Cisco 2014 Annual Security Report: Cybercriminals Applying “Old” Techniques in New Ways
We know that as time goes on, the cybercrime network’s operations will only more closely resemble those of any legitimate, sophisticated business network. And like all enterprising businesspeople, those who are part of the “cybercriminal hierarchy”—which is discussed in the Cisco 2014 Annual Security Report and illustrated below—look to increase their profits by continually innovating […]
Securing the Future Enterprise
This blog post is part three of a three-part series discussing how organizations can address mobile security concerns through an architectural approach to mobility. The first post discusses how next-gen...
Detecting Payment Card Data Breaches Today to Avoid Becoming Tomorrow’s Headline
A few months ago we discussed the various ways that consumer PII is compromised. The recent attacks against Target and Neiman Marcus illustrate the constant threat that payment card accepting retailers of all sizes face. Yesterday Reuters reported that similar breaches over the holidays affected “at least three other well-known U.S. retailers”. Given the current […]
When Network Clocks Attack
In October 2013, Cisco TRAC discussed Network Time Protocol (NTP) as a possible vector for amplified distributed denial of service (DDoS) attacks. Litnet CERT has since revealed that their NTP servers were used in a denial of service (DoS) attack. Symantec also published information regarding an NTP amplification-based DDoS attack that occurred in December 2013. On December 7, 2013, a hackforums.net user posted an NTP amplification DDoS script to Pastebin. The NTP DDoS script is heavily obfuscated Perl, though the plain text at the top credits the "leaking" of the script to an individual who goes by the handle Starfall. Brian Krebs also mentioned someone going by the name Starfall as a paying user of booter.tw. They may be the same person.
2014: More Secure Access, Please
Are you back from holiday break all refreshed and ready to embrace 2014 with confidence? Many organizations will see new devices on their networks given the recent massive holiday gift giving. In particular, educational organizations will be morst likely to be impacted. It seems there was no new hot toy (must-have gift) noted this year […]
Fake German Bill Spam Campaign Spreads Malware
Update 2014-01-10: This malicious campaign has expanded to include emails that masquerade as bills from NTTCable and from VolksbankU Update 2014-01-21: We’ve updated the chart to include the Vodafon emails and latest URL activity English language has emerged as the language of choice for international commerce. Since people throughout the world are used to receiving English […]
Malicious Ads from Yahoo Just the Tip of the Iceberg
When Fox-IT published their report regarding malvertisements coming from Yahoo, they estimated the attack began on December 30, 2013, while also noting that other reports indicated the attack may have begun earlier. Meanwhile, Yahoo intimated a different timeframe for the attack, claiming “From December 31 to January 3 on our European sites, we served some […]
SecCon and the Limits of the Human Mind
One of the things I like best about Cisco’s focus on security is the internal SecCon conference we put on each year. It focuses on security threats, defenses, and innovation. Although I participate as a trainer, organizer, and reviewer, my favorite role this year was as an attendee. The conference theme, The State of the […]
Why Cisco Security?
Explore our Products & Services
Subscribe to our Blogs
Stay up to date and get the latest blogs from Cisco Security