Security

1 min read

Vulnerabilities discovered by Talos Talos is disclosing multiple vulnerabilities discovered in the Aerospike Database Server. These vulnerabilities range from memory disclosure to potential remote code execution. This software is used by various companies that require a high performance NoSQL database. Aerospike fixed these issues in  version 3.11. The Aerospike Database Server is both a distributed and […]

3 min read

What a giant year for Cisco Security! In 2016, we pursued our effective security architecture with innovative solutions – from the network to the endpoint to the cloud. I couldn’t...

1 min read

Happy New Year to our readers! Today marks the first Patch Tuesday of 2017 with Microsoft releasing their monthly set of bulletins designed to address security vulnerabilities. This month’s release is relatively light with 4 bulletins addressing 3 vulnerabilities. Two bulletins are rated critical and address vulnerabilities in Office and Adobe Flash Player while the […]

1 min read

Over the past several weeks, there have been ongoing discussions regarding cyber attacks that have occurred against several political, governmental, and private sector entities in the United States. These discussions have revolved around allegations that these cyber attacks were designed to interfere with the 2016 U.S. Federal Elections as well as identifying who is responsible […]

4 min read

This is the start of a planned series of posts around the impact that new protocols are making on the way many of us deal with network security today. The protocols we have been using on the internet, mainly TCP with HTTP 1.1, have shown that they cannot deal with today’s requirements for fast and […]

1 min read

IEC 60870-5-104 Protocol Detection Rules Cisco Talos has released 33 Snort rules which are used to analyze/inspect IEC 60870-5-104 network traffic. These rules will help Industrial Control Systems/Supervisory Control and...

1 min read

Vulnerabilities discovered by Talos Talos is disclosing two denial of service vulnerabilities (CVE-2016-9036 & CVE-2016-9037) in Tarantool. Tarantool is an open-source lua-based application server. While primarily functioning as an application server, it is also capable of providing database-like features and providing an in-memory database which can be queried using a protocol based around the MsgPack […]

1 min read

This blog post was authored by Jakob Dohrmann, David Rodriguez, and Jaeson Schultz. The Cisco Talos and Umbrella research teams are deploying a distributed hailstorm detection system which brings together machine learning, stream processing of DNS requests and the curated Talos email corpus. Talos has discussed snowshoe spam before. Traditional snowshoe spam campaigns are sent […]

4 min read

Effective security is simple, open, and automated.  We’ve already talked about simple and open. Now let’s talk about automated. Security admins can relate to this scenario. You just learned of an infected system in your environment of thousands of devices. How many others are affected? That’s hard to figure out even in elite operations. What […]