Archiv für die Kategorie: Cisco Security Notice

By John Stewart With security threats evolving at a staggering pace, we’re hearing from our customers that their network administrators are often finding it difficult to keep up. They are challenged to make informed decisions quickly enough and prioritize their responses to incoming threats. Not surprising since with each new threat and the related vulnerabilities IT leaders are faced with several questions: Where do I go to find information? Which information is for background and which requires immediate action? What has changed since […]

Source:: Cisco Security Notice

By Talos Group Vulnerability discovered by Aleksandar Nikolic of Cisco Talos. Post authored by Earl Carter and William Largent Talos is disclosing the discovery of an exploitable buffer overflow vulnerability in the the MiniUPnP library TALOS-2015-0035 (CVE-2015-6031) . The buffer overflow is present in client-side XML parser functionality in miniupnpc. A specially crafted XML response can lead to a buffer overflow, on the stack, resulting in remote code execution. This miniupnpc buffer overflow is present in client-side part of the library. The vulnerable code is triggered by an oversized […]

Source:: Cisco Security Notice

By Mary Ellen Zurko Every once in a while you need to take a step back, and think about the future. Where’s a good place to look for high risk, high opportunity ideas in the future of computer security? New Security Paradigms Workshop (NSPW) is a crystal ball view into the future of cybersecurity. NSPW is an invitation only workshop dedicated to in-depth discussions of radical forward thinking in security research. Here are highlights from a handful of presentations that pursue areas that might be evocative or inspirational […]

Source:: Cisco Security Notice

By John Stewart October is National Cyber Security Awareness Month in the United States. This year’s campaign emphasizes cybersecurity as part of a deliberate strategy and a shared responsibility, not just a checkbox item. At Cisco, we believe two key things must change in the security industry. First, we need to acknowledge that security is a strategy, and one that senior leaders in all organizations must embrace and own. Second, IT vendors—and all other vendors that are now embedding information technology in their offerings—must produce products, services and […]

Source:: Cisco Security Notice

By Talos Group This post is authored by Earl Carter & Holger Unterbrink . Overview Talos is often tasked with mapping the backend network for a specific piece of malware. One approach is to first reverse engineer the sample and determine exactly how it operates. But what if there is no time or resources to take the sample apart? This post is going to show how to examine a botnet from the Fareit family, starting with just an IP address. Then, using sandbox communities like Cisco ThreatGRID […]

Source:: Cisco Security Notice