Security

September 25, 2013

SECURITY

LexisNexis Breach Highlights Identity Theft Risks

Who are you? Removing the obvious existential questions for a minute, your identity is often represented as a bundle of personally identifiable information (PII). In the United States PII begins at birth with a name, date of birth, and social security number (SSN). This morning’s KrebsOnSecurity post details the unauthorized access of computer systems (via malicious code) at Lexis Nexis and Dun […]

September 25, 2013

SECURITY

It’s Back – It’s Cisco IOS Software Security Advisory Bundle Time Again

This blog post summarizes the September 2013 edition of the Cisco IOS Software Security Advisory Bundled Publication.

September 23, 2013

SECURITY

Introducing Kvasir

Cisco’s Advanced Services has been performing penetration tests for our customers since the acquisition of the Wheel Group in 1998. We call them Security Posture Assessments, or SPA for short, and I’ve been pen testing for just about as long. I’ll let you in on a little secret about penetration testing: it gets messy! During […]

September 19, 2013

SECURITY

High Stakes Gambling with Apple Stock

Miscreants are always trying to put new twists on age-old schemes. However, I must admit that this latest twist has me slightly puzzled. Today, Cisco TRAC encountered a piece of stock related spam touting Apple’s stock, AAPL.

September 18, 2013

SECURITY

7-Day Forecast: Bundle Up!

It’s that time of year again—consider this post your friendly T-7 notice to start preparing for the final Cisco IOS Software Security Advisory Bundled Publication of 2013! As a reminder, the Cisco Product Security Incident Response Team (PSIRT) releases bundles of Cisco IOS Software Security Advisories on the fourth Wednesday of March and September each […]

September 18, 2013

SECURITY

Watering-Hole Attacks Target Energy Sector

Beginning in early May, Cisco TRAC has observed a number of malicious redirects that appear to be part of a watering-hole style attack targeting the Energy & Oil sector. The structure consists of several compromised domains, of which some play the role of redirector and others the role of malware host. Observed watering-hole style domains […]

September 11, 2013

SECURITY

More Effective Threat Visibility Using Identity and Device-Type Context

The focus of this post is on the use of ISE in collaboration with existing Security Event & Information Management (SIEM) and Threat Defense (TD) systems.to help customers automate the analysis of which security events in an environment require immediate attention more accurately and quickly.

September 10, 2013

SECURITY

MS Detours: Ongoing vigilance keeps customers on the right track.

This post discusses the potential for vulnerabilities to be present in software products due to the use of 3rd party Dynamic Link Libraries (DLLs). In some cases the DLLs that are injected end up with privileges, or permissions, that are far greater than what should be allowed.

September 9, 2013

SECURITY

The Phishing Grounds

On August 15, 2013, Brian Krebs featured a screen shot of a fake Outlook webmail login page used by the Syrian Electronic Army in a phishing attack against the Washington Post. If you look carefully at the location bar, you will note that the domain used in the phishing attack is ‘webmail.washpost.site88.net’.

Why Cisco Security?

Explore our Products & Services

Subscribe to our Blogs

Stay up to date and get the latest blogs from Cisco Security