Cisco Blogs


Cisco Blog > Security

Department of Labor Watering Hole Attack Confirmed to be 0-Day with Possible Advanced Reconnaissance Capabilities

Update 2 5/9/2013:

Microsoft has released a “Microsoft fix it” as a temporary mitigation for this issue on systems which require IE8. At this time, multiple sites have been observed hosting pages which exploit this vulnerability. Users of IE8 who cannot update to IE9+ are urged to apply the Fix It immediately.

Update 5/6/2013:

An exploit for this bug is now publicly available within the metasploit framework. Users of the affected browser should consider updating to IE9+ or using a different browser until a patch is released. Given the nature of this vulnerability additional exploitation is likely.

At the end of April a Watering Hole–style attack was launched from a United States Department of Labor website. Many are theorizing that this attack may have been an attempt to use one compromised organization to target another. Visitors to specific pages hosting nuclear-related content at the Department of Labor website were also receiving malicious content loaded from the domain dol.ns01.us. Initially it appeared that this attack used CVE-2012-4792 to compromise vulnerable machines; however, Microsoft is now confirming that this is indeed a new issue. This issue is being designated CVE-2013-1347 and is reported to affect all versions of Internet Explorer 8.

Read More »

Tags: , , , , , , ,

CVRF: A Penny For Your Thoughts

The Common Vulnerability Reporting Framework (CVRF) is a security automation standard intended to make your life easier by offering a common language to exchange traditional security and vulnerability bulletins, reports, and advisories. You can read more about it on the official ICASI CVRF 1.1 page, in my CVRF 1.1 Missing Manual blog series, or in the cvrfparse instructional blog. CVRF 1.1 has been available to the public for almost a year and we would like to know how its helped and how we can improve it. Please take a moment to take the poll and please feel free to share it with any interested parties. Comments are encouraged and welcomed. The more feedback we get, the more we can improve CVRF.

Read More »

Tags: , , , , , , ,

Accelerating Real World Cybersecurity Solutions Through Private-Public Partnerships

I had the pleasure of attending the inaugural signing of National Cybersecurity Excellence Partnership agreements yesterday. Key stakeholders in attendance included National Security Agency Director, General Keith Alexander, Senator Barbara Mikulski, Dr. Pat Gallagher of the National Institute of Standards and Technology (NIST), Maryland Governor Martin O’Malley, and several members of the Cisco team.

Established in 2012 through a partnership between NIST, the State of Maryland, and Montgomery County, the National Cybersecurity Center of Excellence (NCCoE) was conceived to advance innovation through the rapid identification, integration, and adoption of practical cybersecurity solutions. NCCoE collaborates with industry leaders through its National Cybersecurity Excellence Partnership (NCEP) initiative to develop real-world cybersecurity capabilities.

As a NCEP member and key collaborator, Cisco is dedicated to furthering the mission of securing cyberspace for all. As part of this ongoing commitment, Cisco has launched the Threat Response, Intelligence and Development organization, focusing key resources around cyber security, threat mitigation and network defense for our customers. Read a blog from our CSO John Stewart about this new organization and its charter here. Read More »

Tags: , , , ,

I Can’t Keep Up with All These Cisco Security Advisories: Do I Have to Upgrade?

“A security advisory was just published! Should I hurry and upgrade all my Cisco devices now?”

This is a question that I am being asked by customers on a regular basis. In fact, I am also asked why there are so many security vulnerability advisories. To start with the second question: Cisco is committed to protecting customers by sharing critical security-related information in a very transparent way. Even if security vulnerabilities are found internally, the Cisco Product Security Incident Response Team (PSIRT) – which is my team – investigates, drives to resolution, and discloses such vulnerabilities. To quickly answer the first question, don’t panic, as you may not have to immediately upgrade your device. However, in this article I will discuss some of the guidelines and best practices for responding to Cisco security vulnerability reports.

Read More »

Tags: , , , , , , , , , , , ,

CyberPatriot Program Showcases Future of Cybersecurity Workforce

DSC_0942_2March 14 – 15 marked the National Finals Competition of CyberPatriot, the largest high school cyber defense competition in the United States.

With students crowded around laptops, routers and clocks counting down, teams were given a business scenario. Told that they were newly hired IT professionals managing the network of a small company, they were given 12 virtual machines that they had to wipe of the most vulnerabilities in the shortest amount of time.

Taking place just outside of Washington, D.C., as the teams raced to defend their networks from attack, the event resembled a scene out of the show 24. And if it showed us anything, it’s that our future cybersecurity workforce is bright. Read More »

Tags: , , , , , ,