certified to work with Cisco Firepower’s Threat Intelligence Director benefiting joint customers. To see how Seclytics uses Science to save you time, money and risk, please visit Seclytics.
[4] New Cisco Firepower Next-Gen Firewall Integrations
AppViewX has integrated with Cisco ASA beginning from version 8.4 till the latest 9.9.2 version. Similar to other vendor firewalls once Cisco ASA is added in the inventory, all the Security policies, Objects, NAT rules are downloaded and saved in AppViewX database. Users can view, compare all the downloaded configuration through the centralized AppViewX console and any configuration changes can be done. AppViewX has the intelligence to find out any configuration changes done in Cisco ASA and updates the database with the help of Syslogs.
Firesec is a Security Analysis and Orchestration platform. It is designed solve problems of these personas – CISO, Security Consultant, Security Auditor and Network Administrator. It is an automated solution for security configuration analysis and compliance readiness. It supports a wide variety of firewalls and helps enhance the security of your network as well as significantly speed up compliance to standards such as PCI DSS, CI Security Benchmarks etc., It offers flexible options to perform network device configuration analysis and has both manual and automatic mechanisms to collect the configuration information from Cisco ASA version 8 and up, Cisco IOS version 12.0 and up, Cisco Firepower version 6.
Picus Platform continuously assesses corporate defenses to reveal security gaps, provides a measurement dashboard clearly displaying the live security status and goes beyond current offerings in the market to proactively suggest fixes and mitigate threats. When Picus identifies a potential exposure on a Cisco Firepower platform in a customer environment, options for quick mitigation actions are immediately provided. This approach assures that Cisco Firepower feature set and policy options are fully and continually utilized, and that the best possible resilience is offered against emerging cyber-threats in real-time.
[5]New Cisco pxGrid Integrations
Using patented technology, CyberX provides IoT & ICS Asset Discovery, Risk & Vulnerability Management, Continuous IoT & ICS Threat Monitoring, Incident Response & Threat Hunting, Unified IT/OT security monitoring and governance, and IoT & ICS Threat Intelligence. Network administrators and SOC analysts who use Cisco ISE and CyberX together bring identity management and security policy creation capabilities in ISE to assets in the IoT and ICS environments.

Nyansa Voyance IoT Security solution is an agentless security platform for IoT and unmanaged critical devices that collects data passively. Voyance integrates with Cisco ISE via pxGrid for active threat containment, by isolating the host machines where malicious activity has been observed.

Noovus Apolo is a front-end web application that automate operational functions when ISE is the RADIUS/AAA server. Integrating via the Cisco ISE ERS API, Apolo allows a non-admin user to automatically update user’s passwords, personal information, notify alarms and others.
Panaseer is the first Continuous Controls Monitoring platform to give CISOs visibility of all assets, and the confidence that security controls are working effectively. Panaseer’s integration with Cisco ISE supplements Panaseer’s Smart Inventory with network contextual data. Panaseer uses device attribute information from a variety of sources to create a comprehensive baseline with which to accurately measure the coverage of their security controls, enabling visibility into their greatest risks.

Smokescreen is a deception platform which uses a combination of machine learning and deception to detect cyberattacks that bypass the protection mechanisms. Smokescreen integrates with Cisco ISE via pxGrid for active threat containment, by isolating the host machines where malicious activity has been observed.
[6] New Cisco Security Connector Integrations
InventIT’s MobiConnect manages the Cisco Security Connector application with and its associated functions, Cisco Umbrella and Cisco AMP Clarity to supervised iOS device. Cisco Umbrella and Cisco AMP Clarity with MobiConnect can provide a view of application behavior and protects devices against malicious sites. MobiConnect can deploy Cisco Security Connector applications and profile to devices.
[7]New Cisco Threat Grid Integration
Minerva Labs‘ innovative endpoint security solution protects enterprises from today’s stealthiest attacks without the need to detect threats first, all before any damage has been done. The company’s Anti-Evasion Platform deceives malware by controlling how it perceives its environment, blocking unknown threats that evade existing defenses. Without relying on signatures, models or behavioral patterns, the Anti-Evasion Platform causes malware to disarm itself, thwarting it before the need to engage costly security resources. Minerva’s Anti-Evasion Platform integrates with Threat Grid to automatically identify mutex-based infection markers to protect endpoints.
[8] New Cisco Threat Response Integrations
With its next-gen WAF and RASP solution, Signal Sciences protects over 10,000 applications and over a trillion production requests per month. Signal Sciences‘ patented architecture provides organizations working in a modern development environment with comprehensive and scalable threat protection and security visibility. With the integration, an analyst can analyze and correlate event data using context from Cisco Threat Response; open a case to collect and store key investigative information, orchestrate resources for incident response, and manage and document progress and findings; and take corrective actions in other Cisco products to remediate and address the threats across the security stack by monitoring, filtering, and blocking known attackers.

Source:: Cisco Security Notice

UC-Bundle für Einsteiger

Aktuell in der Sommer-Promotion bis zum 31.10.2019 – Unser innovaphone UC-Bundle für Einsteiger

Gemeinsam mit unserem Herstellerpartner Innovaphone bieten wir eine komplette, maßgeschneiderte UC-Lösung für den KMU-Bereich zum absoluten Knüllerpreis an. Das Bundle besteht aus folgenden Komponenten:

1 mal IP411 VoIP-Gateway
1 mal mSSD 32GB als Speichermedium
2 mal IP Phone IP111
1 mal IP Phone IP222
6 mal SMB Port-Lizenz (erweiterbar bis zu 20)
3 mal UC-Bundle-Lizenz (beinhaltet die innovaphone Lizenzen Phone App, Softphone App, Application Sharing, Video, Voicemail User, Mobility und Fax)
Weitere Kommunikationsapps wie zum Beispiel die Chat App oder die Call List App sind ohne Lizenz kostenlos erhältlich.

Das UC-Bundle für Einsteiger ist bei einer Bestellung bis zum 30.10.2019 zum Preis von EURO 799,00 zzgl. MwSt. erhältlich.

„Nur Telefonieren“ war gestern! Mit der Kommunikationsplattform myApps erhalten innovaphone Kunden alles in einem – vielfältige Telefonie-Funktionalitäten plus eine komplette Unified Communications-Lösung. Und das für alle Unternehmensgrößen im gleichen Leistungsumfang, denn die einzigartige Produktarchitektur ermöglicht eine stufenlose Skalierbarkeit und ist jederzeit erweiterbar.

Gerne stehen wir Ihnen auch für eine Live-Demo zur Verfügung.

Daniel Wenzlau
02261 9155054
wenzlau@oberberg.net
Dirk Zurawski
02261 9155051
zurawski@oberberg.net
DSC_2022 klein
Jörg Wegner
02261 9155052
wegner@oberberg.net