Activity Descriptions provide more context and help with understanding and security implications of suspicious Activities. With this update, we are expanding the coverage to a vast majority of Activities in our catalog.
New Confirmed Threats
In July, Cognitive Intelligence in cooperation with Cisco Talos focused on high-risk threats observable in our telemetry. Thanks to the improvement made to our Machine Learning Cybersecurity Platform (see Machine Learning Backend Improved) we have added 8 net-new Confirmed Threat types (see the list below) and increased coverage for a bigger variety of previously existing Confirmed Threats.
Sample finding of Ponystealer trojan (Confirmed Threat ID CTAL0155)
List of new Confirmed Threat types in July:
Confirmed Threat ID
Neutrino malware targets point of sale (PoS) terminals. This family is known for using anti-sandbox techniques to hinder automatic analysis.
Trickbot (aka Trickster) banking Trojan targeting sensitive information for select financial institutions, frequently distributed through malicious spam campaigns.
Ponystealer Trojan which is known to be able to steal credentials from over 100 different applications and may also install other malware such as a remote access trojan (RAT).
Unsafe that is a Windows trojan. Collects system information, downloads/uploads files and drops additional payload.
Qakbot Trojan malware family which targets Windows OS, may have rootkit capability, can spread through network shared drives and removable storage devices. Threat may open a backdoor to track user activity, steal data and device information, or download malicious code.
MSILPerseus Trojan steals information and passwords from infected devices, has backdoor capabilities, and can deliver additional malware.
Khalesi is capable of stealing credentials stored in common browsers, cryptocurrency wallets and data from messaging apps (such as Skype and Telegram). Usually delivered through exploit kits and spam emails.
Auto-cleanup of incomplete incidents
We have identified a usability problem in the life cycle of Incidents. It could happen that due to the timeout of key suspicious activities that form an Incident, some Incidents could become obsolete yet still displayed in the user interface but missing the proof points in the form of suspicious activities. The incidents with expired anomalous activities are now automatically cleared.
Greetings, 'Port Bounce' or 'Reauth' is available in Administration > System > Settings > Profiling. I have it set as 'Reauth' How do I actually make ISE to send a 'Port Bounce' to place a device in a separate VLAN. Please he...
Hi, we are using the cut through proxy feature on an ASA against a radius server for some years. As this is basically a WebSite we are looking for the option todo authentication against SAML or OIDC . I have only found documentation about u...
I am trying to allow port 80 through an this ACL so we can manage the web interfaces of the printers that will be on this vlanthe acl is applied to the vlan as "in" device is WS-C3650-24PD version 16.3.6this is what i have right now10 permit tcp...
Hi Communcity,we have around 14 MacOS with M1 processor that show a fault during the installation of AMP connector.This is because the MDM profile at https://www.cisco.com/c/en/us/support/docs/security/amp-endpoints/216089-advisory-for-amp-for-endpoi...