As recently as 2013, vulnerabilities involving Java appeared to be a favored tool of adversaries: Java was easy to exploit and, and exploits involving the programming language were difficult to detect. However, as reported in the Cisco 2015 Annual Security Report, Java is losing its front-runner position as a favored tool of bad actors looking to breach network security.
The decline in Java’s high profile as an attack vector in 2014 was recorded by Cisco Security Research. Only one of the top 10 most commonly exploited vulnerabilities in 2014 was related to Java (see chart below). In 2013, Cisco tracked 54 urgent new Java vulnerabilities; in 2014, the number of tracked vulnerabilities fell to just 19. We saw a corresponding decline in reports from the National Vulnerability Database (NVD), which includes all reported vulnerabilities: from 309 Java vulnerabilities in 2013, down to 253 in 2014.
Read More »
Tags: 2015 annual security report, attack vector, java, JRE, security, vulnerability
For security strategies to succeed, security needs a seat at the table. In my work as an investigations manager for Cisco, I’ve seen first-hand how much more passion and enthusiasm enterprise leaders will put into security efforts when there is support all the way to the top of the organization.
The Cisco Security Capabilities Benchmark Study, as detailed in the Cisco 2015 Annual Security Report, shows that when there is executive-level responsibility for security, organizations are in a better position to tackle security challenges. As part of the survey, Cisco asked chief information security (CISO) and security operations managers about their views on security readiness. The good news, from my standpoint, is that 91 percent of the security professionals surveyed said their organization has an executive with direct responsibility for security – usually a CISO or CSO. It’s an encouraging finding, because security leaders help define and enforce policies.
Read More »
Tags: 2015 annual security report, CISO, CSO, day-to-day security, Security Capabilities, security challenges
If you read the recently released Cisco Annual Security Report, you will have learned how spammers have adopted a “Snowshoe” strategy, using a large number of IP addresses with a low message volume per IP address, to send spam, preventing some spam systems from sinking the spam. This yielded a 250 percent increase in spam from January 2014 to November 2014. Or, perhaps the fact that malicious actors are using malvertising (malicious advertising) from web browser add-ons as a medium for distributing malware and unwanted applications caught your eye in the report. In order to protect against these types of emerging threats, Cisco showcases its continued thought leadership in email security to offer even greater protection and control across the attack continuum, while also providing additional flexibility for centralized management. Read More »
Tags: 2015 annual security report, AMP, Cisco Advanced Malware Protection, email, email security, esa, ESAV, malvertising, phishing, SMA, Snowshoe, WSAV
This post was authored by Nick Biasini, Earl Carter, Alex Chiu and Jaeson Schultz
On Tuesday January 27, 2015, security researchers from Qualys published information concerning a 0-day vulnerability in the GNU C library. The vulnerability, known as “GHOST” (a.k.a. CVE-2015-0235), is a buffer overflow in the __nss_hostname_digits_dots() function. As a proof-of-concept, Qualys has detailed a remote exploit for the Exim mail server that bypasses all existing protections, and results in arbitrary command execution. Qualys intends to release the exploit as a Metasploit module.
CVE-2015-0235 affects the functions gethostbyname() and gethostbyname2() –functions originally used to resolve a hostname to an IP address. However, these functions have been deprecated for approximately fifteen years, largely because of their lack of support for IPv6. The superseding function is getaddrinfo() which does support IPv6 and is not affected by this buffer overflow. Programs that still utilize the deprecated gethostbyname() and gethostbyname2() functions may potentially be affected by GHOST.
Read More »
Tags: Talos, threat, vulnerability
As the Cisco 2015 Annual Security Report shows, current security approaches aren’t sufficient. Attackers are shifting methods and becoming more sophisticated in their approaches, users are unwittingly complicit enablers, and defenders struggle to keep up with all of these things. It is time for defenders to take a different approach to security that not only outwits attackers but also makes security a competitive advantage that enables business growth.
By taking a threat-centric and operational approach to security, organizations can reduce complexity and fragmentation, while providing superior visibility, continuous control, and advanced threat protection across the extended network and the entire attack continuum.
Using Cisco technology, this approach is enabled by broad visibility for superior intelligence across the extended network, where all the solutions a customer deploys communicate with each other. Organizations using siloed solutions will have holes in their security. Siloed solutions do not provide full protection since they do not communicate with one another, thus leaving security gaps and the inability to create actionable intelligence.
Cisco can provide a holistic solution to this problem by reducing the attack surface and extending protection across the network – before, during and after attacks.
Read More »
Tags: 2015 annual security report, Big Data, byod, Identity Services Engine, ISE, Managed Threat Defense, security