Cisco Blogs


Cisco Blog > Security

Fiesta Exploit Pack is No Party for Drive-By Victims

This post was also authored by Andrew Tsonchev and Steven Poulson.

TRAC-tank-vertical_logo

Update 2014-05-26Thank you to Fox-IT for providing the Fiesta logo image. We updated the caption to accurately reflect image attribution.

Cisco’s Cloud Web Security (CWS) service provides TRAC researchers with a constant fire hose of malicious insight and now that we are collaborating with Sourcefire’s Vulnerability Research Team (VRT) we have additional capabilities to quickly isolate and prioritize specific web exploit activity for further analysis. Thus when we were recently alerted to an aggressive Fiesta exploit pack (EP) campaign targeting our customers, we quickly compared notes and found that in addition to the typical Java exploits, this EP was also using a Microsoft Silverlight exploit. In the Cisco 2014 Annual Security Report (ASR) we discuss how 2013 was a banner year for Java exploits, and while updating Java should remain a top priority, Silverlight is certainly worth patching as threat actors continue to search for new application exploits to leverage in drive-by attacks.

Fiesta Exploit Pack

Image provided courtesy of Fox-IT

Over the past 30 days this specific Fiesta campaign was blocked across more than 300 different companies. The attacker(s) used numerous dynamic DNS (DDNS) domains -- that resolved to six different IP addresses -- as exploit landing pages. The chart below depicts the distribution of hosts used in this attack across the most blocked DDNS base domains.

CWS Fiesta Blocks by Distinct Requests

Read More »

Tags: , , , , , , , , , , , , , , , , , , , , , , ,

CyberPatriot Program Showcases Future of Cybersecurity Workforce

DSC_0942_2March 14 – 15 marked the National Finals Competition of CyberPatriot, the largest high school cyber defense competition in the United States.

With students crowded around laptops, routers and clocks counting down, teams were given a business scenario. Told that they were newly hired IT professionals managing the network of a small company, they were given 12 virtual machines that they had to wipe of the most vulnerabilities in the shortest amount of time.

Taking place just outside of Washington, D.C., as the teams raced to defend their networks from attack, the event resembled a scene out of the show 24. And if it showed us anything, it’s that our future cybersecurity workforce is bright. Read More »

Tags: , , , , , ,

CUCM and Cisco Unity Connection listed on DoD UCAPL!

July 6, 2012 at 11:52 am PST

The Global Certification Team (GCT) is pleased to announce the DoD UCAPL approval of the Cisco Unified Communications Manager (CUCM)!  The CUCM was listed on Release (Rel) 8.6 as a Local Session Controller (LSC) with Tracking number (TN) 1108301.

As the core of the Cisco Collaboration portfolio infrastructure, Cisco Unified Communications Manager is a unified communications call control platform that can deliver the right experience to the right endpoint.  Find out more about CUCM at Cisco.com

The GCT is equally proud to announce the DoD UCAPL approval of the following Cisco Unity Connection (Unity) configurations:

  • Cisco Unity Connection Rel. 8.6.1.20002-1 TN 1109701 as a Customer Premise Equipment (CPE)
  • Cisco Unity Connection Rel. 8.6.1.20002-1 with PIMG Analog interface TN 1109802 as a CPE
  • Cisco Unity Connection Rel. 8.6.1.20002-1 with PIMG Digital interface TN 1109803 as a CPE
  • Cisco Unity Connection Rel. 8.6.1.20002-1 with TIMG interface TN 1109804 as a CPE

Cisco Unity® Connection is a feature-rich voice and unified messaging platform based on the same Linux Unified Communications Operating System as Cisco Unified Communications Manager. With Cisco Unity Connection, you can access and manage voice messages in a variety of ways, using your email inbox, web browser, Cisco Unified IP Phone, smartphones, Cisco Unified Personal Communicator, and more. Cisco Unity Connection also provides robust speech-recognition features for when you are mobile, so you can manage your voice messages hands- and eyes-free.  Learn more about Cisco Unity Connection on Cisco.com.

 

Tags: , , , , , , , , , , , , ,

Cisco Optical Network System (ONS) listed on UC APL!

May 29, 2012 at 10:56 am PST

The Global Certification Team (GCT) is proud to announce the following additions to the Unified Capabilities Approved Products List (UC APL):

    • Cisco ONS 15310-Customer Location (CL) Rel. 9.2.1 TN 1023001, as a Fixed Network Element (F-NE).
      • The Cisco ONS 15310-CL SONET Multiservice Platform is an economical, 1-rack unit (1RU)-high delivery platform optimized for use as the last network element—at the customer location (CL)—in a service provider’s network, or for use as an end node in enterprise or campus environments. The Cisco ONS 15310-CL takes advantage of the proven technology pioneered by the Cisco ONS 15454, the industry’s first and leading multiservice optical transport platform.
    • Cisco ONS 15310-Metro Access (MA) Rel. 9.2.1 TN 1023002, as a F-NE.
      • The Cisco ONS15310-MA is a carrier-class MSPP that efficiently switches Ethernet and TDM traffic for use in metropolitan and regional optical networks. With the flexibility and scalability that allow it to support DS1, DS3/EC1, OC-3 to OC-48 SONET, and Ethernet interfaces, the ONS 15310-MA is already a part of many North American service providers multiservice SONET and next-generation “triple play” and IPTV deployment strategies.
    • Cisco ONS 15454 Multiservice Provisioning Platform (MSPP) Rel. 9.2.1 TN 1023003, as a F-NE.
      • The Cisco ONS 15454 SONET Multiservice Provisioning Platform (MSPP) provides the functions of multiple network elements in a single platform. It supports common interfaces such as DS-1, DS-3, and EC-1 and data solutions including 10/100/1000 Mbps Ethernet solutions with OC-3 through OC-192 optical transport bit rates and integrated DWDM wavelengths.
    • Cisco ONS 15454 Multiservice Transport Platform (MSTP) Rel. 9.2.1 TN 10230047, as a F-NE.
      • The Cisco ONS 15454 Multiservice Transport Platform (MSTP) is the most deployed metropolitan-area (metro) and regional dense wavelength division multiplexing (DWDM) solution in the world featuring two- through eight-degree reconfigurable optical add/drop multiplexer (ROADM) technology that enables wavelength provisioning across entire networks and eliminates the need for optical-to-electrical-to-optical (OEO) transponder conversions. The ONS 15454 MSTP interconnects with Layer-2, Layer-3 and storage area network (SAN) devices at rates up to 40 Gbps. It delivers any service type to any network location and supports all DWDM topologies.

 

The approval document is posted on the UC APL site at the following URL: https://aplits.disa.mil/processAPList.do

 

Tags: , , , , , , , , , , , , ,

The Cisco 5940 Embedded Services Router (ESR) awarded Common Criteria Certification

December 15, 2011 at 2:15 pm PST

The Global Certification Team is pleased to announce thati  the 5940 Embedded Services Router (ESR) has been awarded Common Criteria certification.  The 5940 ESR is certified at EAL2+ against the Traffic Filter Firewall in Basic Robustness Environments v1.1.  The Cisco 5940 ESR validated for IOS Version: 15.1(2)GC1.

More information on the validation effort can be found at: http://www.niap-ccevs.org/cc-scheme/st/vid10429/

Read More »

Tags: , , , , , , , , , , ,