Omar Santos

3 min read

UPDATE: March 17, 2017 Based on the “Vault 7” public disclosure, Cisco launched an investigation into the products that could potentially be impacted by these and similar exploits and vulnerabilities. As part of the internal investigation of our own products and the publicly available information, Cisco security researchers found a vulnerability in the Cluster Management […]

3 min read

The Cisco PSIRT openVuln API is a RESTful API that allows customers to obtain Cisco security vulnerability information in different machine-consumable formats. It supports industrywide security standards such as the Common Vulnerability Reporting Framework (CVRF), Open Vulnerability and Assessment Language (OVAL), Common Vulnerability and Exposure (CVE) identifiers, Common Weakness Enumeration (CWE), and the Common Vulnerability Scoring System (CVSS). This API […]

1 min read

The Cisco Product Security Incident Response Team (PSIRT) is now scoring all security advisories addressing security vulnerabilities that affect Cisco products and multivendor vulnerability alerts using the Common Vulnerability Scoring System version 3 (CVSSv3). The stakeholders at the Forum of Incident Response and Security Teams (FIRST) have done a great job in this new version […]

1 min read

Recent cyber attacks on organizations around the world have demonstrated the need for consistency in managing security vulnerabilities. To answer that demand, the Industry Consortium for the Advancement of Security on the Internet (ICASI) and the Forum of Incident Response and Security Teams (FIRST) created the FIRST Vulnerability Coordination Special Interest Group (SIG). This is […]

3 min read

Back in April, I wrote a blog post about the new version of the Common Vulnerability Scoring System (CVSS). The changes made for CVSSv3 addressed some of the challenges that existed in CVSSv2. For example, CVSSv3 analyzes the scope of a vulnerability and identifies the privileges an attacker needs to exploit it. The CVSSv3 enhancements […]

2 min read

During the last few years we have witnessed how the cyber security threat landscape has evolved. The emergence of the Internet of Things combined with recent events have profoundly changed how we protect our systems and people, and drive us to think about new approaches for vendors to disclose security vulnerabilities to customers and consumers. […]

10 min read

UPDATE April 20, 2017 Cisco continues to evaluate potential implications of the activities and information posted publicly by the Shadow Brokers Group.  We launched an investigation to analyze the new files posted on April 14th, 2017, and so far have not found any new vulnerabilities or exploits that affect Cisco products and services. Cisco PSIRT will […]

6 min read

The Common Vulnerability Scoring System (CVSS), which is used by many in the industry as a standard way to assess and score security vulnerabilities, is evolving to a new version known as CVSSv3. These changes addressed some of the challenges that existed in CVSSv2; CVSSv3 analyzes the scope of a vulnerability and identifies the privileges […]

1 min read

In October, we announced details about Cisco PSIRT’s new and improved security vulnerability disclosure format. Our Chief Security and Trust Officer, John Stewart, also revealed that Cisco will launch an application programming interface (API) that empowers customers to customize Cisco vulnerability information and publications. Today, we have officially launched the Cisco PSIRT openVuln API and it is available […]

5 min read

Cisco is committed to protecting customers by sharing critical security-related information in different formats. Guided by customer feedback, Cisco’s Product Security Incident Response Team (PSIRT) is seeking ways to improve how we communicate information about Cisco product vulnerabilities to our Customers and Partners.  As John Stewart mentioned on his blog post, the Cisco PSIRT has launched a […]

1 min read

The security of our customers is critical, and when needed, we pull out all stops to protect them. Cisco participates in a large ecosystem of partners, industry peers (yes, that includes competitors), and non-profits that provides insight and awareness into a multitude of security threats. We also have deep internal expertise. The Cisco Talos organization […]

1 min read

Interest in IT security has never been higher. So when a new type of attack comes along, it attracts the attention of our customers and others in the industry. Earlier this week Cisco and Mandiant/Fireye released information about the so-called SYNful Knock malware found on Cisco networking devices. You can read my earlier blog on […]

1 min read

Historically, threat actors have targeted network devices to create disruption through a denial of service (DoS) situation. While this remains the most common type of attack on network devices, we continue to see advances that focus on further compromising the victim’s infrastructure. Recently, the Cisco Product Security Incident Response Team (PSIRT) has alerted customers around […]

2 min read

Cisco continues to strengthen the security in and around its products, solutions, and services. This week Cisco began providing a Secure Hash Algorithm (SHA) 512 bits (SHA512) checksum to validate downloaded images on www.cisco.com. Cisco already provided a Message Digest 5 (MD5) checksum as the secured hash of the software but the newer SHA512 hash value is now […]

4 min read

This blog post was authored by Troy Fridley and Omar Santos of Cisco PSIRT. On Mar 9 2015, the Project Zero team at Google revealed findings from new research related to the known issue in the DDR3 Memory specification referred to as “Row Hammer”. Row Hammer is an industry-wide issue that has been discussed publicly […]

1 min read

Cisco’s internal security conference (SecCon) is just around the corner and this year marks our seventh anniversary! In previous years SecCon participants heard from a renowned privacy specialist, a Chief Security Officer from a large customer, a cyber security coordinator for two U.S. Presidents, and a self-described gentleman thief. This year we are delighted to […]

4 min read

This year I was honored to be able to present and participate at Cisco Live Cancun, which took place last week. Many attendees from North, Central and South America and...

3 min read

Stop-think-connect is not only for kids. Everyone, including nerds like me and network and security professionals, should pay more attention before connecting any device to the Internet. Routers...

3 min read

After delivering several presentations at Cisco Live and Cisco Connect this year, I received a few questions regarding DNS Response Policy Zones (RPZ) and how can they be used to block DNS resolution to known malicious hosts and sites. I decided to write this short post to explain what it is and provide several pointers. […]

3 min read

During the last three years, the security research community has been having a lot of fun with SSL/TLS uncovering a few nifty attacks. First, in 2011, Juliano Rizzo and Thai Duong released the details about the BEAST attack on Transport Layer Security (TLS) at the ekoparty Security Conference in Buenos Aires, Argentina. I wrote a […]

4 min read

It is not new that people are referring to Bring Your Own Device (BYOD) as Bring Your Own Malware (BYOM). In 2012 alone, Android malware encounters grew 2,577 percent (for details, see Cisco’s Annual Security Report). Many organizations are struggling to keep up with the BYOD trend by allowing employees to bring their favorite gadgets […]

1 min read

UPDATE: Webcast information is also now available at the Cisco Live 365 site Many network security administrators are struggling to keep their network “up-to-date” with the constant release of new vulnerabilities and software fixes. At the same time, they’re under pressure to provide near 100% availability of key business services and systems. Every time a […]

11 min read

"A security advisory was just published! Should I hurry and upgrade all my Cisco devices now?" This is a question that I am being asked by customers on a regular basis. In fact, I am also asked why there are so many security vulnerability advisories. To start with the second question: Cisco is committed to protecting customers by sharing critical security-related information in a very transparent way. Even if security vulnerabilities are found internally, the Cisco Product Security Incident Response Team (PSIRT) – which is my team – investigates, drives to resolution, and discloses such vulnerabilities. To quickly answer the first question, don't panic, as you may not have to immediately upgrade your device. However, in this article I will discuss some of the guidelines and best practices for responding to Cisco security vulnerability reports.

4 min read

Are you excited about March Madness? Turn on a TV and it will be hard to avoid the games, the news, the commentaries, and the jokes about it. If you eavesdrop in any restaurant, bar, or office conversation, I can assure you that you will hear something about it. Even U.S. President Barack Obama filled out a March […]

4 min read

This article discusses the increasing prevalence of exploit kits and drive-by exploits being leveraged by cyber criminals to spread malware quickly and effectively. It also highlights the use of Cisco Cloud Web Security, particularly in conjunction with Cisco ASAs, to reduce the risk of your networks and users falling victim to these exploit kits.

6 min read

Researchers from Kaspersky Lab have released information about a large-scale cyber espionage campaign called Operation Red October (otherwise known as Rocra). The report has garnered the attention of multiple news agencies and generated many published articles since the Kaspersky report has claimed that attackers were targeting hundreds of diplomatic, governmental, and scientific organizations in numerous countries. These reports indicate that the command-and-control (C&C) infrastructure that is used on these attacks receives stolen information using more than 60 domain names to hide its identity. Furthermore, this information appears to be funneled into a second tier of proxy servers. These are very clever attacks that many are now claiming have been taking place for more than five years! Red October is being compared with other malware that has been associated with cyber espionage such as Duqu, Flame, and Gauss.

2 min read

The new Oracle Java arbitrary code execution vulnerability  has not only hit many news wires and social media outlets, but many victims as well, and it has been incorporated into several exploit kits. This critical vulnerability, as documented in IntelliShield alert 27845, could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system with the […]