It’s only been a few days since we said goodbye to 2012 and we are already seeing what many predicted for 2013: an increase in the creation, enhancement, and usage of numerous exploit kits by cyber criminals. Cyber criminals don’t take long vacations in December. On the contrary, they “work hard” and make lots of money during the holiday season! These criminals are continuously improving their tools to keep up with us (the good guys) and continue enhancing their “money-making machines.” A real-life example is how cyber criminals were able to quickly incorporate the exploits of the recently found Java vulnerability that I described in a post a few days ago.
Exploit kits make it easy for these criminals because they can easily spread malicious software that exploits well-known and new vulnerabilities. New exploit kits are loaded with some of the most dangerous zero-day exploits and other features that allow criminals to increase their profits.
Read More »
Tags: ASA, cloud security, exploit kits, exploits, security, web security
Ask the Data Center Security Expert with Cisco’s Rajneesh Chopra
Rajneesh Chopra is the Director of Product Management and Marketing at Cisco for the enterprise firewall line of technologies and has more than 10 years of product management leadership experience in the networking and data center arena. He also has a very futuristic outlook and a great passion for solving big customer problems.
Rajneesh sees the confluence of mobility, power efficiency, and standardization as the key drivers for change in the next-generation data center and with implications for the way security will need to be addressed. These changes are particularly significant as they are being driven by end-users versus heavy marketing pushes, which can often artificially induce change. Rajneesh delves into each of these factors and the role they play in the next generation data center.
Read More »
Tags: data center security, end-to-end architecture, enterprise firewalls, secure mobility, SecureX
Researchers from Kaspersky Lab have released information about a large-scale cyber espionage campaign called Operation Red October (otherwise known as Rocra). The report has garnered the attention of multiple news agencies and generated many published articles since the Kaspersky report has claimed that attackers were targeting hundreds of diplomatic, governmental, and scientific organizations in numerous countries.
These reports indicate that the command-and-control (C&C) infrastructure that is used on these attacks receives stolen information using more than 60 domain names to hide its identity. Furthermore, this information appears to be funneled into a second tier of proxy servers. These are very clever attacks that many are now claiming have been taking place for more than five years! Red October is being compared with other malware that has been associated with cyber espionage such as Duqu, Flame, and Gauss.
Read More »
Tags: cisco red october, cyber espionage, cyber terrorism, espionage, red october, rocra, security
A phrase I’ve recently been hearing repeated is that “product features will come and go, but risk mitigation is continuous.” With that in mind, our Product Security Incident Response Team (PSIRT) is doing its part by seeking ways to improve how we transparently communicate information about Cisco product vulnerabilities to our Customers and Partners. Starting in January of 2013 we will be launching a new deliverable called the Cisco Security Notice.
The purpose of the Cisco Security Notice is to make it easier for Customers and Partners to access information about low to medium severity vulnerabilities in Cisco products. A Cisco Security Notice will be the primary disclosure document for all security defects that PSIRT scores with a Common Vulnerability Scoring System (CVSS) base score from 4.0 to 6.9 and will be posted to the PSIRT publication listing page. Each vulnerability disclosed through a Cisco Security Notice will be assigned a Common Vulnerability and Exposures (CVE) Identifier to aid in identification. Check out the sites for CVE, CVSS, and this CVSS scoring calculator if these terms are relatively new to you or you simply need a refresher. Read More »
Tags: Cisco PSIRT, Cisco Security, Cisco Security Notice, cisco sio, Cisco Vulnerability Policy, CVSS scoring
The new Oracle Java arbitrary code execution vulnerability has not only hit many news wires and social media outlets, but many victims as well, and it has been incorporated into several exploit kits. This critical vulnerability, as documented in IntelliShield alert 27845, could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system with the privileges of the user. If the user has administrator privileges, the attacker could completely “own” the system.
A fix is currently not available.
Update: Oracle released a software update (JDK7 update 11) that fixes this vulnerability. The update is available on their website. If you disabled Java in the Java Control Panel, you will need to manually re-enable it after installing the patch by using the check box in the Security tab of the Java Control Panel. Oracle’s security advisory and JDK7 update 11 release notes includes more information about the patch.
The exploit is now found in several exploit kits!
There are many reports that the vulnerability is being “exploited in the wild”. Not only is the exploit publicly available, but it has been incorporated into exploit kits such as Blackhole, Cool, and Nuclear Pack. Exploit kits make it easy for criminals to spread malicious software using exploits that take advantage of well-known and new vulnerabilities. New exploit kits are loaded with some of the most dangerous zero-day exploits (including this one) and other features, which allow criminals to increase their profits.
The impact to the public is huge! Java is used by millions of users around the world. It is used in Microsoft Windows, Apple’s Mac OS-X, and Linux systems, as well as many mobile devices. Read More »
Tags: cisco ips, java, java exploit, java security, java zero day