By Omar Santos Back in April, I wrote a blog post about the new version of the Common Vulnerability Scoring System (CVSS). The changes made for CVSSv3 addressed some of the challenges that existed in CVSSv2. For example, CVSSv3 analyzes the scope of a vulnerability and identifies the privileges an attacker needs to exploit it. The CVSSv3 enhancements […]
Source:: Cisco Security Notice
By Edna Conway As we wrap up National Cybersecurity Awareness Month in the U.S., cybersecurity continues to be a top-of-mind issue for business, government and consumers alike. In February 2016, President Obama announced a Cybersecurity National Action Plan to improve the United States‘ cybersecurity posture. The non-partisan Commission on Enhancing National Cybersecurity was created and charged with making […]
Source:: Cisco Security Notice
By Edna Conway As we wrap up National Cybersecurity Awareness Month in the U.S., cybersecurity continues to be a top-of-mind issue for business, government and consumers alike. In February 2016, President Obama announced a Cybersecurity National Action Plan to improve the United States‘ cybersecurity posture. The non-partisan Commission on Enhancing National Cybersecurity was created and charged with making […]
Source:: Cisco Security Notice
By Jason Lamar Organizations must take advantage of the digital economy in order to succeed and grow. But to do this, and do it securely, we can’t be compromised by complexity. Our IT landscapes are often systems cobbled together over the years. We may have servers from 15 years ago and cloud apps from 15 minutes ago. We […]
Source:: Cisco Security Notice
By Jason Lamar Organizations must take advantage of the digital economy in order to succeed and grow. But to do this, and do it securely, we can’t be compromised by complexity. Our IT landscapes are often systems cobbled together over the years. We may have servers from 15 years ago and cloud apps from 15 minutes ago. We […]
Source:: Cisco Security Notice
By Ann Swenson At Cisco, we talk a lot about cybersecurity as a strategic advantage for organizations. We believe that a strong security program must be an inherent component of a digitization strategy. There are consequences for organizations that don’t have a plan for addressing this risk. As Ashley Arbuckle, Vice President of Cisco Security Services, said in […]
Source:: Cisco Security Notice
By Ann Swenson At Cisco, we talk a lot about cybersecurity as a strategic advantage for organizations. We believe that a strong security program must be an inherent component of a digitization strategy. There are consequences for organizations that don’t have a plan for addressing this risk. As Ashley Arbuckle, Vice President of Cisco Security Services, said in […]
Source:: Cisco Security Notice
By Talos Group These Vulnerabilities were discovered by Tyler Bohan of Cisco Talos. Talos is releasing multiple vulnerabilities (TALOS-2016-0187, TALOS-2016-0190 & TALOS-2016-0205) in the LibTIFF library . One vulnerability (TALOS-2016-0187) is an exploitable heap based buffer overflow that impacts the LibTIFF TIFF2PDF conversion tool. Another vulnerability (TALOS-2016-0190) impacts the parsing and handling of TIFF images ultimately leading to […]
Source:: Cisco Security Notice
By Talos Group These Vulnerabilities were discovered by Tyler Bohan of Cisco Talos. Talos is releasing multiple vulnerabilities (TALOS-2016-0187, TALOS-2016-0190 & TALOS-2016-0205) in the LibTIFF library . One vulnerability (TALOS-2016-0187) is an exploitable heap based buffer overflow that impacts the LibTIFF TIFF2PDF conversion tool. Another vulnerability (TALOS-2016-0190) impacts the parsing and handling of TIFF images ultimately leading to […]
Source:: Cisco Security Notice
By Talos Group This post was authored by Warren Mercer & Edmund Brumaghin Summary We had .locky, we had .odin and then we had .zepto but today we hit rock bottom and we now have Locky using .shit as their encrypted file extension. In today’s latest wave of spam, Talos has observed three distinct spam campaigns distributing the […]
Source:: Cisco Security Notice
