Cisco Blogs


Cisco Blog > Security

Network World’s Top VPN Choice: Cisco ASA and AnyConnect

Network World recently completed a competitive review of the leading Virtual Private Networking (VPN) products and the Cisco® Adaptive Security Appliance (ASA) and AnyConnect™.  With a long history of providing market-leading remote access VPN capabilities and optimal usability, Cisco is honored to receive this recognition from Network World based on their hands-on product testing.  Read More »

Tags: , , , , ,

Cisco Sizzle – April Edition

Welcome to the Cisco Sizzle! Each month, we’re rounding up the best of the best from across our social media channels for your reading pleasure. From the most read blog posts to the top engaging content on Facebook or LinkedIn, catch up on things you might have missed, or on the articles you just want to see again, all in one place.

Let’s take a look back at the top content from April…

Are you prepared for the IoE Economy?
In this blog post, Cisco’s Chief Futurist Dave Evans and Joseph Bradley of Cisco’s Internet Business Solutions Group share two use cases for IoE – connected marketing and connected healthcare – with both a near-term and futuristic lens.

John Chambers Receives Honorary Doctorate
Cisco Chairman and CEO John Chambers received an honorary doctorate from San Jose State University at the honors convocation ceremony in April. His main message to the grads? Never stop learning.

Tomorrow Starts Here
What if the next big thing, isn’t big at all? It’s lots of things, all waking up. Explore how IoE will change the way we work, live, play and learn.

Innovation May Spark Economic Renewal
If we’ve learned anything from the last two decades, it’s that every time we think the Internet has exhausted its transformative potential, something highly disruptive comes along. Cisco CTO Padmasree Warrior talks IoE innovation and the $14.4 trillion value at stake that will spur research, new investments and new jobs.

A Typical Day
Explore how the Internet of Everything is sparking innovation and instigating meaningful actions to happen faster.

Is Your Site Safe From Attack?
Ars Technica editor Dan Godin compiled a list of Apache website compromises that have been impacting thousands of legitimate sites by allowing entrance to remote attackers. Until his research, no one had realized the magnitude of the situation and how widespread the attacks were. Check out the full insights, including potential solutions, in this blog post.

Three Networking Truths
There’s a clear consensus that one size does not fit all when it comes to deploying Software Defined Networking (SDN) solutions to different organizations. Time to dispel common networking misconceptions with three truths about the future of networking as Cisco sees it.

Check out the Cisco Storify feed for even more great content!Cisco_Sizzle_Final

Tags: , , , , , , , , , , , , , , , , , , , , , , , , ,

The Effects of #OpUSA

In the days leading up to #OpUSA, security professionals were busy making preparations for the supposed flood of new attacks coming on 7 May 2013. As we mentioned on 1 May 2013, publicly announced attacks of this nature can have highly volatile credibility. In some cases, the announcements exist only for the purpose of gaining notoriety. In other cases, they are enhanced by increased publicity. By 4 May 2013, speculation arose that #OpUSA was a trap; this likely caused some potential participants to rethink their plans to join. Posts similar to the one below were made on Twitter, Facebook, and YouTube.  Read More »

Tags: , , , , ,

Watering Hole Attacks an Attractive Alternative to Spear Phishing

“Watering Hole” attacks, as evidenced by the recent attack involving the U.S. Department of Labor, are becoming increasingly popular as alternatives to attacks such as Spear Phishing. In a “Watering Hole” attack, the attacker compromises a site likely to be visited by a particular target group, rather than attacking the target group directly. Eventually, someone from the targeted group visits the “trusted” site (A.K.A. the “Watering Hole”) and becomes compromised.

Cisco identified suspicious GET requests made to the www.sellagreement.com, a malicious site which was recently linked with the Department of Labor attack. According to the evidence we have, the sites www.kforce.com and www.sbc.net were among those compromised during this attack. The webpages that were serving malicious content from these sites were mostly job-search related, but several requests to www.sellagreement.com lacked a “Referrer:” HTTP header entirely. Read More »

Tags: , , , , ,

Department of Labor Watering Hole Attack Confirmed to be 0-Day with Possible Advanced Reconnaissance Capabilities

Update 2 5/9/2013:

Microsoft has released a “Microsoft fix it” as a temporary mitigation for this issue on systems which require IE8. At this time, multiple sites have been observed hosting pages which exploit this vulnerability. Users of IE8 who cannot update to IE9+ are urged to apply the Fix It immediately.

Update 5/6/2013:

An exploit for this bug is now publicly available within the metasploit framework. Users of the affected browser should consider updating to IE9+ or using a different browser until a patch is released. Given the nature of this vulnerability additional exploitation is likely.

At the end of April a Watering Hole–style attack was launched from a United States Department of Labor website. Many are theorizing that this attack may have been an attempt to use one compromised organization to target another. Visitors to specific pages hosting nuclear-related content at the Department of Labor website were also receiving malicious content loaded from the domain dol.ns01.us. Initially it appeared that this attack used CVE-2012-4792 to compromise vulnerable machines; however, Microsoft is now confirming that this is indeed a new issue. This issue is being designated CVE-2013-1347 and is reported to affect all versions of Internet Explorer 8.

Read More »

Tags: , , , , , , ,