Responding to Third Party Vulnerabilities

/in /von

By Morgan Stonebraker We are now more than one year on from the release of HeartBleed, the first major vulnerability disclosed in widely used third-party code. This is an excellent point in time to look back at what Cisco and our customers have achieved since, including how the Cisco Product Security Incident Response Team (PSIRT) has evolved to meet this new type of threat. It’s also a key time for us to confirm and clarify our commitment to transparency in the vulnerability disclosure []

Source:: Cisco Security Notice

Securing the Supply Chain is a Collaborative Effort

/in /von

By Edna Conway I’ve been thinking lately about how collaboration can work for the IT industry as we strive to address security. Cisco’s supply chain security capability focuses on three key exposures: taint, counterfeit and misuse of intellectual property. Specifically, I’ve been thinking about how we might detect and mitigate against counterfeit ASICs. I have a hunch that working with the semiconductor industry, we can achieve this goal. Below is a short video I recorded recently on the topic. If we could ensure []

Source:: Cisco Security Notice

Securing the Supply Chain is a Collaborative Effort

/in /von

By Edna Conway I’ve been thinking lately about how collaboration can work for the IT industry as we strive to address security. Cisco’s supply chain security capability focuses on three key exposures: taint, counterfeit and misuse of intellectual property. Specifically, I’ve been thinking about how we might detect and mitigate against counterfeit ASICs. I have a hunch that working with the semiconductor industry, we can achieve this goal. Below is a short video I recorded recently on the topic. If we could ensure []

Source:: Cisco Security Notice

Domain Shadowing Goes Nuclear: A Story in Failed Sophistication

/in /von

By Talos Group This post was authored by Nick Biasini Exploit Kits are constantly altering their techniques to compromise additional users while also evading detection. Talos sees various campaigns start and stop for different exploit kits all the time. Lately a lot of focus has been put on Angler, and rightly so since it has been innovating continually. Nuclear is another sophisticated exploit kit that is constantly active. However, over the last several weeks the activity had ramped down considerably to a small trickle. Starting []

Source:: Cisco Security Notice

Domain Shadowing Goes Nuclear: A Story in Failed Sophistication

/in /von

By Talos Group This post was authored by Nick Biasini Exploit Kits are constantly altering their techniques to compromise additional users while also evading detection. Talos sees various campaigns start and stop for different exploit kits all the time. Lately a lot of focus has been put on Angler, and rightly so since it has been innovating continually. Nuclear is another sophisticated exploit kit that is constantly active. However, over the last several weeks the activity had ramped down considerably to a small trickle. Starting []

Source:: Cisco Security Notice