LexisNexis Breach Highlights Identity Theft Risks
Who are you? Removing the obvious existential questions for a minute, your identity is often represented as a bundle of personally identifiable information (PII). In the United States PII begins at birth with a name, date of birth, and social security number (SSN). This morning’s KrebsOnSecurity post details the unauthorized access of computer systems (via malicious code) at Lexis Nexis and Dun […]
It’s Back – It’s Cisco IOS Software Security Advisory Bundle Time Again
This blog post summarizes the September 2013 edition of the Cisco IOS Software Security Advisory Bundled Publication.
Cisco’s Advanced Services has been performing penetration tests for our customers since the acquisition of the Wheel Group in 1998. We call them Security Posture Assessments, or SPA for short, and I’ve been pen testing for just about as long. I’ll let you in on a little secret about penetration testing: it gets messy! During […]
High Stakes Gambling with Apple Stock
Miscreants are always trying to put new twists on age-old schemes. However, I must admit that this latest twist has me slightly puzzled. Today, Cisco TRAC encountered a piece of stock related spam touting Apple’s stock, AAPL.
7-Day Forecast: Bundle Up!
It’s that time of year again—consider this post your friendly T-7 notice to start preparing for the final Cisco IOS Software Security Advisory Bundled Publication of 2013! As a reminder, the Cisco Product Security Incident Response Team (PSIRT) releases bundles of Cisco IOS Software Security Advisories on the fourth Wednesday of March and September each […]
Watering-Hole Attacks Target Energy Sector
Beginning in early May, Cisco TRAC has observed a number of malicious redirects that appear to be part of a watering-hole style attack targeting the Energy & Oil sector. The structure consists of several compromised domains, of which some play the role of redirector and others the role of malware host. Observed watering-hole style domains […]
More Effective Threat Visibility Using Identity and Device-Type Context
The focus of this post is on the use of ISE in collaboration with existing Security Event & Information Management (SIEM) and Threat Defense (TD) systems.to help customers automate the analysis of which security events in an environment require immediate attention more accurately and quickly.
MS Detours: Ongoing vigilance keeps customers on the right track.
This post discusses the potential for vulnerabilities to be present in software products due to the use of 3rd party Dynamic Link Libraries (DLLs). In some cases the DLLs that are injected end up with privileges, or permissions, that are far greater than what should be allowed.
The Phishing Grounds
On August 15, 2013, Brian Krebs featured a screen shot of a fake Outlook webmail login page used by the Syrian Electronic Army in a phishing attack against the Washington Post. If you look carefully at the location bar, you will note that the domain used in the phishing attack is ‘webmail.washpost.site88.net’.
Why Cisco Security?
Explore our Products & Services
Subscribe to our Blogs
Stay up to date and get the latest blogs from Cisco Security