By Talos Group
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between June 28 and July 5. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats.
As a reminder, the information provided for the following threats in this post is non-exhaustive and current as of the date of publication. Additionally, please keep in mind that IOC searching is only one part of threat hunting. Spotting a single IOC does not necessarily indicate maliciousness. Detection and coverage for the following threats is subject to updates, pending additional threat or vulnerability analysis. For the most current information, please refer to your Firepower Management Center, Snort.org, or ClamAV.net.
Read More at Talosintelligence.com
ReferenceTRU07050219 – This is a JSON file that includes the IOCs referenced in this post, as well as all hashes associated with the cluster. The list is limited to 25 hashes in this blog post. As always, please remember that all IOCs contained in this document are indicators, and that one single IOC does not indicate maliciousness. See the Read More link above for more details.
Source:: Cisco Security Notice
By McCall Moore Partner Success Story
Too often, businesses find out about unhappy customers after they’ve left. Maybe the hotel room was too hot, or they were less than impressed with the free breakfast. The chance to make good is gone, and now there’s a negative online review and a lost opportunity for customer loyalty.
Thankfully, companies are catching on to the beauty of real-time customer feedback, allowing staff to address issues on the spot, and turning negative experiences into positive ones. Local Measure is a leading customer experience platform for the hospitality industry, and their Pulse solution captures feedback that helps convert critics into loyal customers.
It’s simple and seamless: with Pulse in place alongside Cisco Wi-Fi Solutions, customers can easily login through a captive portal—immediately receiving the question “How is your experience going so far?” with an option to tap on an emoji rating. A negative rating generates a request for details, capturing the info in a customer profile and letting staff address the issue right away.
With Local Measure Pulse, businesses can reduce negative online reviews, improve customer satisfaction, and even increase spend per customer. But can real-time feedback also help companies boost their bottom line? That’s the question Local Measure asked when they commissioned Forrester Consulting to conduct a Total Economic Impact (TEI) study.
The answer was a resounding yes. The study, The Total Economic Impact of Local Measure’s Pulse, analyzed the solution’s ability to reduce service costs and improve guest experience and staff efficiency—and revealed a potential ROI of 280%.
And the benefits don’t stop there. Solutions like Pulse help businesses know their customers better, capturing feedback and contact details. All the while, managers have eyes into how quickly front-line teams respond to customers. While many companies gather customer feedback, now they can prove its financial benefits—seizing the attention of the C-suite and putting exceptional customer experiences top of mind
Between sad emoji and heart-eyes, there’s a bridge.
Share your story on what you are making possible for our customers.
Source:: Cisco Security Notice
By Talos Group Simple DirectMedia Layer contains two vulnerabilities that could an attacker to remotely execute code on the victim’s machine. Both bugs are present in the SDL2_image library, which is used for loading images in different formats. There are vulnerabilities in the function responsible for loading PCX files. A specially crafted PCX file can lead to a heap buffer overflow and remote code execution in both cases.
In accordance with our coordinated disclosure policy, Cisco Talos worked with SDL to ensure that these issues are resolved and that an update is available for affected customers. Check out the Talos blog for all the details and coverage.
Source:: Cisco Security Notice
Eine neue Generation der weit verbreiteten 100er Serie der FortiGate geht an den Start. Die FortiGate 100F (wobei das F durchaus für flott stehen könnte) punktet z.B. mit dem nagelneuen SoC4, der von Fortinet als SD-WAN ASIC konzipiert wurde. Diese Vorteile bietet die FortiGate 100F:
- SD-WAN optimierte Hardware dank SoC4
- 20 Gbps Firewall Durchsatz
- 700 Mbps Threat Protection Durchsatz
- 2x 10 GE SFP+
- Eingebautes redundantes Netzteil
Das Highlight ist hierbei, dass SD-WAN-Funktionalität direkt mit dem Thema Sicherheit vereint in einer Lösung geliefert wird.
Das Datenblatt zur FortiGate 100F finden Sie hier.
Über den Einsatz auch in Ihrem Hause sprechen wir sehr gerne mit Ihnen.
Bastian Breidenbach
By Talos Group Malware is constantly finding new ways to avoid detection. This doesn’t mean that some will never be detected, but it does allow adversaries to increase the period of time between initial release and detection. Flying under the radar for just a few days is enough to infect sufficient machines to earn a decent amount of revenue for an attack. Cisco Talos recently discovered a new campaign delivering the HawkEye Reborn keylogger and other malware that proves attackers are constantly creating new ways to avoid antivirus detection. In this campaign, the attackers built a complex loader to ensure antivirus systems to not detect the payload malware. Among these features is the infamous “Heaven’s Gate” technique — a trick that allows 32-bit malware running on 64-bit systems to hide API calls by switching to a 64-bit environment. In this blog, we will show how to analyze this loader quickly, and provide an overview of how these attackers deliver the well-known HawkEye Reborn malware. During our analysis, we also discovered several notable malware families, including Remcos and various cryptocurrency mining trojans, leveraging the same loader in an attempt to evade detection and impede analysis.
Read More >>
Source:: Cisco Security Notice