This post is co-authored with Levi Gundert and Andrew Tsonchev.
Update 2014-03-21: For clarity, the old kernel is a common indicator on the compromised hosts. We are still investigating the vulnerability, and do not yet know what the initial vector is, only that the compromised hosts are similarly ‘old’.
Update 2014-03-22: This post’s focus relates to a malicious redirection campaign driven by unauthorized access to thousands of websites. The observation of affected hosts running Linux kernel 2.6 is anecdotal and in no way reflects a universal condition among all of the compromised websites. Accordingly, we have adjusted the title for clarity. We have not identified the initial exploit vector for the stage zero URIs. It was not our intention to conflate our anecdotal observations with the technical facts provided in the listed URIs or other demonstrable data, and the below strike through annotations reflect that. We also want to thank the community for the timely feedback.
All of the affected web servers that we have examined use the Linux 2.6 kernel. Many of the affected servers are using Linux kernel versions first released in 2007 or earlier. It is possible that attackers have identified a vulnerability on the platform and have been able to take advantage of the fact that these are older systems that may not be continuously patched by administrators.
Read More »
Tags: malware, TRAC
This post was also authored by Min-yi Shen and Martin Lee.
Security is all about probability. There is a certain probability that something bad will happen to your networks or your systems over the next 24 hours. Hoping that nothing bad will happen is unlikely to change that probability. Investing in security solutions will probably reduce the chance of something bad happening, but by how much? And where should resources be most profitably directed?
Cyber security is a complex environment with many unknowns and interdependencies. TRAC data scientists research this environment to try and understand how different variables affect security. Bayesian graph models are one of our most useful tools for understanding probabilities in security and to explore how the likelihood of outcomes can be changed. Read More »
Tags: probability, security, TRAC
It’s that time of year again—the Cisco IOS Software Security Advisory Bundled Publication will go live in seven days. As a reminder, the Cisco Product Security Incident Response Team (PSIRT) releases bundles of Cisco IOS Software Security Advisories on the fourth Wednesday of March and September each calendar year. As is the case with the vast majority of our advisories, vulnerabilities scheduled for disclosure in these upcoming Security Advisories will normally have a Common Vulnerability Scoring System (CVSS) Base Score from 7.0 to 10.0.
To ensure you’re prepared for the upcoming publication, consider:
- Creating a text file of all the Cisco IOS Software releases in your network
- Assembling a simple list of Cisco IOS Software technologies and features you use
- Noting your Cisco.com username and password
- Locating the username and password for your Cisco IOS routers and switches
- Ensuring network operation partners are prepared for the security advisory release
- Reviewing the benefits of OVAL and CVRF content
Read More »
Tags: cisco ios, ios bundle, psirt, security, vulnerability
Security concerns surrounding the Internet of Things (IoT) is a topic that’s beginning to gain quite a head of steam lately, and for good reason. But it’s also important to note that IoT can dramatically improve the overall security posture of your organization.
Read the full Beyond Security Concerns: IoT Also Provides Security Benefits! blog post to learn more.
Tags: Internet of Things (IoT), IoT, security
Security plays an important role in the success of mobility implementations worldwide. We assume security threats are always present; however, it’s not always apparent where threats may arise from. Being aware of these potential risk areas is crucial.
Since mobility solutions offer users the ability to use devices on a range of networks and in a wide array of places, threats may come in unsuspected ways, or be inadvertently introduced into your enterprises network. For example, one recent study reveals that 80 percent of corporate security professionals and IT leaders recognize that “end user carelessness” constitutes the biggest security threat to an organization.
In addition, information from the Cisco 2014 Annual Security Report sheds light on the persistent security attacks that enterprises face. From hackers to malicious malware, it’s clear that security threats arise from unsuspecting places.
Given this knowledge, business decision-makers must gain insight into where these breaches are occurring. They should also understand why it is important for them to care, and how they can be aided by technical decision-makers to solve these issues moving forward. In this post I’ll discuss the where, the why and the how of embracing a secure approach to enterprise mobility and what it means for business leaders.
Read More »
Tags: architecture, Cisco, future of mobility, infrastructure, mobile, mobile device, mobile security, mobile workspace, mobility, network, security, wi-fi, wifi, wireless