Cisco Blogs


Cisco Blog > Security

Shellshock Exploits in the Wild

This post was authored by Joel Esler & Martin Lee.

The recently discovered Bash vulnerability (CVE-2014-6271) potentially allows attackers to execute code on vulnerable systems. We have already blogged about the issue and provided more technical detail in a further blog. The rapid release of IPS signatures for our platforms allowed us to follow very quickly, the attempts at exploitation of the vulnerability in the wild.

For further details of our response to the issue, please see the Event Response Page.
Read More »

Tags: , , , , , ,

Greater Dynamic Controls for Secure Access and Mobility

Businesses today are required to meet multiple challenges with respect to connecting users to applications.

First, it is no secret that the demands of employees and users are great–they expect access to enterprise resources and their work via more mediums than ever before–by personal laptops, tablets and smartphones, both at home and on the road. The Internet of Things (IoT) is the latest technology where we must now prepare for a world where everything is connected. From Wi-Fi-enabled sensors for treatment care to vending machines for restocking or even sensors linked to power controls.

In addition to meeting demands of workers and all of these connected devices, there are also security challenges associated with connecting these devices into business networks to balance productivity with keeping advanced security threats, insider misuse and data breaches at bay. Read More »

Tags: , , , ,

Looking Forward to Cisco’s Internal Security Conference: SecCon 2014

September 25, 2014 at 10:15 am PST

Cisco’s internal security conference (SecCon) is just around the corner and this year marks our seventh anniversary!

In previous years SecCon participants heard from a renowned privacy specialist, a Chief Security Officer from a large customer, a cyber security coordinator for two U.S. Presidents, and a self-described gentleman thief. This year we are delighted to welcome another lineup of top-notch industry-leading speakers, including:

  • Alex Stamos, Chief Information Security Officer (CISO), Yahoo
  • Dave Kennedy, Chief Executive Officer (CEO), TrustedSec
  • Mano Paul, CEO, SecuRisk Solutions
  • Josh Corman, Chief Technology Officer for Sonatype
  • Adam Shostack, Microsoft’s Trustworthy Computing Usable Security Team
  • James Wickett, DevOps and InfoSec expert from Signal Sciences Corp
  • John Stewart, CSO, Cisco

The security community and talent at Cisco is growing at a very fast pace. SecCon has brought together hundreds of engineers, live and virtually, from Cisco offices around the globe with one common goal: to share their knowledge and increase the overall security posture of Cisco products.

Read More »

Tags: ,

Another Major Vulnerability Bashes Systems

Vulnerabilities that permit remote network attacks against ubiquitous software components are the nightmares of security professionals. On 24 September the presence of a new vulnerability, CVE-2014-6271 in Bash shell allowing remote code execution was disclosed.
Read More »

Tags: , , , , , ,

Announcing the Cisco IOS Software Security Advisory Bundled Publication

Today, we released the final Cisco IOS Software Security Advisory Bundled Publication of 2014. Six years ago, Cisco committed to disclosing IOS vulnerabilities on a predictable schedule (on the fourth Wednesday of March and September each calendar year) in direct response to your feedback. We know this timeline allows your organization to plan and help ensure resources are available to analyze, test, and remediate vulnerabilities in your environments.

Today’s edition of the Cisco IOS Software Security Advisory Bundled Publication includes six advisories that affect the following technologies:

  • Resource Reservation Protocol (RSVP)
  • Metadata
  • Multicast Domain Name System (mDNS)
  • Session Initiation Protocol (SIP)
  • DHCP version 6 (DHCPv6)
  • Network Address Translation (NAT)

Read More »

Tags: , , , , , ,