Archiv für die Kategorie: RSS Feeds

By Tobias Mayer When dealing with TLS connections, it is important to understand how a client (in most cases this is a web browser) will be acting. Let’s quickly check some of the steps that are happening when a TLS connection is made. A web server will send its certificate down to the requesting client during the TLS handshake. But it is not only a single certificate but usually a complete chain of certificates. There is the server certificate , in many cases […]

Source:: Cisco Security Notice

By Martin Nystrom Remember 2007, when the underground economy began to flourish, using simple protocols and static subnet ranges to control their infrastructure? That was the same year Cisco published the first Annual Security Report (ASR) . Nine years later, the drumbeat of cyberthreats grow louder, but the actors and threats are familiar, just as John reminded us when this year’s report was released. What’s Changed? Attackers have vastly increased the sophistication of their infrastructure, incorporated evasive techniques such as encryption and obfuscation, and diversified their revenue streams through ransomware . Defenders are sharing cyber threat intelligence and recognizing […]

Source:: Cisco Security Notice

By Blake Anderson Introduction TLS (Transport Layer Security) is a cryptographic protocol that provides privacy for applications. TLS is usually implemented on top of common protocols such as HTTP for web browsing or SMTP for email. HTTPS is the usage of TLS over HTTP, which is the most popular way of securing communication between a web server and client and is supported by the bulk of major web servers. As TLS has become more popular and easier to use, we have seen the […]

Source:: Cisco Security Notice

By John Stuppi [ed. note – this post was authored jointly by John Stuppi and Dan Hubbard ] The Domain Name Service (DNS) provides the IP addresses of intended domain names in response to queries from requesting end hosts. Because many threat actors today are leveraging DNS to compromise end hosts monitoring DNS is often a critical step in identifying and containing malware infections and investigating attacks. Yet our research found that few organizations actually monitor DNS for security purposes—or at all—which makes DNS a security “blind […]

Source:: Cisco Security Notice

By Anthony Grieco Defending a network against threats of growing complexity requires a mix of technology and policies that are as sophisticated as the campaigns created by attackers. A necessary component to an efffective defense includes tackling the low-hanging fruit—that is, basic tasks such as patching vulnerabilities and updating old software. However, as we relate in the Cisco 2016 Annual Security Report too many organizations are relying on seriously outdated network components and operating systems—thus providing even more opportunity for adversaries to infiltrate or attack their network. As […]

Source:: Cisco Security Notice