Cisco Blogs


Cisco Blog > Security

A Bundle is Born

Today, we released the first Cisco IOS Software Security Advisory Bundled Publication of 2014. Six years ago, Cisco committed to disclosing IOS vulnerabilities on a predictable schedule (on the fourth Wednesday of March and September each calendar year) in direct response to your feedback. We know this timeline allows your organization to plan ahead and ensure resources are available to analyze, test, and remediate vulnerabilities in your environments.

Today’s edition of the Cisco IOS Software Security Advisory Bundled Publication includes six advisories that affect the following technologies:

  • Session Initiation Protocol
  • Network Address Translation
  • Internet Key Exchange Version 2
  • IPv6
  • SSL VPN
  • Cisco 7600 RSP720 with 10GE Uplinks

Read More »

Tags: , , , ,

Beware: Insider Threats Getting Worse

December 18, 2013 at 5:00 am PST

Most recently ESG/Vormetric came out with a threat report that highlighted the increase in insider threats & the significance to augment perimeter and host-based security. The rationale behind the increase was that more people are accessing the network, increase cloud and network traffic are making it difficult to isolate the problem.

Almost 50% of the organizations believe they are vulnerable to insider attacks and have or plan to invest dollars.

This is alarming!

The top methods noted for these insider threat vulnerabilities were abuse of access by privileged users, contractors, and other employees. Security professionals are finding it quite difficult to monitor the users, traffic, ports, etc to identify and mitigate insider threats. They must glean this information from multiple sources and many times need to translate the data. For example, “whose IP address is this and why is Mary from finance, who is supposed to be on vacation, downloading data from the payroll server?” This process slows the resolution time. The criticality of this type of contextual information is enormous to remediate quickly.

Security needs to be pervasive and consistent to manage these inside threats—so how does one do this? Integrate security into your infrastructure (wireless, wired, VPN)! Once security is woven into your infrastructure it provides the visibility and clarity to respond in a timely manner with a high degree of efficacy and is not dependent on distinct and isolated ingress points.

Read More »

Tags: , , , , , , ,

It’s Back – It’s Cisco IOS Software Security Advisory Bundle Time Again

Today, we released the final Cisco IOS Software Security Advisory Bundled Publication of 2013. We committed to these predictable disclosures back in 2008 because your feedback was clear—they allow you to plan ahead and ensure resources are available to analyze, test, and remediate vulnerabilities in your environments. (For more information on the history of this evolution, take a look at my colleague John Stuppi’s post this past March.) If you haven’t had the opportunity to review my earlier posts on preparing for bundled disclosures or leveraging the Cisco IOS Software Checker tool, I’d encourage you to do so now. Hopefully, the guidance will help lessen the impact of evaluating the recently published Cisco Security Advisories. Read More »

Tags: , , , ,

Summary of Microsoft Security Bulletin for August 2013

That’s right folks, today is Patch Tuesday and Microsoft has published its monthly security bulletin for August 2013. The bulletins address a total of 23 vulnerabilities in Microsoft Windows, Microsoft Internet Explorer, and Microsoft Exchange. These vulnerabilities could allow an attacker to execute arbitrary code, cause a denial of service condition, or gain elevated privileges.

The bulk of the August updates correct several vulnerabilities in Internet Explorer. Although little technical information is available currently, it’s likely that attackers may develop future exploits based on the vulnerabilities.

Multiple vulnerabilities correct vulnerabilities in Microsoft Windows. A few of the vulnerabilities involve improper processing of ICMP network packets and could allow for attacks that cause affected systems to stop responding to additional network traffic. Although service failures are a concern for production systems, an exploit would allow no system access. Read More »

Tags: , , , , ,

Oracle Java Zero Day Vulnerabilities Risks and Mitigations Part 2

In the previous Part 1 post, I discussed the initial response, risk, and mitigations for the recently-disclosed zero day Oracle Java vulnerabilities that attackers have used in attacks against vulnerable end-user systems. Since then, Oracle has released software updates that correct the original flaw documented in IntelliShield alert 26751, as well as for additional vulnerabilities, as documented in IntelliShield alert 26831.

Attacks leveraging the Java vulnerabilities have increased, with reports indicating that tens of thousands of systems have been compromised. The malicious software toolkit BlackHole, documented in IntelliShield alert 25108, has incorporated the previously-reported Metasploit exploit and can be used to build exploits for use in attacks. Observed exploits have installed the Poison Ivy remote access trojan, and other malicious software may also be downloaded and installed using Poison Ivy, once installed on a vulnerable system.

Read More »

Tags: , , , ,