Cisco Security Intelligence Operations is tracking reports of ongoing exploitation of a vulnerability in the popular web application framework Ruby on Rails that creates a Linux-based botnet. The vulnerability dates back to January 2013 and affects Ruby on Rails versions prior to 3.2.11, 3.1.10, 3.0.19, and 2.3.15. Cisco Security Intelligence Operations’ has previously published an analysis of CVE-2013-0156. Cisco is receiving reports of attempted infection from Cisco IPS customers participating in Global Correlation.
On April 10, 2013, a collective of politically motivated hacktivists announced a round of planned attacks called #OPUSA. These attacks, slated to begin May 7, 2013, are to be launched against U.S.-based targets. #OPUSA is a follow-up to #OPISRAEL, which were a series of attacks carried out on April 7 against Israeli-based targets. Our goal here is to summarize and inform readers of resources, recommendations, network mitigations, and best practices that are available to prevent, mitigate, respond to, or dilute the effectiveness of these attacks. This blog was a collaborative effort between myself, Kevin Timm, Joseph Karpenko, Panos Kampanakis, and the Cisco TRAC team.
If the attackers follow the same patterns as previously witnessed during the #OPISRAEL attacks, then targets can expect a mixture of attacks. Major components of previous attacks consisted of denial of service attacks and web application exploits, ranging from advanced ad-hoc attempts to simple website defacements. In the past, attackers used such tools as LOIC, HOIC, and Slowloris.
Publicly announced attacks of this nature can have highly volatile credibility. In some cases, the announcements exist only for the purpose of gaining notoriety. In other cases, they are enhanced by increased publicity. Given the lack of specific details about participation or capabilities, the exact severity of the attack can’t be known until it (possibly) happens. Read More »
Tags: advisories, ASA, botnet, botnets, Cisco Security, Cloud Computing, cloud security, data center security, DDoS, exploits, firewall, incident response, IPS, IPS signatures, malware, mitigations, security, targeted attacks, TRAC, vulnerability
With the industry’s drive toward personal and wearable devices, soon people will be walking around with smart glasses, watches, phones, and even shoes. Not to mention they’ll be driving networked cars.
In the future, the task of securing your personal network will become increasingly difficult, which creates a new frontier to the threat landscape, one that is certainly personal. How are people expected to secure all these devices in their everyday personal network? How will we be protected while walking around a crowded shopping mall, admiring koalas at the zoo, or boogieing down in a busy nightclub? Who will combat this emerging threat?
We were excited to read the Infonetics Data Center Security Strategies and Vendor Leadership: North American Enterprise Survey, which was released yesterday. It revealed Cisco’s continued leadership in a market that spans a multitude of vendors – application/database, client, data center integration and network. The report indicates that leaders need to offer the right mix of products across the data center security and cloud arenas as well as demonstrate security efficacy and integration into adjacent markets. Cisco has continued to execute on a unified security portfolio spanning firewalls, Intrusion Prevention System (IPS), gateways, and integrated threat intelligence further complemented by strategic partnerships. Seamless integration and shared security intelligence with routing and switching (Nexus and Catalyst) and converged infrastructure (Cisco UCS) enables our customers to benefit from optimized traffic links, the highest levels of security resilience, increased availability and scalability as well as lower costs of ownership. Per the report, “to say you’re the leader in the data center/cloud security is to say you are an innovator who can tackle the biggest problems in IT security for the biggest and most demanding customers.”
We’d like to highlight two areas that Cisco has continued to demonstrate an outright lead over other vendors. In the area of perception as the top data center security supplier, Cisco leads with 47 percent of votes compared to IBM with 38 percent and McAfee with 28 percent, who ranked second and third. Cisco scored between 40 to 60 percent of respondents’ votes (covering 10 criteria) for being the leading data center security supplier with McAfee scoring 15 points below Cisco, HP received around 20 percent of votes, and Juniper and Trend with 15 percent. Read More »
A few months ago we published a technical white paper explaining how we measure the performance of Cisco IPS sensors. The idea was to give Cisco IPS customers insight into the work that goes into producing the performance numbers that are recorded in a data sheet, with the ultimate goal of helping customers deploy the correct IPS appliance for their environment. We have now followed up the performance work with a paper describing how we test the effectiveness of our IPS product line.