Heartbleed

August 21, 2014

SECURITY

Cisco 2014 Midyear Security Report: Brush Your Teeth, Change Your Passwords, Update Your Software

2 min read

Listening to the radio on the way to work recently, I heard that hackers had stolen some 1.2 billion usernames and passwords, affecting as many as 420,000 websites. When asked what listeners could do to protect themselves, the security expert speaking recommended changing passwords. He did not mention which ones. Indeed, the names of the […]

June 5, 2014

EDUCATION

#HigherEdThursdays – Cybersecurity for Higher Education: Is your network protected?

2 min read

Cybersecurity is a hot topic and a major concern for all organizations.  No one is immune, and indeed, higher education institutions can fall victim to large breaches as well.  In fact, according to PrivacyRights.org, below are a few examples from the last 6 months: Date Name Records Lost 22-Apr-14 Iowa State University 29,780 27-Mar-14 The […]

May 16, 2014

SECURITY

New Standards May Reduce Heartburn Caused by the Next Heartbleed

2 min read

Ed Paradise, Vice President of Engineering for Cisco’s Threat Response, Intelligence and Development Group Much has been made of the industry-wide Heartbleed vulnerability and its potential exploitation. Cisco was among the first companies to release a customer Security Advisory when the vulnerability became public, and is now one of many offering mitigation advice. Those dealing […]

May 14, 2014

SECURITY

Protect Yourself Against the Next Security Flaw in the Cloud—Understand Shadow IT

2 min read

Recently, a bug in Internet Explorer made it possible for hackers to take over a user’s computer causing government agencies to suggest using a different browser. The Heartbleed flaw opened the door for encrypted data to be intercepted. These latest challenges highlight one thing inherent to any application—whether on premise or in the cloud—it is […]

April 25, 2014

SECURITY

Cisco, Linux Foundation, and OpenSSL

1 min read

The recent OpenSSL Heartbleed vulnerability has shown that technology leaders must work together to secure the Internet’s critical infrastructure. That’s why Cisco is proud to be a founding supporter of the Linux Foundation initiative announced yesterday (April 24th). The initiative will fund open source projects that are critical to core computing and Internet functions, and […]

April 18, 2014

SECURITY

Cisco IPS Signature Coverage for OpenSSL Heartbleed Issue

2 min read

The Cisco IPS Signature Development team has released 4 signature updates in the past week. Each of the updates contains either modifications to existing signatures or additional signatures for detection of attacks related to the OpenSSL Heartbleed issue. I’m going to take a moment to summarize the signature coverage.

April 17, 2014

SECURITY

On Cisco.com password changes

1 min read

Last week I published a brief blog about the OpenSSL heartbeat extension vulnerability, also known as the Heartbleed bug. One commenter asked, “What about the Cisco.com website? Is it safe to change our passwords on the site?” We received a handful of similar questions from customers today, so I would like to offer our formal […]

April 11, 2014

SECURITY

Heartbleed: Transparency for our Customers

1 min read

We know that communicating quickly and openly about security vulnerabilities can result in a little extra public attention for Cisco. As a trustworthy vendor, this is something we’re happy to accept. It’s recently been said that there is only one thing being discussed by IT security people right now – the OpenSSL heartbeat extension vulnerability […]

April 9, 2014

SECURITY

OpenSSL Heartbleed vulnerability CVE-2014-0160 – Cisco products and mitigations

2 min read

*** UPDATED 15-April 2014  *** By now, almost everyone has heard of the OpenSSL Heartbleed vulnerability with CVE id CVE-2014-0160. The vulnerability has to do with the implementation of the TLS heartbeat extension (RFC6520) and could allow secret key or private information leakage in TLS encrypted communications. For more detailed information, visit the VRT’s analysis. […]