Security

October 3, 2013

SECURITY

Big Security—Mining Mountains of Log Data to Find Bad Stuff

Your network, servers, and a horde of laptops have been hacked. You might suspect it, or you might think it’s not possible, but it’s happened already. What’s your next move? The dilemma of the “next move” is that you can only discover an attack either as it’s happening, or after it’s already happened. In most […]

October 3, 2013

SECURITY

Ten Simple Ways to Enhance Cyber Security for You and Others

Hi there and welcome to today's U.S. National Cyber Security Awareness Month tip, courtesy of those of us involved in administering and/or contributing to Cisco Security Intelligence Operations!! For...

October 2, 2013

SECURITY

Using DNS RPZ to Block Malicious DNS Requests

After delivering several presentations at Cisco Live and Cisco Connect this year, I received a few questions regarding DNS Response Policy Zones (RPZ) and how can they be used to block DNS resolution to known malicious hosts and sites. I decided to write this short post to explain what it is and provide several pointers. […]

October 2, 2013

SECURITY

A Weekly Dose of Cyber Security Awareness

In any given week, one doesn't need to look very far to be reminded of the events and issues that can surface anytime, anywhere, and to anyone. Given their modes...

October 1, 2013

SECURITY

Cisco Security Intelligence Operations NCSAM 2013

For the last couple of years, Cisco Security Intelligence Operations has released a series of blog posts for National Cybersecurity Awareness Month. The theme for this month from the National Cyber Security Alliance is “Our Shared Responsibility.” The Department of Homeland Security is running a series on this theme, as are many other private organizations. Our action and inaction […]

September 25, 2013

SECURITY

LexisNexis Breach Highlights Identity Theft Risks

Who are you? Removing the obvious existential questions for a minute, your identity is often represented as a bundle of personally identifiable information (PII). In the United States PII begins at birth with a name, date of birth, and social security number (SSN). This morning’s KrebsOnSecurity post details the unauthorized access of computer systems (via malicious code) at Lexis Nexis and Dun […]

September 25, 2013

SECURITY

It’s Back – It’s Cisco IOS Software Security Advisory Bundle Time Again

This blog post summarizes the September 2013 edition of the Cisco IOS Software Security Advisory Bundled Publication.

September 23, 2013

SECURITY

Introducing Kvasir

Cisco’s Advanced Services has been performing penetration tests for our customers since the acquisition of the Wheel Group in 1998. We call them Security Posture Assessments, or SPA for short, and I’ve been pen testing for just about as long. I’ll let you in on a little secret about penetration testing: it gets messy! During […]

September 19, 2013

SECURITY

High Stakes Gambling with Apple Stock

Miscreants are always trying to put new twists on age-old schemes. However, I must admit that this latest twist has me slightly puzzled. Today, Cisco TRAC encountered a piece of stock related spam touting Apple’s stock, AAPL.