Cisco Security
CVRF: A Penny For Your Thoughts
1 min read
The Common Vulnerability Reporting Framework (CVRF) is a security automation standard intended to make your life easier by offering a common language to exchange traditional security and vulnerability bulletins, reports, and advisories. You can read more about it on the official ICASI CVRF 1.1 page, in my CVRF 1.1 Missing Manual blog series, or in […]
Accelerating Real World Cybersecurity Solutions Through Private-Public Partnerships
1 min read
Established in 2012 through a partnership between NIST, the State of Maryland, and Montgomery County, the National Cybersecurity Center of Excellence (NCCoE) was conceived to advance innovation through the rapid identification, integration, and adoption of practical cybersecurity solutions. NCCoE collaborates with industry leaders through its National Cybersecurity Excellence Partnership (NCEP) initiative to develop real-world cybersecurity capabilities. As a NCEP member and key collaborator, Cisco is dedicated to furthering the mission of securing cyberspace for all.
A Programmatic Approach to Using Cisco’s Security Intelligence Feed
4 min read
If you’re an end-user or manager of software that has publicly known security vulnerabilities, wouldn’t you want to know about it? If you’re a software developer, wouldn’t you want to know if there are third-party software vulnerabilities that may impact your applications or products? Do you have a patch management compliance requirement for managing software […]
Cross-Site Request Forgery Attacks and Mitigations
1 min read
Cross-Site Request Forgery (CSRF) attacks: there are already enough articles out there that can explain what a CSRF attack is and provide potential examples. There are also plenty of security alerts that have been released by various vendors whose products are affected by CSRF-related vulnerabilities. CSRF attacks usually target web applications and attempt to make […]
Apache Darkleech Compromises
2 min read
Dan Goodin, editor at Ars Technica, has been tracking and compiling info on an elusive series of website compromises that could be impacting tens of thousands of otherwise perfectly legitimate sites. While various researchers have reported various segments of the attacks, until Dan’s article, no one had connected the dots and linked them all together. Dubbed “Darkleech,” thousands of […]
March Madness May Equal to Malware Madness
4 min read
Are you excited about March Madness? Turn on a TV and it will be hard to avoid the games, the news, the commentaries, and the jokes about it. If you eavesdrop in any restaurant, bar, or office conversation, I can assure you that you will hear something about it. Even U.S. President Barack Obama filled out a March […]
Chronology of a DDoS: SpamHaus
3 min read
Around 12:00 GMT March 16, 2013, a distributed denial of service (DDoS) attack took offline both the spamhaus.org website and a portion of its e-mail services. SpamHaus was able to restore connectivity by March 18; however, SpamHaus is still weathering a massive, ongoing DDoS attack. The DDoS attacks have also had less severe but measurable consequences for […]
Thoughts on DarkSeoul: Data Sharing and Targeted Attackers
4 min read
The attacks against South Korean media and banking organizations last week severely disrupted a handful of organizations with a coordinated distribution of “wiper” malware designed to destroy data on hard drives and render them unbootable. At 14:00 KST on March 20, 2013, the wiper was triggered across three media organizations and four banks, setting off […]
Today’s the Day: Announcing the Cisco IOS Software Security Advisory Bundle
2 min read
Today, Cisco is celebrating a milestone in its commitment to helping you act on security intelligence—our 10th bundle of Cisco IOS Software Security Advisories. We’re proud of our commitment to these predictable disclosures (on the fourth Wednesday of March and September annually) because they originated as a direct response to your feedback. Bundled publications allow you to plan ahead […]