Today, we released the final Cisco IOS Software Security Advisory Bundled Publication of 2013. We committed to these predictable disclosures back in 2008 because your feedback was clear—they allow you to plan ahead and ensure resources are available to analyze, test, and remediate vulnerabilities in your environments. (For more information on the history of this evolution, take a look at my colleague John Stuppi’s post this past March.) If you haven’t had the opportunity to review my earlier posts on preparing for bundled disclosures or leveraging the Cisco IOS Software Checker tool, I’d encourage you to do so now. Hopefully, the guidance will help lessen the impact of evaluating the recently published Cisco Security Advisories. Read More »
Cisco’s Advanced Services has been performing penetration tests for our customers since the acquisition of the Wheel Group in 1998. We call them Security Posture Assessments, or SPA for short, and I’ve been pen testing for just about as long. I’ll let you in on a little secret about penetration testing: it gets messy!
During our typical assessments we may analyze anywhere between 2,000 and 10,000 hosts for vulnerabilities, perform various exploitation methods such as account enumeration and password attempts, buffer/stack overflows, administrative bypasses, and others. We then have to collect and document our results within the one or two weeks we are on site and prepare a report.
How can anyone keep track of all this data, let alone work together as a team? Are you sure you really found the holy grail of customer data and adequately documented it? What if you’re writing the report but you weren’t the one who did the exploit? Read More »
Miscreants are always trying to put new twists on age-old schemes. However, I must admit that this latest twist has me slightly puzzled. Today, Cisco TRAC encountered a piece of stock related spam touting Apple’s stock, AAPL.
It’s that time of year again—consider this post your friendly T-7 notice to start preparing for the final Cisco IOS Software Security Advisory Bundled Publication of 2013! As a reminder, the Cisco Product Security Incident Response Team (PSIRT) releases bundles of Cisco IOS Software Security Advisories on the fourth Wednesday of March and September each calendar year. As is the case with the vast majority of our advisories, vulnerabilities scheduled for disclosure in these upcoming Security Advisories will normally have a Common Vulnerability Scoring System (CVSS) Base Score from 7.0 to 10.0. Cisco security publications that disclose vulnerabilities scoring lower than 7.0 are described in our Cisco Security Vulnerability Policy. Read More »
Beginning in early May, Cisco TRAC has observed a number of malicious redirects that appear to be part of a watering-hole style attack targeting the Energy & Oil sector. The structure consists of several compromised domains, of which some play the role of redirector and others the role of malware host.
Observed watering-hole style domains containing the malicious iframe have included:
- An oil and gas exploration firm with operations in Africa, Morocco, and Brazil;
- A company that owns multiple hydro electric plants throughout the Czech Republic and Bulgaria;
- A natural gas power station in the UK;
- A gas distributor located in France;
- An industrial supplier to the energy, nuclear and aerospace industries;
- Various investment and capital firms that specialize in the energy sector.
Encounters with the iframe-injected web pages resulted from either direct browsing to the compromised sites or via seemingly legitimate and innocuous searches. This is consistent with the premise of a watering-hole style attack that deliberately compromises websites likely to draw the intended targets, versus spear phishing or other means to entice the intended targets through illicit means.