Security

Prev / Page 186

September 14, 2017

SECURITY

Get Ready, Get Certified: Early Adoption of CBPR Makes Doing Business with Asia Easier

2 min read

While the EU General Data Protection Regulation (GDPR) enforcement deadline is less than a year away and it’s “all systems go” to get ready, privacy – like all other fundamental human rights – is not just a European issue. The specific rules and requirements might differ between jurisdictions, but the principles of protecting and respecting […]

September 14, 2017

SECURITY

Vulnerability Spotlight: YAML Parsing Remote Code Execution Vulnerabilities in Ansible Vault and Tablib.

1 min read

Talos is disclosing the presences of remote code execution vulnerabilities in the processing of Yet Another Markup Language (YAML) content in Ansible Vault and Tablib. Attackers can exploit these vulnerabilities through supplying malicious YAML content to execute arbitrary commands on vulnerable systems. YAML is a data serialisation markup format which is designed to be readable […]

September 13, 2017

SECURITY

When Walls Come Down: Working Together to Protect IoT Devices

3 min read

When you begin remodeling an older home you realize that some walls are there for good reasons. Others block our modern, open-floor-plan lifestyles and can come down. Years ago, factories and utilities separated their Information Technology (IT) and Operations Technology (OT) teams. The thinking was that such walls helped ensure reliability and uptime so that […]

September 13, 2017

SECURITY

Vulnerability Spotlight: LibOFX Tag Parsing Code Execution Vulnerability

1 min read

This vulnerability was discovered by Cory Duplantis of Talos Update 9/20/2017: A patch is now available to fix this issue. Overview LibOFX is an open source implementation of OFX (Open Financial Exchange) an open format used by financial institutions to share financial data with clients. As an implementation of a complex standard, this library is […]

September 12, 2017

SECURITY

Microsoft Patch Tuesday – September 2017

1 min read

Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month’s advisory release addresses 81 new vulnerabilities with 27 of them rated critical, 52 rated important, and 2 rated moderate. These vulnerabilities impact Edge, Hyper-V, Internet Explorer, Office, Remote Desktop Protocol, Sharepoint, Windows Graphic […]

September 11, 2017

SECURITY

Vulnerability Spotlight: TALOS-2017-0430/0431: Multiple Vulnerabilities in FreeXL Library

1 min read

Talos has discovered two remote code execution vulnerabilities in the the FreeXL library. FreeXL is an open source C library to extract valid data from within an Excel (.xls) spreadsheet. Exploiting these vulnerabilities can potentially allow an attacker to execute arbitrary code on the victim’s machine. If an attacker builds a specially crafted XLS (Excel) […]

September 7, 2017

SECURITY

Another Apache Struts Vulnerability Under Active Exploitation

1 min read

This post authored by Nick Biasini with contributions from Alex Chiu. Earlier this week, a critical vulnerability in Apache Struts was publically disclosed in a security advisory. This new vulnerability, identified as CVE-2017-9805, manifests due to the way the REST plugin uses XStreamHandler with an instance of XStream for deserialization without any type filtering. As […]

September 6, 2017

SECURITY

Vulnerability Spotlight: Content Security Policy bypass in Microsoft Edge, Google Chrome and Apple Safari

1 min read

The vulnerabilities were discovered by Nicolai Grødum of Cisco. Today, Talos is releasing details of vulnerabilities discovered in Microsoft Edge browser as well as older versions of Google Chrome (CVE-2017-5033) and browsers based on the Webkit such as Apple Safari (CVE-2017-2419). An attacker may be able to exploit the vulnerabilities and bypass the Content Security […]

September 5, 2017

SECURITY

Graftor – But I Never Asked for This…

1 min read

Overview Free software often downloaded from large freeware distribution sites is a boon for the internet, providing users with functionality that otherwise they would not be able to use. Often users, happy that they are getting something free, fail to pay attention to the hints in the licence agreement that they are receiving additional software […]

Cisco Cybersecurity Viewpoints

Where security insights and innovation meet. Read the e-book, see the video, dive into the infographic and more...

Why Cisco Security?

Explore our Products & Services