Threat Roundup for September 13 to September 20

By Talos Group
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between Sep. 13 to Sep 20. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats.
As a reminder, the information provided for the following threats in this post is non-exhaustive and current as of the date of publication. Additionally, please keep in mind that IOC searching is only one part of threat hunting. Spotting a single IOC does not necessarily indicate maliciousness. Detection and coverage for the following threats is subject to updates, pending additional threat or vulnerability analysis. For the most current information, please refer to your Firepower Management Center, Snort.org, or ClamAV.net.
Read More
Reference:
TRU09202019 – This is a JSON file that includes the IOCs referenced in this post, as well as all hashes associated with the cluster. The list is limited to 25 hashes in this blog post. As always, please remember that all IOCs contained in this document are indicators, and that one single IOC does not indicate maliciousness. See the Read More link above for more details.

Source:: Cisco Security Notice

Cisco Named a Leader in the 2019 Gartner Magic Quadrant for Network Firewalls

By Dr. Gee Rittenhouse The network is at the heart of the digital transformation, and when it comes to securing it, the firewall remains the frontline of defense for organizations. But as the network continues to evolve, we know that security must adapt. For Cisco, this means providing network security that has world-class controls in every place you need them with unified policy and threat visibility. We have made significant strides towards that vision over the past 12 months, and it is always gratifying when the market acknowledges it.
To that end, I am thrilled to share that Gartner has once again named Cisco a Leader in the Magic Quadrant for Network Firewalls. We believe this recognition validates our multi-year journey to reimagine the firewall as the foundation of a truly integrated security platform.
Cisco has demonstrated its leadership in the market through continuous investment in innovation, including:
Cisco Defense Orchestrator (CDO). At Cisco Live U.S., we launched CDO, a cloud-based, API-driven product that simplifies and unifies policy and device management. From a single interface, you can now seamlessly orchestrate policy changes across all of your ASA, NGFW and Meraki MX devices.
Firepower with Cisco Threat Response (CTR). CTR accelerates detection, investigation and remediation of threats by automating integrations across Cisco Security products and threat intelligence sources. With the new FirePower integration, CTR can now utilize intrusion alerts from FirePower devices to cut through the noise and deliver curated alerts that truly need your attention.
New NGFW appliances. Earlier this year, we released new NGFW appliances that couple ease of use with deep visibility to protect your business – whether you are an SMB, service provider, or anything in between. With a strong cost to performance ratio, they offer a dramatic 3.5x performance boost over previous ASA and Firepower appliances and unique hardware-based capabilities for inspecting encrypted traffic.
These advancements, in addition to many others, have cemented our place in the next-generation firewall market. But we know that in order to deliver truly effective security, the firewall needs to be part of a larger integrated architecture that spans all threat vectors.
This is why Cisco has invested in building the broadest and most effective portfolio that spans the network, endpoint, cloud and workload. And now we are doing the hard work of integrating the products to create a security platform that can automatically share threat intelligence, policy information, and event data. As a result, you have visibility across all attack vectors, and when a Cisco Security product sees a threat in one place, the whole integrated system can automatically stop the threat everywhere across your IT ecosystem.
So, when you invest in Cisco NGFW, you are investing in a foundation for security that is agile and integrated, giving you the strongest security posture available.

Download the 2019 Gartner Magic Quadrant for Network Firewalls

Visit Cisco.com/go/NGFW to learn more about how Cisco NGFW can help secure your organization.

2019 Gartner Magic Quadrant for Network Firewalls, Rajpreet Kaur, Adam Hils, Jeremy D’Hoinne, John Watts, September 17, 2019.
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Source:: Cisco Security Notice

Emotet is back after a summer break

By Talos Group This blog post was written by Colin Grady, William Largent, and Jaeson Schultz.
Emotet is still evolving, five years after its debut as a banking trojan. It is one of the world’s most dangerous botnets and malware droppers-for-hire. The malware payloads dropped by Emotet serve to more fully monetize their attacks, and often include additional banking trojans, information stealers, email harvesters, self-propagation mechanisms and even ransomware.
At the beginning of June 2019, Emotet’s operators decided to take an extended summer vacation. Even the command and control (C2) activities saw a major pause in activity. However, as summer begins drawing to a close, Talos and other researchers started to see increased activity in Emotet’s C2 infrastructure. And as of Sept. 16, 2019, the Emotet botnet has fully reawakened, and has resumed spamming operations once again. While this reemergence may have many users scared, Talos‘ traditional Emotet coverage and protection remains the same. We have a slew of new IOCs to help protect users from this latest push, but past Snort coverage will still block this malware, as well traditional best security practices such as avoiding opening suspicious email attachments and using strong passwords.
Read More

Source:: Cisco Security Notice

Cryptocurrency miners aren’t dead yet: Documenting the voracious but simple “Panda”

By Talos Group By Christopher Evans and David Liebenberg.
Executive summary
A new threat actor named “Panda” has generated thousands of dollars worth of the Monero cryptocurrency through the use of remote access tools (RATs) and illicit cryptocurrency-mining malware. This is far from the most sophisticated actor we’ve ever seen, but it still has been one of the most active attackers we’ve seen in Cisco Talos threat trap data. Panda’s willingness to persistently exploit vulnerable web applications worldwide, their tools allowing them to traverse throughout networks, and their use of RATs, means that organizations worldwide are at risk of having their system resources misused for mining purposes or worse, such as exfiltration of valuable information.
Panda has shown time and again they will update their infrastructure and exploits on the fly as security researchers publicize indicators of compromises and proof of concepts. Our threat traps show that Panda uses exploits previously used by Shadow Brokers — a group infamous for publishing information from the National Security Agency — and Mimikatz, an open-source credential-dumping program.
Talos first became aware of Panda in the summer of 2018, when they were engaging in the successful and widespread “MassMiner” campaign. Shortly thereafter, we linked Panda to another widespread illicit mining campaign with a different set of command and control (C2) servers. Since then, this actor has updated its infrastructure, exploits and payloads. We believe Panda is a legitimate threat capable of spreading cryptocurrency miners that can use up valuable computing resources and slow down networks and systems. Talos confirmed that organizations in the banking, healthcare, transportation, telecommunications, IT services industries were affected in these campaigns.
Read More >>

Source:: Cisco Security Notice

Efrem Lemonis verstärkt unser Technik-Team

Kaum bei uns angekommen und schon den ersten Zertifizierungslehrgang erfolgreich bestanden. So kann man starten, oder?Glückwunsch zum Bestehen des innovaphone Technician Connect.

Zur Freude der Kollegen spielt Efrem an der Konsole im Team X-BOX. In der Freizeit testet er gerne gemeinsam mit seiner Freundin die unterschiedlichsten Restaurants und hält sich auch privat in Sachen PC-Systeme auf dem aktuellsten Stand.

Schön, dass Du an Bord bis, Efrem.

Threat Roundup for September 6 to September 13

By Talos Group
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between Sep. 6. to Sep 13. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats.
As a reminder, the information provided for the following threats in this post is non-exhaustive and current as of the date of publication. Additionally, please keep in mind that IOC searching is only one part of threat hunting. Spotting a single IOC does not necessarily indicate maliciousness. Detection and coverage for the following threats is subject to updates, pending additional threat or vulnerability analysis. For the most current information, please refer to your Firepower Management Center, Snort.org, or ClamAV.net.
Read More
Reference:
TRU09132019 – This is a JSON file that includes the IOCs referenced in this post, as well as all hashes associated with the cluster. The list is limited to 25 hashes in this blog post. As always, please remember that all IOCs contained in this document are indicators, and that one single IOC does not indicate maliciousness. See the Read More link above for more details.

Source:: Cisco Security Notice