security
Tools of the Trade: The Compressed Pcap Packet Indexing Program
15 min read
The Compressed Pcap Packet Indexing Program (cppip) is a tool to enable extremely fast extraction of packets from a compressed pcap file. This tool is intended for security and network folk who work with large pcap files. This article provides a complete discussion of the tool and is split into two parts.
Possible Exploit Vector for DarkLeech Compromises
1 min read
Often it is quite surprising how long old, well-known vulnerabilities continue to be exploited. Recently, a friend sent me an example of a malicious script used in an attempted attack against their server: The script attempted to exploit the Horde/IMP Plesk Webmail Exploit in vulnerable versions of the Plesk control panel. By injecting malicious PHP code in the username […]
CVRF: A Penny For Your Thoughts
1 min read
The Common Vulnerability Reporting Framework (CVRF) is a security automation standard intended to make your life easier by offering a common language to exchange traditional security and vulnerability bulletins, reports, and advisories. You can read more about it on the official ICASI CVRF 1.1 page, in my CVRF 1.1 Missing Manual blog series, or in […]
Security Automation Live Webcast!
1 min read
UPDATE: Webcast information is also now available at the Cisco Live 365 site Many network security administrators are struggling to keep their network “up-to-date” with the constant release of new vulnerabilities and software fixes. At the same time, they’re under pressure to provide near 100% availability of key business services and systems. Every time a […]
Yesterday Boston, Today Waco, Tomorrow Malware
1 min read
At 10:30 UTC one of the botnet spam campaigns we discussed yesterday took a shift to focus on the recent explosion in Texas. The miscreants responded to the tragic events in Texas almost immediately. The volume of the attack is similar to what we witnessed yesterday with the maximum volume peaking above 50% of all spam sent. We've seen 23 unique sites hosting the malware. This is an attempt to grow the botnet.
Embracing Security Related User Groups
2 min read
Security is a tough nut that can’t be cracked by one alone—neither technology nor research, neither corporations nor start-ups, and neither products nor processes. None of these alone can crack the security nut. The most important part of the problem and solution is people! Nothing beats the efforts of few passionate people collaborating for a cause.
Cisco Security Disclosure: Help Us Help You!
2 min read
The decision to deliver the biannual (on the fourth Wednesday of every March and September) Cisco IOS Software Security Advisory Bundled Publication brought with it many challenges, process changes, and—in the end—a format for Cisco Vulnerability Disclosure that we hope addresses at least some of your concerns. What we would like to get now is feedback from our customers on how the bundle delivery format has changed your lives (well, at least during working hours!), for better or for worse, when it comes to dealing with Cisco PSIRT security vulnerabilities identified in your Cisco IOS environment. The information you provide in this survey will help Cisco to continue to evolve our vulnerability disclosure process to address your challenges and concerns, just as we did back in 2008 when we listened to you and developed the Cisco IOS Software Security Advisory bundle process.
Tips and Tricks: Nmap is still relevant
6 min read
This post provides an overview of the Nmap scanning tool, specifically the improvements made to Nmap version 6.25, and covers three tips to help users unlock some of the benefits of Nmap 6.25: automating the scanner, identifying and discovering vulnerable services on your networkk, and good old-fashioned plain vanilla scanning.
Cisco ASA Family receives FIPS 140-2 Certification!
1 min read
The Global Certification Team is proud to announce the FIPS 140-2 crypto certification of the Cisco Adaptive Security Appliance (ASA) family. This certification covered the following models: Cisco ASA 5505, ASA 5510, ASA 5520, ASA 5540, ASA 5550, ASA 5580-20, ASA 5580-40, ASA 5585-X SSP-10, 5585-X SSP-20, 5585-X SSP-40 and 5585-X SSP-60 Security Appliances. The ASA’s were evaluated at […]
3