By Talos Group This post was authored by Paul Rascagneres. Introduction In the CCleaner 64bit stage 2 previously described in our blog, we explained that the attacker modified a legitimate executable that is part of “Symantec Endpoint”. This file is named EFACli64.dll. The modification is performed in the runtime code included by the compiler, more precisely in the […]
Source:: Cisco Security Notice
By Talos Group This post was authored by Paul Rascagneres. Introduction In the CCleaner 64bit stage 2 previously described in our blog, we explained that the attacker modified a legitimate executable that is part of “Symantec Endpoint”. This file is named EFACli64.dll. The modification is performed in the runtime code included by the compiler, more precisely in the […]
Source:: Cisco Security Notice
By Talos Group This post was authored by Edmund Brumaghin, Colin Grady, with contributions from Dave Maynor and @Simpo13. Executive Summary Cisco Talos previously published research into a targeted attack that leveraged an interesting infection process using DNS TXT records to create a bidirectional command and control (C2) channel. Using this channel, the attackers were able to directly […]
Source:: Cisco Security Notice
By Talos Group This post was authored by Edmund Brumaghin, Colin Grady, with contributions from Dave Maynor and @Simpo13. Executive Summary Cisco Talos previously published research into a targeted attack that leveraged an interesting infection process using DNS TXT records to create a bidirectional command and control (C2) channel. Using this channel, the attackers were able to directly […]
Source:: Cisco Security Notice
By Aunudrei Oliver Cisco Stealthwatch and Identity Services Engine (ISE) are key components required to transform your network into a sensor capable of enforcing your security policies. But how do you incorporate automation on your network to full advantage? How do you validate that the existing policy aligns with the company’s overall security posture? And how can you […]
Source:: Cisco Security Notice
By Aunudrei Oliver Cisco Stealthwatch and Identity Services Engine (ISE) are key components required to transform your network into a sensor capable of enforcing your security policies. But how do you incorporate automation on your network to full advantage? How do you validate that the existing policy aligns with the company’s overall security posture? And how can you […]
Source:: Cisco Security Notice
By Susan Runowicz-Smith “Dad, I love your vintage Porsche! But is it safe?” This is the conversation my 90-year old neighbor recently had with his adult children. The Porsche he inherited from his late father-in-law is a thing of beauty – sleek, classic body, and driven once or twice a week. The low-mileage 911 has been maintained meticulously […]
Source:: Cisco Security Notice
By Susan Runowicz-Smith “Dad, I love your vintage Porsche! But is it safe?” This is the conversation my 90-year old neighbor recently had with his adult children. The Porsche he inherited from his late father-in-law is a thing of beauty – sleek, classic body, and driven once or twice a week. The low-mileage 911 has been maintained meticulously […]
Source:: Cisco Security Notice
By Stacy Cannady There’s no doubt that general awareness for cybersecurity has been on the rise in recent years. The importance of using strong passwords, for example, is now common knowledge. But one very popular and effective threat continues to fly largely under the public’s radar: phishing. Why phishing? Researchers found that 30% of phishing messages are opened […]
Source:: Cisco Security Notice
By Stacy Cannady There’s no doubt that general awareness for cybersecurity has been on the rise in recent years. The importance of using strong passwords, for example, is now common knowledge. But one very popular and effective threat continues to fly largely under the public’s radar: phishing. Why phishing? Researchers found that 30% of phishing messages are opened […]
Source:: Cisco Security Notice
