How Tortoiseshell created a fake veteran hiring website to host malware

By Talos Group
Cisco Talos recently discovered a threat actor attempting to take advantage of Americans who may be seeking a job, especially military veterans. The actor, previously identified by Symantec as Tortoiseshell, deployed a website called hxxp://hiremilitaryheroes[.]com that posed as a website to help U.S. military veterans find jobs. The URL is strikingly close to the legitimate service from the U.S. Chamber of Commerce, https://www.hiringourheroes.org. The site prompted users to download an app, which was actually a malware downloader, deploying malicious spying tools and other malware.
This is just the latest actions by Tortoiseshell. Previous research showed that the actor was behind an attacker on an IT provider in Saudi Arabia. For this campaign Talos tracked, Tortoiseshell used the same backdoor that it has in the past, showing that they are relying on some of the same tactics, techniques and procedures (TTPs).
at Talosintelligence.com

Source:: Cisco Security Notice

Cybersecurity is a Team Sport

By Anthony Grieco The world is facing a collective challenge with a growing cyber threat landscape. Trends like the Internet of Things (IoT) and 5G are expanding the attack surface with over 40 billion devices expected online within five years. A new wave of advanced ransomware may cost our global economy up to $20 billion by the year 2021. Countries and regions alike are struggling to create consistent regulations that protect their citizens and stay ahead of emerging threats. Organizations wanting to go digital are looking around for who they can trust. To deliver security and trust on a global scale in this environment will require more than individual companies operating in silos, it is a multi-party responsibility including both the public and private sector. It will require a new set of diverse talent. It will require new technical capabilities. It will require research to help stay one step ahead. It will require collaboration. Each of these requirements need to be cultivated to get us where we need to be as an industry.

The time to plant the seeds for our collective future is with action – today.

We know the pain of digital transformation. At Cisco, we’ve gone through our own transformation in a highly complex environment. Think many clouds, operating 176,000 networks across the globe, blocking 20 billion threats on the internet a day, not to mention delivering our portfolio of over 600 product lines. The struggle is real. But even if we don’t have all the answers, the silver lining is that this experience has pushed us to learn at every stage of our journey. We see it as our role and responsibility to share our experience with others and are constantly looking for new opportunities to amplify those efforts. After all, cybersecurity is a team sport. As organizations, countries, and regions raise the bar for global cybersecurity…we all reap the benefits. Many are talking about co-innovation, collaboration and partnerships. We need to do more than talk. We need the right tools and the right environment where productive conversations, best practice sharing, and hands-on learning can happen.
That is why we are investing in our first Center of Excellence and Co-Innovation that will focus on cybersecurity and privacy. Opening in Milan in 2020, the center will bring together experts from both the public and private sectors to connect, learn, research and create solutions to help solve some of our most pressing security and privacy challenges. Leveraging our global network of Co-Innovation Centers and Cisco DevNet, a platform with more than 500,000 developers, the center will provide an environment to tackle complex challenges such as securing critical infrastructure (i.e. utilities, smartgrids) as well as evaluating the future complications of technologies like IoT and 5G. To supplement our investment on the future, we are also supporting a number of scholarships for a Master of Science in Cyber Risk Strategy & Governance at two Italian universities.
Cisco works with universities around the world in over a hundred different research projects and programs related to the enhancement of cybersecurity, data protection and privacy. This is in addition to more than 326,000 students worldwide who took cybersecurity courses last fiscal year through Cisco Networking Academy. Through collaboration and education, our goal is for these actions to cultivate future talent and build expertise for the next generation.
I am proud of the long-term commitment Cisco has laid down to help build the next generation of cybersecurity talent and co-innovation. My challenge to each of you is to join us – either physically at one of our programs or philosophically aligned to the spirit of collaboration. Regardless of where you are on your journey. Maybe you are new to cybersecurity. Or you are just starting to take your organization digital. There is a role and place for your contribution. If you have just started, I encourage you to seek out others who have a long history and experience with security and privacy challenges. For those of you who have that proven experience…it is your role to share it. Because the reality is that no one is going to win alone. It’s time for action and to get involved.
To succeed in tackling the world’s most critical and complex cybersecurity challenges we must work together. Join the team.
Want to hear more about Cisco’s cybersecurity journey? Check out our Trust Center to learn more.

Source:: Cisco Security Notice

innovaphone myPBX Launcher für Mac OS

Seit mehr als 16 Jahren sind wir zertifizierter innovaphone-Partner. Was wir hierbei erfahren haben, ist das ausgesprochen kollegiale Verhältnis der Partner untereinander. Insofern freuen wir uns, eine Entwicklung des innovaphone-Partners Infoso vorstellen zu dürfen.

Wer am Mac bislang die myPBX nutzen wollte, war auf die Browser-Version festgelegt und konnte u.a. keinen Hotkey für die Schnellwahl verwenden (copy & paste war hier das Mittel der Wahl). Infoso hat nun einen innovaphone myPBX Launcher für Mac OS entwickelt und bietet diesen kostenfrei zum Download an.

Was man mit der Software machen kann, zeigt Lars Dietrichkeit von innovaphone in diesem Video:

Threat Roundup for September 13 to September 20

By Talos Group
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between Sep. 13 to Sep 20. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats.
As a reminder, the information provided for the following threats in this post is non-exhaustive and current as of the date of publication. Additionally, please keep in mind that IOC searching is only one part of threat hunting. Spotting a single IOC does not necessarily indicate maliciousness. Detection and coverage for the following threats is subject to updates, pending additional threat or vulnerability analysis. For the most current information, please refer to your Firepower Management Center, Snort.org, or ClamAV.net.
Read More
Reference:
TRU09202019 – This is a JSON file that includes the IOCs referenced in this post, as well as all hashes associated with the cluster. The list is limited to 25 hashes in this blog post. As always, please remember that all IOCs contained in this document are indicators, and that one single IOC does not indicate maliciousness. See the Read More link above for more details.

Source:: Cisco Security Notice

Cisco Named a Leader in the 2019 Gartner Magic Quadrant for Network Firewalls

By Dr. Gee Rittenhouse The network is at the heart of the digital transformation, and when it comes to securing it, the firewall remains the frontline of defense for organizations. But as the network continues to evolve, we know that security must adapt. For Cisco, this means providing network security that has world-class controls in every place you need them with unified policy and threat visibility. We have made significant strides towards that vision over the past 12 months, and it is always gratifying when the market acknowledges it.
To that end, I am thrilled to share that Gartner has once again named Cisco a Leader in the Magic Quadrant for Network Firewalls. We believe this recognition validates our multi-year journey to reimagine the firewall as the foundation of a truly integrated security platform.
Cisco has demonstrated its leadership in the market through continuous investment in innovation, including:
Cisco Defense Orchestrator (CDO). At Cisco Live U.S., we launched CDO, a cloud-based, API-driven product that simplifies and unifies policy and device management. From a single interface, you can now seamlessly orchestrate policy changes across all of your ASA, NGFW and Meraki MX devices.
Firepower with Cisco Threat Response (CTR). CTR accelerates detection, investigation and remediation of threats by automating integrations across Cisco Security products and threat intelligence sources. With the new FirePower integration, CTR can now utilize intrusion alerts from FirePower devices to cut through the noise and deliver curated alerts that truly need your attention.
New NGFW appliances. Earlier this year, we released new NGFW appliances that couple ease of use with deep visibility to protect your business – whether you are an SMB, service provider, or anything in between. With a strong cost to performance ratio, they offer a dramatic 3.5x performance boost over previous ASA and Firepower appliances and unique hardware-based capabilities for inspecting encrypted traffic.
These advancements, in addition to many others, have cemented our place in the next-generation firewall market. But we know that in order to deliver truly effective security, the firewall needs to be part of a larger integrated architecture that spans all threat vectors.
This is why Cisco has invested in building the broadest and most effective portfolio that spans the network, endpoint, cloud and workload. And now we are doing the hard work of integrating the products to create a security platform that can automatically share threat intelligence, policy information, and event data. As a result, you have visibility across all attack vectors, and when a Cisco Security product sees a threat in one place, the whole integrated system can automatically stop the threat everywhere across your IT ecosystem.
So, when you invest in Cisco NGFW, you are investing in a foundation for security that is agile and integrated, giving you the strongest security posture available.

Download the 2019 Gartner Magic Quadrant for Network Firewalls

Visit Cisco.com/go/NGFW to learn more about how Cisco NGFW can help secure your organization.

2019 Gartner Magic Quadrant for Network Firewalls, Rajpreet Kaur, Adam Hils, Jeremy D’Hoinne, John Watts, September 17, 2019.
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Source:: Cisco Security Notice

Emotet is back after a summer break

By Talos Group This blog post was written by Colin Grady, William Largent, and Jaeson Schultz.
Emotet is still evolving, five years after its debut as a banking trojan. It is one of the world’s most dangerous botnets and malware droppers-for-hire. The malware payloads dropped by Emotet serve to more fully monetize their attacks, and often include additional banking trojans, information stealers, email harvesters, self-propagation mechanisms and even ransomware.
At the beginning of June 2019, Emotet’s operators decided to take an extended summer vacation. Even the command and control (C2) activities saw a major pause in activity. However, as summer begins drawing to a close, Talos and other researchers started to see increased activity in Emotet’s C2 infrastructure. And as of Sept. 16, 2019, the Emotet botnet has fully reawakened, and has resumed spamming operations once again. While this reemergence may have many users scared, Talos‘ traditional Emotet coverage and protection remains the same. We have a slew of new IOCs to help protect users from this latest push, but past Snort coverage will still block this malware, as well traditional best security practices such as avoiding opening suspicious email attachments and using strong passwords.
Read More

Source:: Cisco Security Notice

Cryptocurrency miners aren’t dead yet: Documenting the voracious but simple “Panda”

By Talos Group By Christopher Evans and David Liebenberg.
Executive summary
A new threat actor named “Panda” has generated thousands of dollars worth of the Monero cryptocurrency through the use of remote access tools (RATs) and illicit cryptocurrency-mining malware. This is far from the most sophisticated actor we’ve ever seen, but it still has been one of the most active attackers we’ve seen in Cisco Talos threat trap data. Panda’s willingness to persistently exploit vulnerable web applications worldwide, their tools allowing them to traverse throughout networks, and their use of RATs, means that organizations worldwide are at risk of having their system resources misused for mining purposes or worse, such as exfiltration of valuable information.
Panda has shown time and again they will update their infrastructure and exploits on the fly as security researchers publicize indicators of compromises and proof of concepts. Our threat traps show that Panda uses exploits previously used by Shadow Brokers — a group infamous for publishing information from the National Security Agency — and Mimikatz, an open-source credential-dumping program.
Talos first became aware of Panda in the summer of 2018, when they were engaging in the successful and widespread “MassMiner” campaign. Shortly thereafter, we linked Panda to another widespread illicit mining campaign with a different set of command and control (C2) servers. Since then, this actor has updated its infrastructure, exploits and payloads. We believe Panda is a legitimate threat capable of spreading cryptocurrency miners that can use up valuable computing resources and slow down networks and systems. Talos confirmed that organizations in the banking, healthcare, transportation, telecommunications, IT services industries were affected in these campaigns.
Read More >>

Source:: Cisco Security Notice