psirt
September 2016 Cisco IOS & IOS XE Software Bundled Publication
1 min read
Today, we released the last Cisco IOS & IOS XE Software Security Advisory Bundled Publication of 2016. (As a reminder, Cisco discloses vulnerabilities in Cisco IOS and IOS XE Software on a predictable schedule—the fourth Wednesday of March and September in each calendar year). Today’s edition of the Cisco IOS & IOS XE Software Security Advisory […]
The Shadow Brokers EPICBANANA and EXTRABACON Exploits
10 min read
UPDATE April 20, 2017 Cisco continues to evaluate potential implications of the activities and information posted publicly by the Shadow Brokers Group. We launched an investigation to analyze the new files posted on April 14th, 2017, and so far have not found any new vulnerabilities or exploits that affect Cisco products and services. Cisco PSIRT will […]
Advanced Malware Evasion Techniques HTTP-Evader
1 min read
Malware doesn’t play by the rules, so today’s IT infrastructure needs to provide several layers of defense for end-users. Some of the more common devices used to protect modern networks are Intrusion Prevention systems (IPS) and Firewalls. In recent years, there has been a lot of research on how evasion techniques bypass Intrusion Prevention systems […]
The Evolution of Scoring Security Vulnerabilities
6 min read
The Common Vulnerability Scoring System (CVSS), which is used by many in the industry as a standard way to assess and score security vulnerabilities, is evolving to a new version known as CVSSv3. These changes addressed some of the challenges that existed in CVSSv2; CVSSv3 analyzes the scope of a vulnerability and identifies the privileges […]
Cisco IOS & IOS XE Bundled Publication and IOS Software Checker Updates
2 min read
Today, we released the first of two semiannual Cisco IOS & XE Software Security Advisory Bundled Publications of 2016. (As a reminder, Cisco discloses IOS & XE vulnerabilities on a predictable schedule—the fourth Wednesday of March and September in each calendar year). Today’s edition of the Cisco IOS & XE Software Security Advisory Bundled Publication includes […]
Introducing the Cisco PSIRT openVuln API
1 min read
In October, we announced details about Cisco PSIRT’s new and improved security vulnerability disclosure format. Our Chief Security and Trust Officer, John Stewart, also revealed that Cisco will launch an application programming interface (API) that empowers customers to customize Cisco vulnerability information and publications. Today, we have officially launched the Cisco PSIRT openVuln API and it is available […]
Improvements to Cisco’s Security Vulnerability Disclosures
5 min read
Cisco is committed to protecting customers by sharing critical security-related information in different formats. Guided by customer feedback, Cisco’s Product Security Incident Response Team (PSIRT) is seeking ways to improve how we communicate information about Cisco product vulnerabilities to our Customers and Partners. As John Stewart mentioned on his blog post, the Cisco PSIRT has launched a […]
It’s That Time Again—Announcing the Cisco IOS & XE Software Security Advisory Bundled Publication
1 min read
Today, we released the last Cisco IOS & XE Software Security Advisory Bundled Publication of 2015. As a reminder, Cisco discloses IOS vulnerabilities on a predictable schedule (the fourth Wednesday of March and September each calendar year). Last cycle, we began including Cisco Security Advisories addressing vulnerabilities in Cisco IOS XE Software in this publication. This change […]
SYNful Knock: Protect Your Credentials, Protect Your Network
1 min read
Interest in IT security has never been higher. So when a new type of attack comes along, it attracts the attention of our customers and others in the industry. Earlier this week Cisco and Mandiant/Fireye released information about the so-called SYNful Knock malware found on Cisco networking devices. You can read my earlier blog on […]
1