Year: 2016

February 9, 2016 1 Comment
Avatar

Microsoft Patch Tuesday – February 2016

Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release contains twelve bulletins addressing 37 vulnerabilities. Five bulletins are rated critical and address vulnerabilities in Internet Explorer, Edge, Windows Journal, Office and Windows PDF. The remaining seven bulletins are rated important and address vulnerabilities in the Network Policy Server (NPS), Active Directory, Windows, Remote Desktop Protocol, WebDAV, Kernel Mode Driver and the .NET Framework.

Bulletins Rated Critical

Microsoft bulletins MS16-009, MS16-011 through MS16-013, and MS16-015 are rated as critical in this month’s release.

MS16-009 and MS16-011 are this month’s Internet Explorer and Edge security bulletin respectively. In total, sixteen vulnerabilities were addressed with four vulnerabilities impacting both browsers. The vulnerabilities impacting both browsers include three critical memory corruption issues (CVE-2016-0060, CVE-2016-0061 and CVE-2016-0062) along with CVE-2016-0077 that addresses a critical spoofing vulnerability.

  • MS16-009 is the IE bulletin for IE versions 9 through 11. Three critical memory corruption issues specific to Internet Explorer are addressed (CVE-2016-0063, CVE-2016-0067 and CVE-2016-0072).
  • MS16-011 is the Edge bulletin. A critical memory corruption issues specific to Edge is addressed (CVE-2016-0084).

Read More >>

Authors

Avatar

Talos Group

Talos Security Intelligence & Research Group

1 Comment
Avatar

YOU Decide Who Speaks in Austin

OpenStack Austin

You know the drill. It’s one of the great things about the OpenStack Summit. Unlike most other conferences, where organizers single-handedly set the agenda based on what they think you want to hear, the OpenStack Summit agenda is based on what you actually want to hear.

Curious about containers? Intrigued by NFV? Wondering what’s next on the Neutron roadmap? Tell them with your votes. Go to the OpenStack Foundation page and choose the sessions that are most interesting to you. It’s easy, it’s fun, and there is no limit to how many sessions you can vote for.*

But here’s the catch: The Foundation received more than 1,200 talk submissions this time. 1,200!!!

Do you have time to read through them all?

Of course not.

Continue reading “YOU Decide Who Speaks in Austin”

Authors

Avatar

Ali Amagasu

Marketing Communications Manager

1 Comment
Avatar

#CiscoChampion Radio, S3|Ep. 5. The Wonderful World of Spark and APIs

#CiscoChampion Radio is a podcast series by Cisco Champions as technologists. Today we’re discussing The Wonderful World of Spark and APIs with Cisco Subject Matter Expert Jose de Castro. Jose joined Cisco as part of the Tropo acquisition where he was the CTO.

Cisco Champion 2016Get the Podcast

  • Listen to this episode
  • Download this episode (right-click on the episode’s download button)
  • View this episode in iTunes

Cisco Guest
Jose de Castro (@loopingrage), Cisco Spark Principal Engineer

Cisco Champion Hosts
Dennis Heim (@CollabSensei), Solution Architect
Stewart Goumans (@WirelessStew), Mobility Consultant
Sebastian Leuser (@sleuser), Systems Engineer

Moderator
Kim Austin (@ciscokima)

Continue reading “#CiscoChampion Radio, S3|Ep. 5. The Wonderful World of Spark and APIs”

Authors

Avatar

Brandon Prebynski

Leave a Comment
Avatar

Bedep Lurking in Angler’s Shadows

This post is authored by Nick Biasini.

In October 2015, Talos released our detailed investigation of the Angler Exploit Kit which outlined the infrastructure and monetary impact of an exploit kit campaign delivering ransomware. During the investigation we found that two thirds of Angler’s payloads were some variation of ransomware and noted one of the other major payloads was Bedep. Bedep is a malware downloader that is exclusive to Angler. This post will discuss the Bedep side of Angler and draw some pretty clear connections between Angler and Bedep.

Adversaries continue to evolve and have become increasingly good at hiding the connections to the nefarious activities in which they are involved. As security researchers we are always looking for the bread crumbs that can link these threats together to try and identify the connections and groups that operate. This is one of those instances were a couple of crumbs came together and formed some unexpected connections. By tying together a couple of registrant accounts, email addresses, and domain activity Talos was able to track down a group that has connections to threats on multiple fronts including: exploit kits, trojans, email worms, and click fraud. These activities all have monetary value, but are difficult to quantify unlike a ransomware payload with a specific cost to decrypt.

 

Read More >>

Authors

Avatar

Talos Group

Talos Security Intelligence & Research Group

3 Comments
Avatar

Voting for America’s Success: How the Next President Should Change U.S. Tech Policy

2016 is a big year for many reasons, but one of the biggest is that it is the year where we will elect the 45th President of the United States. Currently, there are many different candidates running on many different platforms, all with varying ideas of which policy issues are the most important. However, some of my peers and I thought that there was something missing from these policy conversations: technology.

Technology is expanding at a rapid pace, and government seems to be having trouble keeping up. Instead of just trying to prevent or shore up the potentially destabilizing effects technology can have on government and other traditional civic structures, government should be embracing and taking advantage of the global network. It can be used to keep U.S. leadership strong and support social, political, and economic advancement around the world. But how should government balance the positively transformative with the potentially negatively disruptive? How should it address the complex policy issues that arise due to the new social globalism technology has created?

To help them out, MeriTalk – a public-private partnership focusing on improving the outcomes of government IT – is releasing a paper with technology policy recommendations for the next president. The paper, “Tech Iconoclasts – Voting for America’s Success in a Network World,” was written by a group of former government CIOs and senior industry executives, including myself, who think that technology should be a bigger policy focus for the next president than it currently is. To help him or her out, we provided a roadmap of technology policies so that the next administration can harness technology to maintain America’s global advantage.

The report focuses on five specific areas, each of which contain multiple concrete policy recommendations. The five areas are:

  1. Advancing America’s Competitive Edge
  2. Rebuilding Trust in Government and Institutions
  3. Simplifying and Enhancing People’s Lives
  4. Reinventing Government Technology
  5. Evolving the Workforce

Whether it’s changing patent law to encourage innovation, using emerging technology to solve healthcare challenges like Alzheimer’s, investing in MOOCs to help the workforce learn new technological skills, or increasing security measures to ensure all Americans feel safe about their information online, there are numerous steps a leader can take to improve technology policy.

We wrote this report as an open letter so that all candidates understand the importance of these issues to the American public, and to start a dialogue on the need for increased focus on technology policy. We believe that our country’s technology policy must change in order to empower our government now and prepare us for success the future – I hope that this paper helps you believe that too.

I invite you to comment below and share what you believe is the most important technology policy recommendation for the next president. Also, join us for the launch of the paper on February 11 at 8am at the National Press Club to continue the discussion in person.

Authors

Avatar

Alan Balutis

Distinguished Fellow and Senior Director

North American Public Sector for Busiiness Solutions Group

1 Comment
Avatar

Expanding Your Network, Creating More Bandwidth

When you think about it, your network is a lot like the road to a small town on the cusp of an incredible population explosion. There’s a nice infrastructure supporting the small amount of people leaving and returning, and that’s all that’s needed. As more people find out about this wonderful place, the town grows and that two-lane highway can’t support the influx of new people making their lives there. Suddenly there are traffic snarls, roads are constantly in disrepair and trash is strewn everywhere.

dorai_blog_020916

The town grew too fast and it needed better, wider roads to allow traffic to flow freely.

Thanks to more devices, data-intensive apps (video and Voice Over Wi-Fi) and the Internet of Things, your network is going to witness a boom similar to that small town—and it’s going to be sooner than you think. Unlike that town that was blindsided by change, you can anticipate and proactively solve this growth problem right now.

For a full overview of the recent Cisco NPI Launch, click here.

Cisco Aironet 2800 and 3800 Series Access Points (APs) are the high-performance products that enlarge your bandwidth and eliminate data Continue reading “Expanding Your Network, Creating More Bandwidth”

Authors

Avatar

Greg Dorai

Senior Vice President & General Manager

Cisco Switching

3 Comments
Avatar

Slow and Steady Doesn’t Win This Digital Business Race

Image for BlogWhen I talk to network professionals, I routinely ask them about the one part of their job that keeps them up at night. The thing that consistently comes up is their network speed required for delivering a consistent reliable user experience: or specifically, the lack of it. They usually follow up this admission by saying that their network is not always slow, but the rate at which the business introduces new applications and new ways of leveraging technologies is definitely trending towards the network not being able to keep pace.

I know exactly what they’re talking about. Unfortunately, with the way things are trending, going with the idea of, “It has always worked, why change it?” is becoming less of a viable solution.

In the coming years, thanks to the accelerated pace of BYOD/CYOD and IoT adoption, this trend will be extremely important for IT to address. In fact, according to the Virtual Mobile Networking Index, wireless traffic will increase ten-fold by 2019. Not only will more devices be connecting to the network, but also they will access a lot more business critical applications requiring performance, reliability, and user experience than ever before.

Sorry network pros, but your legacy network’s performance and reliability are going to be scrutinized more than ever. Continue reading “Slow and Steady Doesn’t Win This Digital Business Race”

Authors

Avatar

Prashanth Shenoy

Vice President of Marketing

Enterprise Networking and Mobility

6 Comments
Avatar

Best vacation ever – thanks to Cisco Connected Recognition

Employee David Faik on the beach in Thailand

As I buried my toes in the sand on a beach in Thailand, I couldn’t help but say a silent “cheers” to Cisco, and my colleagues there, for making my vacation extra special.

“Why?” you ask?

It’s all due to Connected Recognition. It’s this great program at Cisco that allows your manager, your peers and anyone you work with at the company to recognize good work by giving an acknowledgement that also comes with a monetary reward. This “money” can purchase gift cards for a variety of different things.

When I joined Cisco, one thing that struck me was something that John Chambers, our then-CEO and now Chairman, said. He told us that at Cisco, it isn’t about working hard but about what you deliver. What has stayed constant through the rapid change that Cisco has undergone is that our “Cisco character” still permeates through our daily work lives.

As we’ve evolved with that character in place, things like our new “People Deal” emerge that highlights our core Cisco values and makes employees feel pretty great. By the by, our People Deal is an agreement about what we can expect from Cisco and what Cisco expects of us. This Connected Recognition program is just one part of that People Deal. The program’s DNA is timeless Cisco: recognizing and celebrating good results. The platform, tool and funding for this is, I must say, pretty cool.

For me, I got the awards from Procurement colleagues for collaborating with them on projects and from other departments when I helped them with business challenges. I saved up several rewards in Connected Recognition to help me fund a seven-day stay at Swissotel’s Kamala Beach resort in Thailand this past December.  The rewards meant that I stayed in a more upscale resort than I would have booked if I were paying for it on my own.

Of course, I was touting my awesome #LoveWhereYouWork experience on social media, and when my friends read my posts, they all started asking me how to get a job at Cisco!

I even made a video to wish them a great holiday!

What’s awesome about Connected Recognition is that there are so many different ways to spend your funds. I have co-workers who have redecorated their homes, bought furniture, gotten sports equipment, and since we’re all techies here, they’ve gotten more tech gear. It’s nice that you can either have “stuff” or experiences.

Mostly, I think it’s awesome to work at a company that values its people like this. I think Cisco hits the sweet spot in balance between results and caring about people. It’s one of many small and big things that make this a great company to work for.

#WeAreCisco, and I definitely #LoveWhereYouWork.

 

Authors

Avatar

David Faik

Procurement Manager

Global Procurement Services

4 Comments
Avatar

Simplifying Security Architectures with SAFE

Safe. The very sound of it resonates with security. It is with some irony that Cisco has decided to reuse the term. Why ironic? For one, there is the idea among security folk that in reality, nothing is entirely safe. Why would Cisco sell intrusion detection if no intruders can, well…intrude? For those of you who remember SAFE from the early days of Cisco, it might seem like a familiar friend that has grown up a bit. Cisco historians ask, “What does SAFE stand for?” In our underground tunnels that forge firewalls and FirePOWER, you might get responses such as “Security Architecture for Enterprise” or “Secure Architecture for Everything.” In truth, the meaning has been lost to the annals of time.

One thing that everyone can agree on is that security is growing more complex by the day. While attackers are developing more lucrative schemes and advanced threats, security professionals have been running faster and faster in a race to keep up. Most organizations have deployed security technologies across some combination of networks, endpoints, web and email gateways, virtual systems, mobile devices, and the cloud. But how do we know that we have all of the right capabilities at the right places across the extended network? This is where SAFE comes in.

SAFE simplifies security.

Continue reading “Simplifying Security Architectures with SAFE”

Authors

Avatar

Christian Janoff

Enterprise Architect, Compliance

Security Technology Group