Cisco Blogs


Cisco Blog > Security > Threat Research

Microsoft Update Tuesday November 2014: Fixes for 3 0-day Vulnerabilities

This month Microsoft is releasing 14 security bulletins. Originally they had planned to release 16, but due to issues that emerged in late testing, two bulletins that were announced in the Advance Security Notification, MS14-068 and MS14-075, have been postponed. Of the 14 bulletins, four are considered critical, eight are important, while two are moderate. They cover a total of 33 CVEs.

Read More »

Tags: , , , , ,

New White Paper from Enterprise Strategy Group on the Evolution of and Need for Secure Network Access

Mention Network Access Control (NAC) to some security or network operations engineers, and they just might grimace.  Why?  Most people still associate NAC with a set of technologies that were complicated to deploy and implement effectively.

Today, however, those nightmare assumptions are far removed from the reality.  In this newly released white paper, Jon Oltsik, Senior Principal Analyst for the Enterprise Strategy Group, discusses how NAC is transforming into something more—a technology he calls Endpoint Visibility, Access, and Security or EVAS. Mr. Oltsik discusses how the NAC market has changed to reduce complexity in both deployment and usage. Through this advancement, this evolved technology has become an increasingly more critical component in securing enterprise networks.  In addition, Mr. Oltsik discusses how Cisco and the Cisco Identity Services Engine (ISE) are in the best position to meet IT security challenges in terms of what EVAS should be and how it helps.

Download the white paper on Cisco.com:
http://www.cisco.com/c/dam/en/us/products/collateral/security/cisco-evas-white-paper.pdf

Tags: , , , ,

Cisco Identity Services Engine (ISE) 1.3 and Cisco AnyConnect 4.0 Are Now Available!

Cisco customers, partners, and field have been eagerly awaiting the release of the latest version of the Identity Services Engine and the AnyConnect Secure Mobility Client. Well, the wait is now over! After another highly successful limited availability program, Cisco ISE 1.3 and Cisco AnyConnect 4.0 are now available for full orderability as of Friday, November 7, 2014.

With a focus on simplifying user experiences, the latest release of Cisco ISE accelerates enterprises’ capabilities to deploy secure network access easily in just hours. For administrators deploying Guest Access or Enterprise Mobility (a.k.a. “BYOD”) or for end-users onboarding their devices, these processes are now more streamlined than ever before. Expanding secure access across the entire network is also easy with Cisoc ISE by utilizing Cisco TrustSec to enable Software-Defined Segmentation (SDS) that creates contextual segmenation policies aligned with business usage. Flexible, tiered licensing allows customers to right-size their deployments for the features they need and want. Overall, secure access policy and control is centralized and simplified in order to securely and consistently deliver vital business services, enhance infrastructure security, enforce compliance, and streamline service operations. Read More »

Tags: , , , ,

The Future of Work is Mobile and Flexible

Cisco’s 2014 Future of Work survey results were published the other day and reveal many thought-provoking trends.

For example, did you know that the majority of today’s professionals would relinquish their television before they let you take away their smartphone? Or that given a choice between Internet access and sense of smell, an incredible 43% would hang on to the Internet. Now there’s the true meaning of a 6th sense.

These are just a couple of the provoking (and some may say disturbing) findings.

Read More »

Tags: , , , , , , ,

Talos Discovered Three More Vulnerabilities in Pidgin

This post was authored by Yves Younan and edited by Armin Pelkmann

Table of contents

CVE-2014-3697, VRT-2014-0205
CVE-2014-3696, VRT-2014-0204
CVE-2014-3695, VRT-2014-0203

Cisco Talos is announcing the discovery and patching of another three 3 CVE vulnerabilities in Pidgin (An open-source multi-platform instant messaging client -- see wikipedia page). These vulnerabilities were discovered by our team and reported to the Pidgin team. They were found during our initial look at Pidgin which resulted in the first 4 vulnerabilities released in January, but were reported to Pidgin a little later and took longer to get patched. Now that these vulnerabilities were patched in the latest version of Pidgin, 2.10.10, we want to publicly disclose our findings.

 

The first vulnerability (CVE-2014-3697, VRT-2014-0205) is in the routines Pidgin uses to handle smiley and theme packages in Windows. These packages can be downloaded from websites and installed by dragging and dropping them to Pidgin. The packages are TAR files and Pidgin handles them by un-tarring the files to a specific directory. Read More »

Tags: , , , , , ,