- Our Favorite Topics:
Combatting Cybercrime with an Incident Response Plan
2 min read
Based on the cybersecurity news proliferating in the mainstream media today – from ransomware incidents to data breaches of massive proportions – it has become clear that organizations need to...
Malicious Microsoft Office Documents Move Beyond InkPicture
3 min read
In late August we began to detect malicious Microsoft Word documents that contained VisualBasic (VB) macro code and the code appeared to be triggering when the document was opened. However, the documents did not contain any of the standard events used to launch VB macro code when a document is opened, including Document_Open, or Auto_Open events. Upon […]
Evolving Security Disclosures : The New OASIS Common Security Advisory Framework (CSAF) Technical Committee
2 min read
During the last few years we have witnessed how the cyber security threat landscape has evolved. The emergence of the Internet of Things combined with recent events have profoundly changed how we protect our systems and people, and drive us to think about new approaches for vendors to disclose security vulnerabilities to customers and consumers. […]
Vulnerability Spotlight: Hopper Disassembler ELF Section Header Size Code Execution
1 min read
Vulnerability Discovered by Tyler Bohan and Cory Duplantis of Cisco Talos Talos has identified an exploitable out-of-bounds write vulnerability in the ELF Section Header parsing functionality of Hopper (TALOS-2016-0222/CVE-2016-8390). Hopper is a reverse engineering tool for macOS and Linux allowing the user to disassemble and decompile 32/64bit Intel-based Mac, Linux, Windows and iOS executables. During the parsing […]
Vulnerability Spotlight: Foxit PDF Reader JBIG2 Parser Information Disclosure
1 min read
Vulnerability discovered by Aleksandar Nikolic of Talos. Talos has identified an information disclosure vulnerability in Foxit PDF Reader (TALOS-2016-0201/CVE-2016-8334). A wrongly bounded call to `memcpy`, while parsing jbig2 segments within a PDF file, can be triggered in Foxit PDF Reader causing an out-of-bounds heap memory to be read into a buffer. The `memcpy` call is properly […]
Combating Email Spoofing with Cisco Email Security Forged Email Detection
2 min read
In April we covered the description of Email Spoofing using Microsoft Outlook, but what about detecting and mitigating it on the Mail Transfer Agent (MTA)? There are multiple technologies that have attempted to address the issues surrounding spoofed emails on the MTA, but they all have shortcomings that can limit their usefulness. DKIM, or Domain […]
On or Off the Clock, Staying Cyber Secure is a New Fact of Life
4 min read
On or Off the Clock, Staying Cyber Secure is a New Fact of Life Cybersecurity has always been a major concern for workplace networks. But, increasingly, it is top of...
Lessons Learned from Testing Cisco EST Implementations for Interoperability with DigiCert
3 min read
Thanks to DigiCert for their contributions co-authoring this post. Interoperability for technology solutions is a top priority—standards used in these solutions become irrelevant when products operate in a silo. Thus, shifting to a new protocol in any solution takes careful consideration and collaboration by multiple parties in order to achieve a seamless operation. One such […]
NSCAM: Tips from Talos for End-Users
4 min read
As groups around the world continue the conversation around cybersecurity – we’re at the midway point of National Cyber Security Awareness Month (#NCSAM) in the U.S. and European Cyber Security...
Cisco Cybersecurity Viewpoints
Where security insights and innovation meet. Read the e-book, see the video, dive into the infographic and more...
Why Cisco Security?
Explore our Products & Services
1