Avatar

Omar Santos

Distinguished Engineer

Cisco Product Security Incident Response Team (PSIRT) Security Research and Operations

Omar Santos is a Distinguished Engineer at Cisco focusing on artificial intelligence (AI) security, cybersecurity research, incident response, and vulnerability disclosure. He is a board member of the OASIS Open standards organization and the founder of OpenEoX. Omar's collaborative efforts extend to numerous organizations, including the Forum of Incident Response and Security Teams (FIRST) and the Industry Consortium for Advancement of Security on the Internet (ICASI). Omar is the co-chair of the FIRST PSIRT Special Interest Group (SIG). Omar is the lead of the DEF CON Red Team Village and the chair of the Common Security Advisory Framework (CSAF) technical committee. Omar is the author of over 25 books, 21 video courses, and over 50 academic research papers. Omar is a renowned expert in ethical hacking, vulnerability research, incident response, and AI security. He employs his deep understanding of these disciplines to help organizations stay ahead of emerging threats. His dedication to cybersecurity has made a significant impact on technology standards, businesses, academic institutions, government agencies, and other entities striving to improve their cybersecurity programs. Prior to Cisco, Omar served in the United States Marines focusing on the deployment, testing, and maintenance of Command, Control, Communications, Computer and Intelligence (C4I) systems.

Articles

October 31, 2016

SECURITY

The Evolution of Scoring Security Vulnerabilities: The Sequel

3 min read

Back in April, I wrote a blog post about the new version of the Common Vulnerability Scoring System (CVSS). The changes made for CVSSv3 addressed some of the challenges that existed in CVSSv2. For example, CVSSv3 analyzes the scope of a vulnerability and identifies the privileges an attacker needs to exploit it. The CVSSv3 enhancements […]

October 18, 2016

SECURITY

Evolving Security Disclosures : The New OASIS Common Security Advisory Framework (CSAF) Technical Committee

2 min read

During the last few years we have witnessed how the cyber security threat landscape has evolved. The emergence of the Internet of Things combined with recent events have profoundly changed how we protect our systems and people, and drive us to think about new approaches for vendors to disclose security vulnerabilities to customers and consumers. […]

August 17, 2016

SECURITY

The Shadow Brokers EPICBANANA and EXTRABACON Exploits

10 min read

UPDATE April 20, 2017 Cisco continues to evaluate potential implications of the activities and information posted publicly by the Shadow Brokers Group.  We launched an investigation to analyze the new files posted on April 14th, 2017, and so far have not found any new vulnerabilities or exploits that affect Cisco products and services. Cisco PSIRT will […]

April 28, 2016

SECURITY

The Evolution of Scoring Security Vulnerabilities

6 min read

The Common Vulnerability Scoring System (CVSS), which is used by many in the industry as a standard way to assess and score security vulnerabilities, is evolving to a new version known as CVSSv3. These changes addressed some of the challenges that existed in CVSSv2; CVSSv3 analyzes the scope of a vulnerability and identifies the privileges […]

December 14, 2015

SECURITY

Introducing the Cisco PSIRT openVuln API

1 min read

In October, we announced details about Cisco PSIRT’s new and improved security vulnerability disclosure format. Our Chief Security and Trust Officer, John Stewart, also revealed that Cisco will launch an application programming interface (API) that empowers customers to customize Cisco vulnerability information and publications. Today, we have officially launched the Cisco PSIRT openVuln API and it is available […]

October 5, 2015

SECURITY

Improvements to Cisco’s Security Vulnerability Disclosures

5 min read

Cisco is committed to protecting customers by sharing critical security-related information in different formats. Guided by customer feedback, Cisco’s Product Security Incident Response Team (PSIRT) is seeking ways to improve how we communicate information about Cisco product vulnerabilities to our Customers and Partners.  As John Stewart mentioned on his blog post, the Cisco PSIRT has launched a […]

September 20, 2015

SECURITY

SYNful Knock: Acting to protect Cisco customers

1 min read

The security of our customers is critical, and when needed, we pull out all stops to protect them. Cisco participates in a large ecosystem of partners, industry peers (yes, that includes competitors), and non-profits that provides insight and awareness into a multitude of security threats. We also have deep internal expertise. The Cisco Talos organization […]

September 17, 2015

SECURITY

SYNful Knock: Protect Your Credentials, Protect Your Network

1 min read

Interest in IT security has never been higher. So when a new type of attack comes along, it attracts the attention of our customers and others in the industry. Earlier this week Cisco and Mandiant/Fireye released information about the so-called SYNful Knock malware found on Cisco networking devices. You can read my earlier blog on […]

September 15, 2015

SECURITY

SYNful Knock: Detecting and Mitigating Cisco IOS Software Attacks

1 min read

Historically, threat actors have targeted network devices to create disruption through a denial of service (DoS) situation. While this remains the most common type of attack on network devices, we continue to see advances that focus on further compromising the victim’s infrastructure. Recently, the Cisco Product Security Incident Response Team (PSIRT) has alerted customers around […]

June 4, 2015

SECURITY

SHA512 Checksums for All Cisco Software

2 min read

Cisco continues to strengthen the security in and around its products, solutions, and services. This week Cisco began providing a Secure Hash Algorithm (SHA) 512 bits (SHA512) checksum to validate downloaded images on www.cisco.com. Cisco already provided a Message Digest 5 (MD5) checksum as the secured hash of the software but the newer SHA512 hash value is now […]

March 9, 2015

SECURITY

Mitigations Available for the DRAM Row Hammer Vulnerability

4 min read

This blog post was authored by Troy Fridley and Omar Santos of Cisco PSIRT. On Mar 9 2015, the Project Zero team at Google revealed findings from new research related to the known issue in the DDR3 Memory specification referred to as “Row Hammer”. Row Hammer is an industry-wide issue that has been discussed publicly […]

September 25, 2014

SECURITY

Looking Forward to Cisco’s Internal Security Conference: SecCon 2014

1 min read

Cisco’s internal security conference (SecCon) is just around the corner and this year marks our seventh anniversary! In previous years SecCon participants heard from a renowned privacy specialist, a Chief Security Officer from a large customer, a cyber security coordinator for two U.S. Presidents, and a self-described gentleman thief. This year we are delighted to […]

November 12, 2013

SECURITY

Security: Front and Center at Cisco Live Cancun 2013

4 min read

This year I was honored to be able to present and participate at Cisco Live Cancun, which took place last week. Many attendees from North, Central and South America and...

October 30, 2013

SECURITY

Your Device Is Wide Open on the Internet!

3 min read

Stop-think-connect is not only for kids. Everyone, including nerds like me and network and security professionals, should pay more attention before connecting any device to the Internet. Routers...

October 2, 2013

SECURITY

Using DNS RPZ to Block Malicious DNS Requests

3 min read

After delivering several presentations at Cisco Live and Cisco Connect this year, I received a few questions regarding DNS Response Policy Zones (RPZ) and how can they be used to block DNS resolution to known malicious hosts and sites. I decided to write this short post to explain what it is and provide several pointers. […]

August 6, 2013

SECURITY

BREACH, CRIME and Black Hat

3 min read

During the last three years, the security research community has been having a lot of fun with SSL/TLS uncovering a few nifty attacks. First, in 2011, Juliano Rizzo and Thai Duong released the details about the BEAST attack on Transport Layer Security (TLS) at the ekoparty Security Conference in Buenos Aires, Argentina. I wrote a […]

June 24, 2013

SECURITY

BYOD: Many Call It Bring Your Own Malware (BYOM)

4 min read

It is not new that people are referring to Bring Your Own Device (BYOD) as Bring Your Own Malware (BYOM). In 2012 alone, Android malware encounters grew 2,577 percent (for details, see Cisco’s Annual Security Report). Many organizations are struggling to keep up with the BYOD trend by allowing employees to bring their favorite gadgets […]

April 19, 2013

SECURITY

Security Automation Live Webcast!

1 min read

UPDATE: Webcast information is also now available at the Cisco Live 365 site Many network security administrators are struggling to keep their network “up-to-date” with the constant release of new vulnerabilities and software fixes. At the same time, they’re under pressure to provide near 100% availability of key business services and systems. Every time a […]

April 2, 2013

SECURITY

I Can’t Keep Up with All These Cisco Security Advisories: Do I Have to Upgrade?

11 min read

"A security advisory was just published! Should I hurry and upgrade all my Cisco devices now?" This is a question that I am being asked by customers on a regular basis. In fact, I am also asked why there are so many security vulnerability advisories. To start with the second question: Cisco is committed to protecting customers by sharing critical security-related information in a very transparent way. Even if security vulnerabilities are found internally, the Cisco Product Security Incident Response Team (PSIRT) – which is my team – investigates, drives to resolution, and discloses such vulnerabilities. To quickly answer the first question, don't panic, as you may not have to immediately upgrade your device. However, in this article I will discuss some of the guidelines and best practices for responding to Cisco security vulnerability reports.

March 29, 2013

SECURITY

March Madness May Equal to Malware Madness

4 min read

Are you excited about March Madness? Turn on a TV and it will be hard to avoid the games, the news, the commentaries, and the jokes about it. If you eavesdrop in any restaurant, bar, or office conversation, I can assure you that you will hear something about it. Even U.S. President Barack Obama filled out a March […]

January 22, 2013

SECURITY

Happy New Exploit Kits! (I mean Happy Belated New Year!)

4 min read

This article discusses the increasing prevalence of exploit kits and drive-by exploits being leveraged by cyber criminals to spread malware quickly and effectively. It also highlights the use of Cisco Cloud Web Security, particularly in conjunction with Cisco ASAs, to reduce the risk of your networks and users falling victim to these exploit kits.

January 15, 2013

SECURITY

Red October in January: The Cyber Espionage Era

6 min read

Researchers from Kaspersky Lab have released information about a large-scale cyber espionage campaign called Operation Red October (otherwise known as Rocra). The report has garnered the attention of multiple news agencies and generated many published articles since the Kaspersky report has claimed that attackers were targeting hundreds of diplomatic, governmental, and scientific organizations in numerous countries. These reports indicate that the command-and-control (C&C) infrastructure that is used on these attacks receives stolen information using more than 60 domain names to hide its identity. Furthermore, this information appears to be funneled into a second tier of proxy servers. These are very clever attacks that many are now claiming have been taking place for more than five years! Red October is being compared with other malware that has been associated with cyber espionage such as Duqu, Flame, and Gauss.

January 11, 2013

SECURITY

New Java Vulnerability Being Exploited in the Wild

2 min read

The new Oracle Java arbitrary code execution vulnerability  has not only hit many news wires and social media outlets, but many victims as well, and it has been incorporated into several exploit kits. This critical vulnerability, as documented in IntelliShield alert 27845, could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system with the […]

December 18, 2012

SECURITY

Let’s Hack Some Cisco Gear at SecCon!

4 min read

Here's the second in a series of posts discussing how Cisco SecCon 2012 (December 3-6) brought together hundreds of engineers, live and virtually, from Cisco offices around the globe with one common goal: to share their knowledge and learn best practices about how to increase the overall security posture of Cisco products.

November 26, 2012

SECURITY

The Day I Lost My Mobile with Sensitive Corporate Data

2 min read

It was a dark, cold, and scary night when I returned from dinner with friends and noticed that my mobile phone was missing. It had corporate sensitive data such as emails, calendar events, and documents, as well as personal data (including pictures, videos and other documents). Well, let me be honest with you, I didn’t […]

November 15, 2012

SECURITY

BYOD Presentations at Cisco Live Cancun 2012

4 min read

I just returned from Cancun after delivering a BYOD seminar, as part of Cisco Live Mexico 2012. Bring your own device (BYOD) was a hot topic at Cisco Live in Cancun. There were several in-depth presentations regarding the architecture, design, implementation, and troubleshooting of all the technologies related to BYOD. I had the pleasure and opportunity […]