Xanthe – Docker aware miner

By Vanja Svajcer and Adam Pridgen, Cisco Incident Command Attackers are constantly reinventing ways of monetizing their tools. Cisco Talos recently discovered an interesting campaign affecting Linux systems employing a multi-modular botnet with several ways to spread and a payload focused on providing financial benefits for the attacker by mining...

2d

Introducing the New “Cisco Security Outcomes Study”

Uncovering today’s most impactful security practices Security teams today are facing extraordinary challenges – securing and supporting the rapidly accelerated “work from anywhere” model, protecting a workforce under stressors unlike anything we’ve seen before, and battling a threat landscape that’s constantly adapting to exploit cracks in the system....

2d

Embedding Trust at the Core of Critical Infrastructure

November marks National Critical Infrastructure Security and Resilience Month and is a timely reminder to keep this conversation at the forefront. Global critical infrastructure speaks to a common theme: sectors that are vital to security, economic security, public health, or safety. The pandemic has reshaped the landscape of critical infrastructure...

3d

Threat Roundup for November 13 to November 20

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between November 13 and November 20. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how...

2w

IT and OT Cybersecurity: United We Stand, Divided We Fall

I was intrigued to learn that certain coyotes and badgers team up while hunting. If the prey runs fast, the coyote takes the lead. If the prey dives underground, it’s the badger’s department. IT and OT can take note. They share a common enemy: cyberattacks targeting the industrial networks that connect Internet of Things (IoT) sensors and industrial...

2w

ISE 3.0 Dynamic Visibility: Step into zero trust for the workplace

Within our Cisco Identity Service Engine (ISE) 3.0 release, we started talking about dynamic visibility. But what is dynamic visibility, what are the benefits, and why should we care? Maybe we should begin with what it is not. Dynamic visibility is not assuming trust based on location. It is not authenticating or establishing trust, based solely on...

2w

Back from vacation: Analyzing Emotet’s activity in 2020

By Nick Biasini, Edmund Brumaghin, and Jaeson Schultz. Emotet is one of the most heavily distributed malware families today. Cisco Talos observes large quantities of Emotet emails being sent to individuals and organizations around the world on an almost daily basis. These emails are typically sent automatically by previously infected systems   attempting...

3w

Nibiru ransomware variant decryptor

Nikhil Hegde developed this tool. Weak encryption The Nibiru ransomware is a .NET-based malware family. It traverses directories in the local disks, encrypts files with Rijndael-256 and gives them a .Nibiru extension. Rijndael-256 is a secure encryption algorithm. However, Nibiru uses a hard-coded string “Nibiru” to compute the 32-byte key and 16-byte...

3w

Does Protection Help As Much As We Think In Security?

I love it when data surprises me. In cybersecurity, we’re good at researching how things can go wrong, but it’s harder to figure out when things are going right. Most of our prescriptive advice starts to sound obvious after all these years: least privilege. Patch all the things. Segmentation. Redundancy. Resilience. And always, always, encryption....

3w

Zero Trust for Workloads: Knowledge is Key

Zero trust is such a popular term in the security space today.  Everyone is talking zero trust, Cisco included. The interesting point is it’s not new – the original architecture model was released in 2010, and the important guidelines have been part of good security practices for years; think about your important assets and develop secure perimeters...

3w