Cisco Blogs


Cisco Blog > Security > Threat Research

Microsoft Update Tuesday October 2014: Fixes for 4 0-day Vulnerabilities

This post was authored by Yves Younan

Microsoft Tuesday is here once again and this month they are releasing a total of eight bulletins. Three of which are rated as critical, while the remaining five are rated as important. There’s a total of 24 CVEs this month, 20 of which were privately disclosed to Microsoft and four which are either publicly known or under active attack, making them 0-day vulnerabilities. Of those four, two are being actively attacked, while two have been publicly disclosed but do not seem to be under attack for supported software. Of the 24 CVEs, 15 are categorized as allowing remote code execution, four as elevation of privilege and three as security feature bypasses.

Read More »

Tags: , , , , ,

Threat Spotlight: Group 72

This post is co-authored by Joel Esler, Martin Lee and Craig Williams

Everyone has certain characteristics that can be recognised. This may be a way of walking, an accent, a turn of phrase or a style of dressing. If you know what to look for you can easily spot a friend or acquaintance in a crowd by knowing what characteristics to look for. Exactly the same is true for threat actors.

Each threat actor group may have certain characteristics that they display during their attack campaigns. These may be the types of malware that they use, a pattern in the naming conventions of their command and control servers, their choice of victims etc. Collecting attack data allows an observer to spot the characteristics that define each group and identify specific threat actors from the crowd of malicious activity on the internet.

Talos security and intelligence research group collects attack data from our various telemetry systems to analyse, identify and monitor threat actors through their different tactics, techniques, and procedures. Rather than give names to the different identified groups, we assign numbers to the threat actors. We frequently blog about significant attack campaigns that we discover, behind the scenes we integrate our intelligence data directly into our products. As part of our research we keep track of certain threat actor groups and their activities. In conjunction with a number of other security companies, we are taking action to highlight and disrupt the activities of the threat actors identified by us as Group 72. Read More »

Tags: , , , , , ,

Gartner’s perspective on Cisco TrustSec

I am very pleased to be able to share some Gartner research on TrustSec.

While we’re continuing to make progress through broader product support, validation from auditors and implementation by other vendors, we believe that this research and Gartner’s perspective will provide you with a useful and informative viewpoint.

To read Gartner’s perspective on TrustSec please go to Cisco TrustSec Deployed Across Enterprise Campus Branch and Data Center Networks. We’d love to hear your feedback so please leave any comments below.

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Source: Gartner Research, G00245544, Phil Schacter, 12 February 2013, refreshed 1 October  2014

Tags: , ,

Evolution of the Nuclear Exploit Kit

This post is co-authored by Alex Chiu, Martin Lee, Emmanuel Tacheau, and Angel Villegas.

Exploit kits remain an efficient mechanism for cyber criminals to distribute malware. Such kits include exploits for multiple vulnerabilities within a single malicious webpage. Criminals can check operating systems, web browsers and browser plugins for anything that is not fully patched and launch an exploit specific to the out of date software. Using this technique criminals can maximise their chances of infecting visitors but reduce their exposure to only infect those who are vulnerable; presumably in order to remain inconspicuous.

Read More »

Security and the Internet of Everything

The theme of this year’s Cyber Security Awareness Month is “Our Shared Responsibility.” At Cisco, security is everyone’s responsibility – from our trustworthy development processes, to innovation enabling our customers and partners to address threats on end points, networks, and in the cloud. That is why Cisco is setting the industry standard for meeting the security needs demanded by the Internet of Everything (IoE).

Over the next six years, the number of devices connected to the Internet is going to reach 50 billion, creating some pretty unique opportunities and dilemmas as companies and industries are connecting people and devices to one another in ways we’ve never seen before, changing the way we work and live.

As the number of connected devices in the “Internet of Things” increases exponentially, organizations must keep security top of mind as the number and type of attack vectors increases alongside the quantity of data IoE creates. This shift is creating a daunting challenge for companies and those responsible to defend the infrastructure.

I recently did a video blog on the IoE from the security perspective. Take a look and let me know what you think in the comments.

Tags: , , , , ,