DNS Compromise Distributing Malware
DNS records are an attractive target for distributors of malware. By compromising the DNS servers for legitimate domains, attackers are able to redirect visitors to trusted domains to malicious servers under attacker control. DNS requests are served from dedicated servers that may service many thousands of domains. Compromising these servers allows attackers to take over […]
Attend the 2013 PCI Community Meeting for the Latest Core PCI Standards
The focus of this post is on the upcoming PCI SSC North American Community Meeting which is being held September 24–26, 2013, at the Mandalay Bay Convention Center in Las Vegas, Nevada. The meeting spans two full days of knowledge sharing, networking, and learning, which includes Keynote presentations from industry experts, PCI case studies, and Technical sessions.
BREACH, CRIME and Black Hat
During the last three years, the security research community has been having a lot of fun with SSL/TLS uncovering a few nifty attacks. First, in 2011, Juliano Rizzo and Thai Duong released the details about the BEAST attack on Transport Layer Security (TLS) at the ekoparty Security Conference in Buenos Aires, Argentina. I wrote a […]
Error Correction Using Response Policy Zones: Eliminating the Problem of Bitsquatting
A memory error is a condition that occurs any time one or more bits being read from memory have changed state from what was previously written. By even the most conservative of estimates Internet devices experience more than 600,000 memory errors per day. Cosmic radiation, operating a device outside its recommended environmental conditions, and defects […]
Summary: Hacking Made Easy – Courtesy of IoT
With the emergence of the Internet of Things (IoT), technology has become an integral part of our daily lives and promises to become even more prevalent in the near future. While this is normally a good thing – making our lives easier and more comfortable, any technology can be just as easily turned against us […]
How Secure is Your Secure Access?
In June, I attended the Gartner Security Summit in Washington, D.C. where I was asked by quite a few security executives, “My network folks just bought ISE, but what is ISE and what type of security does it provide?” Fast forward to July, and I wish I had this SANS review on ISE to offer […]
Security Implications of Cheaper Storage
An advert from Byte magazine dating from July 1980 proudly offers a 10MB hard disk drive for only US$3495. Accounting for the effects of inflation, that equates to approximately US$10,000 in today’s prices. If data storage prices had remained constant, this would mean that the 1GB flash drive in my pocket would cost in excess […]
July, a Busy Month for Breaches
This month has been particularly prevalent for the loss of personal information. At the beginning of the month it was reported that Club Nintendo had been breached with the personal data of up to 4 million stolen by attackers . Subsequently, the forums of Ubuntu were hacked with the loss of 1.82 million usernames, passwords […]
Zeus Botnet Impersonating Trusteer Rapport Update
Starting Friday, July 19, 2013 at 14:45 GMT, Cisco TRAC spotted a new spam campaign likely propagated by the Zeus botnet. The initial burst of spam was very short in duration and it’s possible this was intended to help hide the campaign, since it appears to be targeted towards users of a Trusteer product called […]
Why Cisco Security?
Explore our Products & Services
Subscribe to our Blogs
Stay up to date and get the latest blogs from Cisco Security