The Wikileaks Vault 7 Leak – What We Know So Far
UPDATE: March 17, 2017 Based on the “Vault 7” public disclosure, Cisco launched an investigation into the products that could potentially be impacted by these and similar exploits and vulnerabilities. As part of the internal investigation of our own products and the publicly available information, Cisco security researchers found a vulnerability in the Cluster Management […]
Malware Round-up For The Week of Feb 27 – Mar 3
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed over the past week. Unlike our other posts, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavior characteristics, indicators of compromise, and how our customers are automatically protected from […]
The IoT(s): One Size Does Not Fit All
Today let’s talk about IoT as a plurality. I suspect that you may have recently heard the phrase that “words matter,” and when talking about something as broad and diverse as “IoT” it really does indeed matter. It matters because correctly defining what you are speaking about, and to whom, will help to drive towards […]
Covert Channels and Poor Decisions: The Tale of DNSMessenger
This post was authored by Edmund Brumaghin and Colin Grady Executive Summary The Domain Name System (DNS) is one of the most commonly used Internet application protocols on corporate networks. It is responsible for providing name resolution so that network resources can be accessed by name, rather than requiring users to memorize IP addresses. While […]
Short on Security Resources? Try These Force Multipliers
One in four organizations are exposed for six months or longer due to a lack of qualified security workers. And in Europe almost one-third of cyber security job openings remain unfilled. That’s the challenging picture reported by ISACA at this year’s RSA Conference. You’re thinking, “tell me something I don’t know.” The Benchmark study in […]
Cisco PSIRT – Mitigating and Detecting Potential Abuse of Cisco Smart Install Feature
A Cisco Security Response alerts about possible abuse of the Smart Install feature. While not considered a vulnerability, the Response provides guidance on how to protect their networks against abuse.
Cisco Coverage for Smart Install Client Protocol Abuse
Summary Talos has become aware of active scanning against customer infrastructure with the intent of finding Cisco Smart Install clients. Cisco Smart Install is one component of the Cisco Smart Operations solution that facilitates the management of LAN switches. Research has indicated that malicious actors may be leveraging detailed knowledge of the Smart Install Protocol to […]
Vulnerability Spotlight: Multiple remote code execution vulnerabilities in Iceni Argus PDF Content Extraction affect Mar …
Overview Talos has discovered multiple vulnerabilities in Iceni Argus PDF content extraction product. Exploiting these vulnerabilities can allow an attacker to gain full control over the victim’s machine. Although the main product is deprecated by Iceni, the library is still supported. Iceni has released a patched version that addresses these vulnerabilities. Nevertheless, the library is […]
Recognized Excellence in Trustworthy Product Development and Pervasive Data Protection
Last week at RSA, the 2017 Info Security Products Guide Global Excellence Awards honored three teams from the Cisco Security and Trust Organization for their work in leading security practices.
Why Cisco Security?
Explore our Products & Services
Subscribe to our Blogs
Stay up to date and get the latest blogs from Cisco Security