Cisco Blogs


Cisco Blog > Security

Summary: Extended By Popular Demand: The Cisco IoT Security Grand Challenge

June 16, 2014 at 8:49 am PST

Since its announcement at the RSA 2014 conference, the security community has been actively involved in the Cisco IoT Security Grand Challenge. The response has been so great that we’ve decided to extend the deadline by two more weeks -- so you now have until July 1st, 2014 to make your submission! Visit www.CiscoSecurityGrandChallenge.com for full details about the challenge and prepare your response. Good luck!

Read the full blog for more information.

Tags: , , , , , , , , , , ,

A Collection of Cryptographic Vulnerabilities.

TRAC logo
The rustic origins of the English language are evident in the words left to us by our agricultural ancestors. Many words developed to distinguish groups of different animals, presumably to indicate their relevant importance. A ‘flock’ of sheep was more valuable than a single sheep, a ‘pack’ of wolves posed more danger than a single wolf. With respect to security vulnerabilities, we have yet to develop such collective nouns to indicate what is important, and to indicate that which poses danger.

The world of Transport Layer Security has been rattled once again with the identification of a “swarm” of vulnerabilities in OpenSSL and GnuTLS. A total of seven new vulnerabilities ranging from a potential man in the middle attack, allowing an attacker to eavesdrop on an encrypted conversation, to vulnerabilities that could be used to allow attackers to remotely exploit code on a client have been identified in the popular open source libraries.
Read More »

Tags: , , , , , , , ,

RIG Exploit Kit Strikes Oil

This post was co-authored by Levi Gundert with contributions from Emmanuel Tacheau and Joel Esler.

In the last month we have observed high levels of traffic consistent with the new “RIG” exploit kit (EK), as identified by Kahu Security. This new EK reportedly began being advertised on criminal forums in April, which coincides with when we first began blocking this traffic on April 24th. Whilst the release of a new EK is not uncommon, RIG’s appearance is significant in three ways. First, because of the sheer amount of traffic we are seeing -- we have so far blocked requests to over 90 domains for more than 17% of our Cloud Web Security (CWS) customers. Second, because we have seen it being used to distribute “Cryptowall”, the latest ransomware to follow in the success of the now infamous “Cryptolocker”. And third, because it continues the trend of an increased reliance upon Silverlight in EKs which we have previously written about for both the Fiesta and Angler kits. Like these other kits, we have seen RIG using malvertising to perform a drive-by attack on visitors to high profile, legitimate websites. This accounts for the high amount of traffic we have seen in the last month. Read More »

Tags: , , , , ,

Three Steps to Secure Cloud Enablement

I’ve been pretty forthcoming in sharing my belief that the security industry in general continues to struggle to transition from old ways to new, and that in today’s day and age we have to adapt quickly. The rise of mobile computing and communications (users, data, services) combined with increasing volumes of cloud services data traffic (from, to, and via) intersecting with the hacking community’s ever-increasing capabilities, all have made me more than a bit on edge.

I recently participated in an on-line webinar, teaming up with a cloud services provider and a cloud security solutions vendor. It would be indiscreet for me to name the companies in this blog or signal any kind of Cisco “endorsement,” but speaking personally, they are on the right track in a number of ways.

Read More »

Tags: , , , , ,

Dimension Data Series #4- The Opportunities and Risk of Secure Mobility from the Top Down

Mobile security is a top concern for IT and business leaders. This blog series with Dimension Data explores how organizational leaders can work together to mitigate concern and implement clearly defined policies and mobility goals. This blog will address the opportunities and risk of secure mobility from the top down. The first blog in this series discussing how concerns outweigh actions when it comes to mobility security can be found here. The second blog in this series highlighting how IT and business leaders can work together to develop secure mobility policies can be found here. The third blog in this series discussing how to close the gap between vision and real-world implementation can be found here.

Throughout this blog series, we’ve discussed several key aspects of implementing secure mobility policies and programs to ensure organizations can reap the benefits of mobility now and in the future. It’s clear that mobility is a top priority for IT and business leaders and most have a clear vision of the role mobility can and will play in their organization. Overall, they see both the risks and the rewards.

That said, responses gathered in the recent Dimension Data Secure Mobility Global Survey point to a gap between that overall vision and the likely real-world outcomes organizations will face – given that a number of crucial initial steps can ultimately save time, reduce costs, and, most importantly, ensure appropriate security controls are in place.

In this post, I’ll highlight the real opportunities and risk regarding mobility and security – and how business leaders can address the disparity between vision and actual deployment now and for years to come.

Understanding the Opportunity and the Real Risk

The threat to an organization’s proprietary information is certainly foremost in the minds of IT and security leaders. Interestingly, 71% of respondents of the recent Dimension Data survey indicated that their business leaders view employee utilization of personal mobile devices as potentially dangerous, costly and not business critical.

IT concerns about secure enterprise mobility risk are many. These include the introduction of malware into the environment from largely unmanaged devices or devices that organizations have little to no control over and the data leakage challenges by allowing users to have various parts of data outside of the network. In addition, many IT leaders ask:

  • “How are we actually going to deploy mobility security?”
  • “How are we going to support the users?”
  • “Will our IT help desk be able to meet the around-the-clock requests that today’s users demand?”

Read More »

Tags: , , ,