Activity Descriptions provide more context and help with understanding and security implications of suspicious Activities. With this update, we are expanding the coverage to a vast majority of Activities in our catalog.
New Confirmed Threats
In July, Cognitive Intelligence in cooperation with Cisco Talos focused on high-risk threats observable in our telemetry. Thanks to the improvement made to our Machine Learning Cybersecurity Platform (see Machine Learning Backend Improved) we have added 8 net-new Confirmed Threat types (see the list below) and increased coverage for a bigger variety of previously existing Confirmed Threats.
Sample finding of Ponystealer trojan (Confirmed Threat ID CTAL0155)
List of new Confirmed Threat types in July:
Confirmed Threat ID
Neutrino malware targets point of sale (PoS) terminals. This family is known for using anti-sandbox techniques to hinder automatic analysis.
Trickbot (aka Trickster) banking Trojan targeting sensitive information for select financial institutions, frequently distributed through malicious spam campaigns.
Ponystealer Trojan which is known to be able to steal credentials from over 100 different applications and may also install other malware such as a remote access trojan (RAT).
Unsafe that is a Windows trojan. Collects system information, downloads/uploads files and drops additional payload.
Qakbot Trojan malware family which targets Windows OS, may have rootkit capability, can spread through network shared drives and removable storage devices. Threat may open a backdoor to track user activity, steal data and device information, or download malicious code.
MSILPerseus Trojan steals information and passwords from infected devices, has backdoor capabilities, and can deliver additional malware.
Khalesi is capable of stealing credentials stored in common browsers, cryptocurrency wallets and data from messaging apps (such as Skype and Telegram). Usually delivered through exploit kits and spam emails.
Auto-cleanup of incomplete incidents
We have identified a usability problem in the life cycle of Incidents. It could happen that due to the timeout of key suspicious activities that form an Incident, some Incidents could become obsolete yet still displayed in the user interface but missing the proof points in the form of suspicious activities. The incidents with expired anomalous activities are now automatically cleared.
Hi, I am trying to set up a site to site VPN for one of our client with palo alto. However VPN phase 1 is not coming up and when I ran debug I am getting NO_PROPOSAL_CHOOSEN error even though both side are configured poperly setup is like b...
Remote Site - to HQ - Redundant ISPHello,I have am having an issue with a remote site redundant IPSEC tunnel config. When the remote site is on the primary IPSEC tunnel, the traffic from Host A to Host B is successful. When the primary link fails, t...
Hi everyone, I encounter a problem that really strange and tried different ways can't solve the ASA 5515 9.1 not able to allow traffic from inside to outside.Any suggest much appreciated. Keith Here is the sanitized config:asa# sh run: Saved:ASA Vers...
Is this considered a major upgrade or minor? I need to upgrade my Active / Standby Failover pair with 0 downtime. I will upgrade standby and reboot, when it comes up with 9.9 code, will it break the failover with 9.8(4)3 or stay in failover with erro...