Cisco Blogs


Cisco Blog > Security

Introducing the Cisco PSIRT openVuln API

Cisco PSIRT openVuln APIIn October, we announced details about Cisco PSIRT’s new and improved security vulnerability disclosure format. Our Chief Security and Trust Officer, John Stewart, also revealed that Cisco will launch an application programming interface (API) that empowers customers to customize Cisco vulnerability information and publications. Today, we have officially launched the Cisco PSIRT openVuln API and it is available for immediate use.

The Cisco PSIRT openVuln API is a RESTful API that allows customers to obtain Cisco security vulnerability information in different machine-consumable formats. It supports industrywide security standards such as the Common Vulnerability Reporting Framework (CVRF)Open Vulnerability and Assessment Language (OVAL), Common Vulnerability and Exposure (CVE) identifiers, and the Common Vulnerability Scoring System (CVSS).

openVulnSupportedStandards

This API allows technical staff and programmers to build tools that help them do their job more effectively. In this case, it enables them to easily keep up with security vulnerability information specific to their network. That frees up more time for them to manage their network and deploy new capabilities in their infrastructure.

Read More »

Tags: , , , , , , ,

New Cisco Rapid Threat Containment Solution Detects and Automatically Contains Threats

Integration of Cisco FireSIGHT Management Center and Identity Services Engine (ISE) Now Available

As explained in our 2015 Cisco Midyear Security Report, attackers are using innovative tactics like exploit kits, ransomware, and advanced malware to evade detection. Organizations are using as many as 40 to 60+ disparate security solutions that typically don’t – and can’t – work together. These point solutions have limited impact against well-funded cybercriminals and typically generate vast numbers of alerts, many of which may not be relevant. On average, large organizations have to sift through nearly 17,000 alerts each week to find the 19 percent that are considered reliable, and security professionals only have time to investigate 4 percent of warnings.

It’s no wonder that, based on various reports, the current industry average for time to detection is 200 days. That’s far too long. The longer the threat goes undetected, the greater potential for damage. By the time a breach is discovered the damage has been done.

The new Cisco Rapid Threat Containment solution with Cisco FireSIGHT Management Center and Cisco ISE lets you get to the heart of what matters – providing deep network detection and automatic containment of critical threats so you can mitigate your security risk quickly and efficiently without overburdening your security team.

Read More »

Tags: , , ,

Threat Spotlight: Cryptowall 4 – The Evolution Continues

This post is authored by Andrea Allievi and Holger Unterbrink with contributions from Warren Mercer.

Executive Summary

Over the past year, Talos has devoted a significant amount of time to better understanding how ransomware operates, its relation to other malware, and its economic impact. This research has proven valuable for Talos and led the development of better detection methods within the products we support along with the disruption of adversarial operations. CryptoWall is one ransomware variant that has shown gradual evolution over the past year with CryptoWall 2 and Cryptowall 3. Despite global efforts to detect and disrupt the distribution of CryptoWall, adversaries have continued to innovate and evolve their craft, leading to the release of CryptoWall 4. In order to ensure we have the most effective detection possible, Talos reverse engineered CryptoWall 4 to better understand its execution, behavior, deltas from previous versions and share our research and findings with the community.  

For readers that may not be familiar, ransomware is malicious software that is designed to hold users’ files (such as photos, documents, and music) for ransom by encrypting their contents and demanding the user pay a fee to decrypt their files. Typically, users are exposed to ransomware via email phishing campaigns and exploit kits. The core functionality of CryptoWall 4 remains the same as it continues to encrypt users’ files and then presents a message demanding the user pay a ransom. However, Talos observed several new developments in CryptoWall 4 from previous versions. For example, several encryption algorithms used for holding users’ file for ransom have changed. Also, CryptoWall 4 includes a new technique to disable and delete all automatic Windows backup mechanisms, making it almost impossible to recover encrypted files without having an external backup. Finally, CryptoWall 4 has been observed using undocumented API calls not previously used to find the local language settings of the compromised host. These are just a few of the new findings Talos observed in the new iteration of CryptoWall that are detailed further in this post.

For our technically savvy users, we encourage you to continue reading. As always, we strongly encourage users and organizations to follow recommended security practices and to employ multiple layers of detection in order to reduce the risk of compromise. Our in-depth analysis of the latest CryptoWall version gives us a better opportunity to protect our users by allowing us to identify better detection methods. Finally, as a note regarding recent statements by the FBI informing users that they should just pay the ransom if they have no alternative, Talos strongly encourages users to not pay the ransom as doing so directly funds this malicious activity.

Read More >>

Securing that Holiday Shopping List with Cloud Web Security

With holiday shopping in full swing many of us are scrambling to buy that must-have toy, hot new gadget, or latest fashion trend. But shoppers aren’t the only ones striving to deliver just the right thing. There’s an entire supply chain working in lock-step to make sure the shelves are stocked with what you want, when you want it. A critical component of that supply chain is transportation management.

Transportation management company leader Transplace understands the challenges and is focused on putting systems in place that their customers can rely on to keep their goods safe and secure as they get to where they need to be when expected. Transplace also provides more than transportation management to its clients, offering intermodal, brokerage, international logistics services and software-as-a-service (SaaS) solutions. With all these great offerings, Transplace wants its customers to have complete peace of mind when it comes to their goods and the security of the goods and the systems they rely on.

Read More »

Tags: , , ,

Microsoft Patch Tuesday – December 2015

Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release sees a total of 12 bulletins released which address 71 vulnerabilities. Eight bulletins are rated “Critical” this month and address vulnerabilities in Graphics Component, Edge, Internet Explorer, Office, Silverlight, Uniscribe, and VBScript. The other four bulletins are rated “Important” and address vulnerabilities in Kernel Mode Drivers, Media Center, Windows, and Windows PGM.

Bulletins Rated Critical

MS15-124, MS15-125, MS15-126, MS15-127, MS15-128, MS15-129, MS15-130, and MS15-131 are rated as Critical.

MS15-124 and MS15-125 are this month’s Edge and Internet Explorer security bulletin respectively. In total, 34 vulnerabilities were addressed this month between the two browsers with 11 vulnerabilities affecting both Edge and IE. The vast majority of the vulnerabilities addressed this month are memory corruption vulnerabilities along with a couple ASLR and XSS filter bypasses. One special note with this bulletin is that CVE-2015-6135 and CVE-2015-6136 are VBScript engine flaws that affect all supported versions of Internet Explorer. However, this bulletin only addresses these vulnerabilities for IE 8 through 11. Users and organizations who use IE 7, or that do not have IE installed will need to install MS15-126 to address these two vulnerabilities.

Read More >>

Tags: , , ,