There is still time to register for the upcoming FIRST Technical Colloquium April 2-3 2013. The event has a very exciting program covering, bitsquatting, webthreats, RPZ, Passive DNS, Real-world monitoring examples, Spamhaus, SIE, Cuckoo Sandbox, Malware Analysis and many more current issues facing the incident response community.
The event’s line-up includes notables from Cisco Security Intelligence Operations (SIO), Internet Systems Consortium, Shadowserver foundation, KPN-CERT, NATO, MyCert and ING amongst others. Program details can be found here.
Read More »
Tags: CSIRT, FIRST, Gavin Reid, KPN-CERT, malware, Malware Analysis, MyCert, NATO, security, security intelligence operations, sio, TRAC
6,000 miles away from Cisco headquarters, the Cisco AnyConnect Secure Mobility Client for Android was showcased at Samsung’s SAFE™ (Samsung for Enterprise) booth at Mobile World Congress 2013. The SAFE program offers enterprise customers the peace of mind to use Samsung devices for both work and play. As noted in this year’s annual security report, Android malware grew 2577% over 2012. Under the SAFE program, Samsung has built an enterprise mobile ecosystem and partnered with key market leaders to deliver tested enterprise-ready solutions on their portfolio of smart devices. Read More »
Tags: 2013 annual security report, cisco annual security report, Cisco AnyConnect, Cisco AnyConnect Secure Mobility Client, Mobile Device Management, Mobile World Congress 2013, vpn
It’s that time of year again, folks. On Wednesday of next week, the Cisco Product Security Incident Response Team (PSIRT) will release the first Cisco IOS Software Security Advisory Bundled Publication of 2013. As a reminder, Cisco releases bundles of Cisco IOS Software Security Advisories on the fourth Wednesday of March and September each calendar year. As is the case with the vast majority of our security advisories, vulnerabilities scheduled for disclosure in the upcoming bundle will normally have a Common Vulnerability Scoring System (CVSS) Base Score from 7.0 to 10.0.
Read More »
Tags: Cisco, IOS, ios bundle, psirt, security, vulnerability
Organizations continue to face threats to their brands, reputations, and profits from attacks on their information systems. The Payment Card Industry Data Security Standard (PCI DSS) is designed to protect credit card information. During my five-year tenure at Cisco, I’ve been focused on PCI. The challenge that we have faced when deploying a solution to help customers become compliant and maintain a secure enterprise is the complexity. At the various trade shows that I have attended to discuss PCI, I have encountered a lot of head-shaking and looks of disgust as I bring up the topic of PCI. To help simplify PCI compliance, Cisco has released the latest Cisco Compliance Solution for PCI DSS 2.0 to make it easier for organizations to maintain a secure, compliant network.
Read More »
Tags: compliance, Compliance Solution for PCI DSS 2.0, PCI Council Board of Advisors, pci-dss, security
In this article, you will be provided a thorough treatise on an in-house developed tool for parsing and validating CVRF documents aptly named “cvrfparse”. The article is split into two parts. The first part, intended for CVRF document producers and consumers, is a hands-on manual detailing how to use cvrfparse. The second part, intended for burgeoning Python programmers, explores some of the inner workings of the tool.
The CVRF parser or “cvrfparse” is a Python-based command line tool that offers simple parsing and validation of CVRF documents. Using it, you can quickly query a CVRF document for any of its contents. For example, let’s say one of your vendors releases a bundle of security advisories encoded in CVRF. There are a dozen individual CVRF documents each with multiple vulnerabilities across hundreds of products. Using cvrfparse, you can quickly ascertain which documents contain vulnerable products you might have installed in your infrastructure. We’ll see how, shortly.
Read More »
Tags: advisories, cvrf, security