security research
DNS Hijacking Abuses Trust In Core Internet Service
This blog post discusses the technical details of a state-sponsored attack manipulating DNS systems. While this incident is limited to targeting primarily national security organizations in the Middle East and North Africa, and we do not want to overstate the consequences of this specific campaign,…
Research Innovations in Simple Usable Security
Every year the Symposium on Usable Privacy and Security brings together an interdisciplinary group of researchers and practitioners in human computer interaction, security, and privacy, to present and discuss the latest research in the areas of usable security and privacy. Cisco’s sponsorship…
An introduction to the new Cisco Network Visibility Flow Protocol (nvzFlow)
As recently announced, Cisco AnyConnect 4.2 extends visibility to the endpoint with the Network Visibility Module (NVM). Users are one of the most vulnerable parts of any security strategy, with 78% of organizations saying in a recent survey that a malicious or negligent employee had been the cause…
Calling all Incident Responders
We are happy to announce the final schedule for IRespondCon, a conference that is specifically designed for incident responders. IRespondCon is held annually at OpenDNS HQ and offers a day of free training, presentations, and networking with some of the top information security engineers, instructor…
New Must-Know Security Research for Midsize Organizations
Midsize organizations are among the earliest adopters of new technologies. In general, they conduct much of their business over the Internet and are quick to embrace new apps, online payment systems, cloud, and Bring Your Own Device (BYOD) technologies. Fast adoption of innovations helps them to com…
Threat Spotlight: A String of ‘Paerls’, Part One
This post was co-authored by Jaeson Schultz, Joel Esler, and Richard Harman. Update 7-8-14: Part 2 can be found here This is part one in a two-part series due to the sheer amount of data we found on this threat and threat actor. This particular attack was a combined spearphishing and exploit attem…
Massive Increase in Reconnaissance Activity – Precursor to Attack?
Update 2013-11-12: Watch our youtube discussion Update 2013-11-05: Upon further examination of the traffic we can confirm that a large percentage is destined for TCP port 445. This is indicative of someone looking for nodes running SMB/DCERPC. With that in mind it is extremely likely someone is look…
Scope of ‘KeyBoy’ Targeted Malware Attacks
On June 6, 2013, malwaretracker.com released an analysis of Microsoft Office-based malware that was exploiting a previously unknown vulnerability that was patched by MS12-060. The samples provided were alleged to be targeting Tibetan and Chinese Pro-Democracy Activists. On June 7, 2013, Rapid7 relea…