1 min read

Historically, threat actors have targeted network devices to create disruption through a denial of service (DoS) situation. While this remains the most common type of attack on network devices, we continue to see advances that focus on further compromising the victim’s infrastructure. Recently, the Cisco Product Security Incident Response Team (PSIRT) has alerted customers around […]

2 min read

Cisco continues to strengthen the security in and around its products, solutions, and services. This week Cisco began providing a Secure Hash Algorithm (SHA) 512 bits (SHA512) checksum to validate downloaded images on www.cisco.com. Cisco already provided a Message Digest 5 (MD5) checksum as the secured hash of the software but the newer SHA512 hash value is now […]

4 min read

This blog post was authored by Troy Fridley and Omar Santos of Cisco PSIRT. On Mar 9 2015, the Project Zero team at Google revealed findings from new research related to the known issue in the DDR3 Memory specification referred to as “Row Hammer”. Row Hammer is an industry-wide issue that has been discussed publicly […]

1 min read

Cisco’s internal security conference (SecCon) is just around the corner and this year marks our seventh anniversary! In previous years SecCon participants heard from a renowned privacy specialist, a Chief Security Officer from a large customer, a cyber security coordinator for two U.S. Presidents, and a self-described gentleman thief. This year we are delighted to […]

4 min read

This year I was honored to be able to present and participate at Cisco Live Cancun, which took place last week. Many attendees from North, Central and South America and...

3 min read

Stop-think-connect is not only for kids. Everyone, including nerds like me and network and security professionals, should pay more attention before connecting any device to the Internet. Routers...

3 min read

After delivering several presentations at Cisco Live and Cisco Connect this year, I received a few questions regarding DNS Response Policy Zones (RPZ) and how can they be used to block DNS resolution to known malicious hosts and sites. I decided to write this short post to explain what it is and provide several pointers. […]

3 min read

During the last three years, the security research community has been having a lot of fun with SSL/TLS uncovering a few nifty attacks. First, in 2011, Juliano Rizzo and Thai Duong released the details about the BEAST attack on Transport Layer Security (TLS) at the ekoparty Security Conference in Buenos Aires, Argentina. I wrote a […]

4 min read

It is not new that people are referring to Bring Your Own Device (BYOD) as Bring Your Own Malware (BYOM). In 2012 alone, Android malware encounters grew 2,577 percent (for details, see Cisco’s Annual Security Report). Many organizations are struggling to keep up with the BYOD trend by allowing employees to bring their favorite gadgets […]