Security

October 25, 2016

THREAT RESEARCH

Vulnerability Spotlight: LibTIFF Issues Lead To Code Execution

These Vulnerabilities were discovered by Tyler Bohan of Cisco Talos. Talos is releasing multiple vulnerabilities (TALOS-2016-0187, TALOS-2016-0190 & TALOS-2016-0205) in the LibTIFF library . One vulnerability (TALOS-2016-0187) is an exploitable heap based buffer overflow that impacts the LibTIFF TIFF2PDF conversion tool. Another vulnerability (TALOS-2016-0190) impacts the parsing and handling of TIFF images ultimately leading to […]

October 24, 2016

THREAT RESEARCH

Pumpkin Spiced Locky

This post was authored by Warren Mercer & Edmund Brumaghin Summary We had .locky, we had .odin and then we had .zepto but today we hit rock bottom and we now have Locky using .shit as their encrypted file extension. In today’s latest wave of spam, Talos has observed three distinct spam campaigns distributing the […]

October 24, 2016

SECURITY

IoT: Securing the Next Chapter of the Digitization “Book”

The Internet of Things (IoT) era is here: Nearly two-thirds of organizations currently collect data from equipment, devices or other connected endpoints and use it for a business purpose,...

October 20, 2016

SECURITY

Piecing Together Malicious Behavior in Encrypted Traffic

This post was authored by Jan Kohout, Veronica Valeros and Petr Somol. Increasing adoption of encryption in web communication significantly contributes to protection of users' privacy. However, it also brings...

October 20, 2016

SECURITY

Turning Cybersecurity into a Strategic Advantage

C-suite leaders should think about cybersecurity as a strategic advantage that not only protects business value, but enables new business value.

October 19, 2016

THREAT RESEARCH

MBRFilter – Can’t Touch This!

This post was authored by Edmund Brumaghin and Yves Younan Summary Ransomware has become increasingly prevalent in the industry, and in many cases, unless there is a publicly released decryptor available, there is often not an easy means of retrieving encrypted files once a system has been infected. In addition to the creation and maintenance […]

October 19, 2016

SECURITY

Combatting Cybercrime with an Incident Response Plan

Based on the cybersecurity news proliferating in the mainstream media today – from ransomware incidents to data breaches of massive proportions – it has become clear that organizations need to...

October 19, 2016

SECURITY

Malicious Microsoft Office Documents Move Beyond InkPicture

In late August we began to detect malicious Microsoft Word documents that contained VisualBasic (VB) macro code and the code appeared to be triggering when the document was opened. However, the documents did not contain any of the standard events used to launch VB macro code when a document is opened, including Document_Open, or Auto_Open events. Upon […]

October 18, 2016

SECURITY

Evolving Security Disclosures : The New OASIS Common Security Advisory Framework (CSAF) Technical Committee

During the last few years we have witnessed how the cyber security threat landscape has evolved. The emergence of the Internet of Things combined with recent events have profoundly changed how we protect our systems and people, and drive us to think about new approaches for vendors to disclose security vulnerabilities to customers and consumers. […]

Why Cisco Security?

Explore our Products & Services

Get Security Blogs via Email

Stay up to date and get the latest blogs from Cisco Security