Cisco Identifies Multiple Vulnerabilities in Network Time Protocol daemon (ntpd)

/in /von

By Talos Group Cisco is committed to improving the overall security of the products and services our customers rely on. As part of this commitment, Cisco assesses the security of software components used in our products. Open source software plays a key role in many Cisco products and as a result, ensuring the security of open source software components is vital, especially in the wake of major vulnerabilities such as Heartbleed and Shellshock. In April 2014, the Linux Foundation spearheaded the creation of []

Source:: Cisco Security Notice

Dangerous Clipboard: Analysis of the MS15-072 Patch

/in /von

By Talos Group This post was authored by Marcin Noga with contributions from Jaeson Schultz . Have you ever thought about how security researchers take a patch that has been released, and then reverse it to find the underlying security issue? Well, back In July Microsoft released security bulletin MS15-072, titled: “Vulnerability in Windows Graphics Component Could Allow Elevation of Privilege (3069392)”. According to Microsoft, this vulnerability “could allow elevation of privilege if the Windows graphics component fails to properly process bitmap conversions.” Talos decided to have []

Source:: Cisco Security Notice

Dangerous Clipboard: Analysis of the MS15-072 Patch

/in /von

By Talos Group This post was authored by Marcin Noga with contributions from Jaeson Schultz . Have you ever thought about how security researchers take a patch that has been released, and then reverse it to find the underlying security issue? Well, back In July Microsoft released security bulletin MS15-072, titled: “Vulnerability in Windows Graphics Component Could Allow Elevation of Privilege (3069392)”. According to Microsoft, this vulnerability “could allow elevation of privilege if the Windows graphics component fails to properly process bitmap conversions.” Talos decided to have []

Source:: Cisco Security Notice

Cisco Next Generation Encryption and Postquantum Cryptography

/in /von

By Marty Loy Cisco developed Next Generation Encryption (NGE) in 2011. NGE was created to define a widely accepted and consistent set of cryptographic algorithms that provide strong security and good performance for our customers. These are the best standards that can be implemented today to meet the security and scalability requirements for network security in the years to come; or to interoperate with the cryptography that will be deployed in that time frame. Most importantly, all of the NGE algorithms, parameters, and key-sizes are widely believed []

Source:: Cisco Security Notice

Cisco Next Generation Encryption and Postquantum Cryptography

/in /von

By Marty Loy Cisco developed Next Generation Encryption (NGE) in 2011. NGE was created to define a widely accepted and consistent set of cryptographic algorithms that provide strong security and good performance for our customers. These are the best standards that can be implemented today to meet the security and scalability requirements for network security in the years to come; or to interoperate with the cryptography that will be deployed in that time frame. Most importantly, all of the NGE algorithms, parameters, and key-sizes are widely believed []

Source:: Cisco Security Notice

What’s in Your Network? Verifying Trust with Integrity Verification Service

/in /von

By Anthony Grieco As we continue to observe National Cyber Security Awareness Month, it’s time this week to think about integrity verification and what it means for your network and your organization. As today’s network threats increase in sophistication, the resulting risks to a business’s or government agency’s network may go undetected for days, months or even years. According to the Ponemon Institute’s 2015 Cost of Data Breach Study, malicious attacks take an average of 256 days to identify. The same network that []

Source:: Cisco Security Notice

What’s in Your Network? Verifying Trust with Integrity Verification Service

/in /von

By Anthony Grieco As we continue to observe National Cyber Security Awareness Month, it’s time this week to think about integrity verification and what it means for your network and your organization. As today’s network threats increase in sophistication, the resulting risks to a business’s or government agency’s network may go undetected for days, months or even years. According to the Ponemon Institute’s 2015 Cost of Data Breach Study, malicious attacks take an average of 256 days to identify. The same network that []

Source:: Cisco Security Notice

Angler for Beginners in 34 Seconds

/in /von

By Martin Rehak Post authored by Martin Rehak, Veronica Valeros, Martin Grill and Ivan Nikolaev. In order to complement the comprehensive information about the Angler exploit kit from our Talos colleagues [ Talos Intel: Angler Exposed ], let’s have a very brief look at what an Angler and CryptoWall infection looks like from the network perspective. We will present one of the recent Angler incidents discovered by Cognitive Threat Analytics (CTA). Cognitive Threat Analytics works after the attack. It sifts through the logs produced by the client’s []

Source:: Cisco Security Notice