Guidelines and Practices for Multi-Party Vulnerability Coordination Open to Review

/in /von

By Omar Santos Recent cyber attacks on organizations around the world have demonstrated the need for consistency in managing security vulnerabilities. To answer that demand, the Industry Consortium for the Advancement of Security on the Internet (ICASI) and the Forum of Incident Response and Security Teams (FIRST) created the FIRST Vulnerability Coordination Special Interest Group (SIG). This is […]

Source:: Cisco Security Notice

Closing One Learning Loop: Using Decision Forests to Detect Advanced Threats

/in /von

By Veronica Valeros This blog post was authored by Veronica Valeros and Lukas Machlica Malicious actors are constantly evolving their techniques in order to evade detection. It is not only the sophistication or the rapid pace of change that is challenging us as defenders, but the scale of attacks. With the continuous flood of threats that we are facing, detection is just the first step. In […]

Source:: Cisco Security Notice

Closing One Learning Loop: Using Decision Forests to Detect Advanced Threats

/in /von

By Veronica Valeros This blog post was authored by Veronica Valeros and Lukas Machlica Malicious actors are constantly evolving their techniques in order to evade detection. It is not only the sophistication or the rapid pace of change that is challenging us as defenders, but the scale of attacks. With the continuous flood of threats that we are facing, detection is just the first step. In […]

Source:: Cisco Security Notice

Scoring Cisco Security Vulnerabilities with CVSSv3

/in /von

By Omar Santos The Cisco Product Security Incident Response Team (PSIRT) is now scoring all security advisories addressing security vulnerabilities that affect Cisco products and multivendor vulnerability alerts using the Common Vulnerability Scoring System version 3 (CVSSv3). The stakeholders at the Forum of Incident Response and Security Teams (FIRST) have done a great job in this new version […]

Source:: Cisco Security Notice

Scoring Cisco Security Vulnerabilities with CVSSv3

/in /von

By Omar Santos The Cisco Product Security Incident Response Team (PSIRT) is now scoring all security advisories addressing security vulnerabilities that affect Cisco products and multivendor vulnerability alerts using the Common Vulnerability Scoring System version 3 (CVSSv3). The stakeholders at the Forum of Incident Response and Security Teams (FIRST) have done a great job in this new version […]

Source:: Cisco Security Notice

Without Necurs, Locky Struggles

/in /von

By Talos Group This post authored by Nick Biasini with contributions from Jaeson Schultz Locky has been a devastating force for the last year in the spam and ransomware landscape. The Locky variant of ransomware has been responsible for huge amounts of spam messages being sent on a daily basis. The main driver behind this traffic is the […]

Source:: Cisco Security Notice

Without Necurs, Locky Struggles

/in /von

By Talos Group This post authored by Nick Biasini with contributions from Jaeson Schultz Locky has been a devastating force for the last year in the spam and ransomware landscape. The Locky variant of ransomware has been responsible for huge amounts of spam messages being sent on a daily basis. The main driver behind this traffic is the […]

Source:: Cisco Security Notice

Vulnerability Spotlight: Multiple Code Execution Vulnerabilities in Oracle Outside In Technology

/in /von

By Talos Group These vulnerabilities were discovered by Aleksandar Nikolic of Cisco Talos. Summary Oracle’s Outside In Technology (OIT) is a set of SDKs that software developers can use to perform various actions against a large number of different file formats. According to the OIT website: “Outside In Technology is a suite of software development kits (SDKs) that […]

Source:: Cisco Security Notice

Vulnerability Spotlight: Multiple Code Execution Vulnerabilities in Oracle Outside In Technology

/in /von

By Talos Group These vulnerabilities were discovered by Aleksandar Nikolic of Cisco Talos. Summary Oracle’s Outside In Technology (OIT) is a set of SDKs that software developers can use to perform various actions against a large number of different file formats. According to the OIT website: “Outside In Technology is a suite of software development kits (SDKs) that […]

Source:: Cisco Security Notice

Vulnerability Spotlight: Exploiting the Aerospike Database Server

/in /von

By Talos Group Vulnerabilities discovered by Talos Talos is disclosing multiple vulnerabilities discovered in the Aerospike Database Server. These vulnerabilities range from memory disclosure to potential remote code execution. This software is used by various companies that require a high performance NoSQL database. The Aerospike Database Server is both a distributed and scalable NoSQL database that is used […]

Source:: Cisco Security Notice