Activity Descriptions provide more context and help with understanding and security implications of suspicious Activities. With this update, we are expanding the coverage to a vast majority of Activities in our catalog.
New Confirmed Threats
In July, Cognitive Intelligence in cooperation with Cisco Talos focused on high-risk threats observable in our telemetry. Thanks to the improvement made to our Machine Learning Cybersecurity Platform (see Machine Learning Backend Improved) we have added 8 net-new Confirmed Threat types (see the list below) and increased coverage for a bigger variety of previously existing Confirmed Threats.
Sample finding of Ponystealer trojan (Confirmed Threat ID CTAL0155)
List of new Confirmed Threat types in July:
Confirmed Threat ID
Neutrino malware targets point of sale (PoS) terminals. This family is known for using anti-sandbox techniques to hinder automatic analysis.
Trickbot (aka Trickster) banking Trojan targeting sensitive information for select financial institutions, frequently distributed through malicious spam campaigns.
Ponystealer Trojan which is known to be able to steal credentials from over 100 different applications and may also install other malware such as a remote access trojan (RAT).
Unsafe that is a Windows trojan. Collects system information, downloads/uploads files and drops additional payload.
Qakbot Trojan malware family which targets Windows OS, may have rootkit capability, can spread through network shared drives and removable storage devices. Threat may open a backdoor to track user activity, steal data and device information, or download malicious code.
MSILPerseus Trojan steals information and passwords from infected devices, has backdoor capabilities, and can deliver additional malware.
Khalesi is capable of stealing credentials stored in common browsers, cryptocurrency wallets and data from messaging apps (such as Skype and Telegram). Usually delivered through exploit kits and spam emails.
Auto-cleanup of incomplete incidents
We have identified a usability problem in the life cycle of Incidents. It could happen that due to the timeout of key suspicious activities that form an Incident, some Incidents could become obsolete yet still displayed in the user interface but missing the proof points in the form of suspicious activities. The incidents with expired anomalous activities are now automatically cleared.
Symptomvpnagentd occasionally causes high CPU and IO load, that could be seen in top(1) and iotop(8). The load does not disappear by itself, vpnagentd must be restarted.Attempts for resolutionI have tried to investigate the cause of the high load wit...
HiI am getting a bit confused with the term "ISE Device Administration via TACACS" and what it actually means. Is it possible to use TACACS to authenticate ISE system administrators? I.E. If more that one person has the authority to perform ISE ...
Greetings one and all.Newbie here setting up a shiney new CISCO ASA 5555-XI followed the Quick Start Guide here : https://www.cisco.com/c/en/us/td/docs/security/asa/quick_start/5500X/5500x_quick_start.html#pgfId-131177 Pulling out collective hai...
Hello, I noticed that in Summary Dashboard of FMC, is not anymore available the Network tab.(Most probably it has been accidentally deleted) Do you know if i can restore only this tab in the dashboard or i have to restore t...
Hello, I have a Cisco ASA configuration : HA- Active/Standby.As soon as I set up standby, I lose the ssh connection. This is because the management interface is overwritten by the synchronization of the configuration with the 'Active'.Can you he...