psirt

September 15, 2015

SECURITY

SYNful Knock: Detecting and Mitigating Cisco IOS Software Attacks

1 min read

Historically, threat actors have targeted network devices to create disruption through a denial of service (DoS) situation. While this remains the most common type of attack on network devices, we continue to see advances that focus on further compromising the victim’s infrastructure. Recently, the Cisco Product Security Incident Response Team (PSIRT) has alerted customers around […]

June 18, 2015

SECURITY

Responding to Third Party Vulnerabilities

3 min read

We are now more than one year on from the release of HeartBleed, the first major vulnerability disclosed in widely used third-party code. This is an excellent point in time to look back at what Cisco and our customers have achieved since, including how the Cisco Product Security Incident Response Team (PSIRT) has evolved to […]

April 23, 2015

SECURITY

Best Practices: Device Hardening and Recommendations

2 min read

On April 13th, 2015, Cisco PSIRT was made aware of multiple instances of customer disruption in a specific region caused by a denial of service attack against Cisco devices. We responded quickly to support speedy restoration for our customers. Our ongoing investigation has shown that the storage of some Cisco devices was erased, removing both […]

March 25, 2015

SECURITY

Announcing the First Cisco IOS Software and IOS XE Software Security Advisory Bundled Publication

2 min read

Today, we released the first ever Cisco IOS Software and IOS XE Software Security Advisory Bundled Publication. As a reminder, Cisco discloses IOS vulnerabilities on a predictable schedule (on the fourth Wednesday of March and September each calendar year). In direct response to your feedback, we have also included a Cisco Security Advisory addressing vulnerabilities […]

March 9, 2015

SECURITY

Mitigations Available for the DRAM Row Hammer Vulnerability

4 min read

This blog post was authored by Troy Fridley and Omar Santos of Cisco PSIRT. On Mar 9 2015, the Project Zero team at Google revealed findings from new research related to the known issue in the DDR3 Memory specification referred to as “Row Hammer”. Row Hammer is an industry-wide issue that has been discussed publicly […]

February 18, 2015

SECURITY

Cisco PSIRT – Notice about public exploitation of the Cisco ASA Clientless SSL VPN Portal Customization Integrity …

4 min read

Cisco PSIRT is aware of public exploitation of the Cisco ASA Clientless SSL VPN Portal Customization Integrity Vulnerability identified by Cisco bug ID CSCup36829 (registered customers only) and CVE ID CVE-2014-3393. This vulnerability was disclosed on the 8th of October 2014 in the Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA Software. All customers that have customizations […]

September 24, 2014

SECURITY

Announcing the Cisco IOS Software Security Advisory Bundled Publication

2 min read

Today, we released the final Cisco IOS Software Security Advisory Bundled Publication of 2014. Six years ago, Cisco committed to disclosing IOS vulnerabilities on a predictable schedule (on the fourth Wednesday of March and September each calendar year) in direct response to your feedback. We know this timeline allows your organization to plan and help […]

September 17, 2014

SECURITY

T-7 Days to Improved Cisco IOS Security

2 min read

The Cisco IOS Software Security Advisory Bundled Publication will go live in seven days and this time we will have an important update to the Cisco IOS Software Checker to go along with it. As a reminder, the Cisco Product Security Incident Response Team (PSIRT) releases bundles of Cisco IOS Software Security Advisories on the […]

May 16, 2014

SECURITY

New Standards May Reduce Heartburn Caused by the Next Heartbleed

2 min read

Ed Paradise, Vice President of Engineering for Cisco’s Threat Response, Intelligence and Development Group Much has been made of the industry-wide Heartbleed vulnerability and its potential exploitation. Cisco was among the first companies to release a customer Security Advisory when the vulnerability became public, and is now one of many offering mitigation advice. Those dealing […]