Vulnerability Spotlight: Apple Garage Band Out of Bounds Write Vulnerability

/in /von

By Talos Group Discovered by Tyler Bohan of Cisco Talos Overview Talos is disclosing TALOS-2016-0262 (CVE-2017-2372) and TALOS-2017-0275 (CVE-2017-2374), an out of bounds write vulnerability in Apple GarageBand. GarageBand is a music creation program, allowing users to create and edit music easily and effectively from their Mac computer. GarageBand is installed by default on all Mac computers so […]

Source:: Cisco Security Notice

The impact on network security through encrypted protocols – TLS 1.3

/in /von

By Tobias Mayer This post is the second part of my series around the impact of encrypted protocols on network security. You can find the first article about HTTP/2 here: http://blogs.cisco.com/security/the-impact-on-network-security-through-encrypted-protocols-http2 Now let us focus on the new and upcoming specification of TLS 1.3. It is important to understand what advantages TLS 1.3 brings to us, but also […]

Source:: Cisco Security Notice

The impact on network security through encrypted protocols – TLS 1.3

/in /von

By Tobias Mayer This post is the second part of my series around the impact of encrypted protocols on network security. You can find the first article about HTTP/2 here: http://blogs.cisco.com/security/the-impact-on-network-security-through-encrypted-protocols-http2 Now let us focus on the new and upcoming specification of TLS 1.3. It is important to understand what advantages TLS 1.3 brings to us, but also […]

Source:: Cisco Security Notice

Staying Ahead of the Hack: Operationalizing Threat Intelligence to Strengthen Defenses

/in /von

By Jason Lamar Many pieces of forensic evidence come into play when investigating a crime scene – analysis of fingerprints, DNA, shoe prints, videos/photos, ballistics, etc. By analyzing the data, a picture of the crime emerges, which in the case of a serial killer often includes his or her MO or method of operation. In the cyber world, […]

Source:: Cisco Security Notice

Staying Ahead of the Hack: Operationalizing Threat Intelligence to Strengthen Defenses

/in /von

By Jason Lamar Many pieces of forensic evidence come into play when investigating a crime scene – analysis of fingerprints, DNA, shoe prints, videos/photos, ballistics, etc. By analyzing the data, a picture of the crime emerges, which in the case of a serial killer often includes his or her MO or method of operation. In the cyber world, […]

Source:: Cisco Security Notice

Indicators of Compromise and where to find them

/in /von

By Emmett Koen Indicators of Compromise (“IOC”) are used to suggest a system has been affected by some form of malware. An Indicator of Compromise can be anything from a file name to the behavior observed while malware is actively running on an infected system. Where do they look? Social media, new feeds, industry reports, Threat Grid sample […]

Source:: Cisco Security Notice

Indicators of Compromise and where to find them

/in /von

By Emmett Koen Indicators of Compromise (“IOC”) are used to suggest a system has been affected by some form of malware. An Indicator of Compromise can be anything from a file name to the behavior observed while malware is actively running on an infected system. Where do they look? Social media, new feeds, industry reports, Threat Grid sample […]

Source:: Cisco Security Notice

Cisco Coverage for ‘Ticketbleed’

/in /von

By Talos Group Vulnerability Details A vulnerability (CVE-2016-9244) was recently disclosed affecting various F5 products due to the way in which the products handle Session IDs when the non-default Session Tickets option is enabled. By manipulating the Session IDs provided to affected products, an attacker could potentially leak up to 31 bytes of uninitialized memory. This vulnerability can […]

Source:: Cisco Security Notice

Cisco Coverage for ‘Ticketbleed’

/in /von

By Talos Group Vulnerability Details A vulnerability (CVE-2016-9244) was recently disclosed affecting various F5 products due to the way in which the products handle Session IDs when the non-default Session Tickets option is enabled. By manipulating the Session IDs provided to affected products, an attacker could potentially leak up to 31 bytes of uninitialized memory. This vulnerability can […]

Source:: Cisco Security Notice

The Transformation of the Cybersecurity Workforce

/in /von

By Tom Gilheany When the commercial internet was young, IT structure was relatively simple. Today, though, growing complexity is one of IT’s biggest security challenges. The more complex the system, the greater the attack surface. It is much easier now to hide multi-pronged attacks in different layers and parts of the IT infrastructure. Virtual machines, BYOD, “-aaS” environments, […]

Source:: Cisco Security Notice