In the days leading up to #OpUSA, security professionals were busy making preparations for the supposed flood of new attacks coming on 7 May 2013. As we mentioned on 1 May 2013, publicly announced attacks of this nature can have highly volatile credibility. In some cases, the announcements exist only for the purpose of gaining notoriety. In other cases, they are enhanced by increased publicity. By 4 May 2013, speculation arose that #OpUSA was a trap; this likely caused some potential participants to rethink their plans to join. Posts similar to the one below were made on Twitter, Facebook, and YouTube. Read More »
Department of Labor Watering Hole Attack Confirmed to be 0-Day with Possible Advanced Reconnaissance Capabilities
Update 2 5/9/2013:
Microsoft has released a “Microsoft fix it” as a temporary mitigation for this issue on systems which require IE8. At this time, multiple sites have been observed hosting pages which exploit this vulnerability. Users of IE8 who cannot update to IE9+ are urged to apply the Fix It immediately.
An exploit for this bug is now publicly available within the metasploit framework. Users of the affected browser should consider updating to IE9+ or using a different browser until a patch is released. Given the nature of this vulnerability additional exploitation is likely.
At the end of April a Watering Hole–style attack was launched from a United States Department of Labor website. Many are theorizing that this attack may have been an attempt to use one compromised organization to target another. Visitors to specific pages hosting nuclear-related content at the Department of Labor website were also receiving malicious content loaded from the domain dol.ns01.us. Initially it appeared that this attack used CVE-2012-4792 to compromise vulnerable machines; however, Microsoft is now confirming that this is indeed a new issue. This issue is being designated CVE-2013-1347 and is reported to affect all versions of Internet Explorer 8.
The Common Vulnerability Reporting Framework (CVRF) is a security automation standard intended to make your life easier by offering a common language to exchange traditional security and vulnerability bulletins, reports, and advisories. You can read more about it on the official ICASI CVRF 1.1 page, in my CVRF 1.1 Missing Manual blog series, or in the cvrfparse instructional blog. CVRF 1.1 has been available to the public for almost a year and we would like to know how its helped and how we can improve it. Please take a moment to take the poll and please feel free to share it with any interested parties. Comments are encouraged and welcomed. The more feedback we get, the more we can improve CVRF.
I had the pleasure of attending the inaugural signing of National Cybersecurity Excellence Partnership agreements yesterday. Key stakeholders in attendance included National Security Agency Director, General Keith Alexander, Senator Barbara Mikulski, Dr. Pat Gallagher of the National Institute of Standards and Technology (NIST), Maryland Governor Martin O’Malley, and several members of the Cisco team.
Established in 2012 through a partnership between NIST, the State of Maryland, and Montgomery County, the National Cybersecurity Center of Excellence (NCCoE) was conceived to advance innovation through the rapid identification, integration, and adoption of practical cybersecurity solutions. NCCoE collaborates with industry leaders through its National Cybersecurity Excellence Partnership (NCEP) initiative to develop real-world cybersecurity capabilities.
As a NCEP member and key collaborator, Cisco is dedicated to furthering the mission of securing cyberspace for all. As part of this ongoing commitment, Cisco has launched the Threat Response, Intelligence and Development organization, focusing key resources around cyber security, threat mitigation and network defense for our customers. Read a blog from our CSO John Stewart about this new organization and its charter here. Read More »
“A security advisory was just published! Should I hurry and upgrade all my Cisco devices now?”
This is a question that I am being asked by customers on a regular basis. In fact, I am also asked why there are so many security vulnerability advisories. To start with the second question: Cisco is committed to protecting customers by sharing critical security-related information in a very transparent way. Even if security vulnerabilities are found internally, the Cisco Product Security Incident Response Team (PSIRT) – which is my team – investigates, drives to resolution, and discloses such vulnerabilities. To quickly answer the first question, don’t panic, as you may not have to immediately upgrade your device. However, in this article I will discuss some of the guidelines and best practices for responding to Cisco security vulnerability reports.