Cisco Blogs


Cisco Blog > Security

AMP Threat Grid Integrated with Email Security

We recently announced the release of AsyncOS 9.5 for Cisco Email Security that included the integration of AMP Threat Grid. Now if Threat Grid could talk it would sound a lot like Ron Burgundy and say “I’m not sure if you know this, but I’m kind of a big deal.” Email is consistently one of the top two threat vectors for malware because so many people out there still open an attachment that looks harmless from someone they don’t know. We all want to think we won a cruise, but that’s not how it works. It’s how malware establishes a foothold on your system. AMP Threat Grid is there to make sure this doesn’t happen.

Cisco acquired Threat Grid to not only bolster its suite of advanced threat solutions, but to also integrate the technology into its advanced malware protection (AMP) products. AMP Threat Grid goes far beyond traditional sandboxing, providing a host of analytical engines to evaluate potential malware. From static and dynamic analysis to various post-processing techniques, AMP Threat Grid evaluates malware to provide the most comprehensive report for even the most junior security analysts. This video provides a more comprehensive overview. Those familiar with Cisco’s Email Security know we already had a sandbox built in and may ask ‘Why change?’ and that’s exactly the question you want to ask. There are really three key reasons: Read More »

Tags: , , ,

Microsoft Patch Tuesday – July 2015

Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release sees a total of 14 bulletins being released which address 57 CVEs. Four of the bulletins are listed as Critical and address vulnerabilities in Windows Server Hyper-V, VBScript Scripting Engine, Remote Desktop Protocol (RDP) and Internet Explorer. The remaining ten bulletins are marked as Important and address vulnerabilities in SQL Server, Windows DCOM RPC, NETLOGON, Windows Graphic Component, Windows Kernel Mode Driver, Microsoft Office, Windows Installer, Windows, and OLE.

Read More »

Tags: , , , ,

Inside Cisco IT: Finding Secure Cloud Services

cspmoCisco uses a variety of external cloud services, in concert with our internal IT service offerings. These cloud services could be storing or working with internal confidential material, so before we select which services to use, the cloud service providers (CSPs) which furnish these capabilities must go through a risk assessment process. This is to ensure their environments comply with our internal Information Security (Infosec) requirements, align to our system architecture and meet overall business objectives.
Read More »

Tags: , , , , ,

Cisco Secure Ops demonstrated at Cisco Live 2015

As I mentioned in my last blog: “Cisco Live Hosts Enhanced Cisco Collaborative Operations Solution Demonstration“, Cisco Live excited many delegates this year, and one of the highlights was indeed the World of Solutions. I talked about how the industrial section of the ‘Cisco Campus’ not only showed off lots of new advances, but, for the first time, the small but important process industries (including Oil and Gas) booth opened up showing the services-based solutions Secure Ops and Collaborative Operations. Now let’s talk about Secure Ops.

In the video, I interview Cisco and Partner representatives to discuss the Secure Ops Solution from Cisco: What it is, what the business need is, and how Cisco is helping customers get better better business outcomes – especially when it comes to cybersecurity! Having the Secure Ops solution can increase availability of systems and critical infrastructure, reducing downtime in, for example, the oil and gas industry, or or any industry that relies on critical infrastructure such as process manufacturing, oil and gas, pharmaceuticals or other industrial automation environments.

Cisco Secure Ops delivers a standardized, comprehensive and integrated approach to security. It is supported by automation suppliers such as Yokogawa and Rockwell and technology providers such as McAfee and Symantec and provides a framework for a wide range of partners to participate. It’s currently installed at customers such as Royal Dutch Shell.

Rob Arlic of Cisco is joined by Galina Antova at Cisco Live. Rob talks about what Secure Ops is, how it helps provide not only cybersecurity protection, but also demonstrable regulation compliance. It therefore provide companies with higher availability and better Operational Excellence.

Galina talks about what’s new. Added capabilities include going deeper than just the IP network to gain more profound visibility into operations. Then gaining a view of what’s normal/abnormal in those other networks which can be assessed. Managing all that is key, and included.

Rob concludes by summing up: “It’s all about up-time and availability. If there are security vulnerabilities, (making sure) those are addressed proactively, proactively and preemptively”.

To learn more go to www.cisco.com/go/oilandgas.

And, as always, tell us what you think.

Tags: , , , , , , , , , , ,

Vulnerability Spotlight: Apple Quicktime Corrupt stbl Atom Remote Code Execution

This post was authored by Rich Johnson, William Largent, and Ryan Pentney. Earl Carter contributed to this post.

Cisco Talos, in conjunction with Apple’s security advisory issued on June 30th,  is disclosing the discovery of a remote code execution vulnerability within Apple Quicktime. This vulnerability was initially discovered by the Talos Vulnerability Research & Development Team and reported in accordance with responsible disclosure policies to Apple.

There is a remote code execution vulnerability in Apple Quicktime (TALOS-2015-0018/CVE-2015-3667). An attacker who can control the data inside an stbl atom in a .MOV file can cause an undersized allocation which can lead to an out-of-bounds read. An attacker can use this to create a use-after-free scenario that could lead to remote code execution.

There is a function within QuickTime (QuickTimeMPEG4!0x147f0) which is responsible for processing the data in an hdlr atom. There is a 16-byte memory region, allocated near the beginning of the function, if the hdlr subtype field in an mdia atom is set to ‘vide’, this reference is passed to a set of two functions.

apple-qt-stbl-0

Read More »

Tags: , , , , , , ,