Cisco

Software Security

Issued by: Help Net Security

An investigation, which concluded that counterfeit network switches were designed to bypass processes that authenticate system components, illustrates the security challenges posed by counterfeit hardware. Counterfeit Cisco Catalyst 2960-X series switches F-Secure Consulting’s Hardware Security team investigated two different counterfeit versions of Cisco Catalyst 2960-X series switches. The counterfeits were discovered by an IT company…

Network Security

Issued by: Help Net Security

Customer demands for increased data protection and privacy, the ongoing threat of data breaches and misuse by both unauthorized and authorized users, and preparation for the GDPR and similar laws around the globe spurred many organizations to make considerable privacy investments – which are now delivering strong returns, Cisco reveals. The study is based on…

Network Security

Issued by: Dark Reading

Companies that invest in privacy see an average return of 270% on their investments, with seven out of 10 companies seeing significant benefits from their privacy expenditures, according to an annual survey published by Cisco today. In addition, more mature companies — as measured by a five-point accountability score — saw greater returns on their…

Network Security

Issued by: Security Week

The zero-day flaw, tracked as CVE-2018-15454, is related to the Session Initiation Protocol (SIP) inspection engine used in the company’s Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software. A remote and unauthenticated attacker can exploit the vulnerability to cause an affected device to reload or consume CPU resources, resulting in a denial-of-service (DoS)…

Vulnerabilities

Issued by: Security Week

Cisco Patches Critical Code Execution Flaw in Security Appliances

Cisco informed customers on Monday that updates released for its Adaptive Security Appliance (ASA) software patch a critical vulnerability that can be exploited to gain full control of devices or cause them to reload. The security hole, tracked as CVE-2018-0101 and assigned a CVSS score of 10, allows a remote and unauthenticated attacker to execute arbitrary code…

Network Security

Issued by: CSO

Companies face legion of security operations challenges

After a week away from all things cybersecurity, I’m back at work and focusing on security analytics and operations again. Alarmingly, most organizations readily admit to problems in this area. For example, a recent ESG research survey of 412 cybersecurity and IT professionals identified some of the biggest security analytics and operations challenges. Some of…

Software Security

Issued by: Help Net Security

Cisco and IBM Security announce services and threat intelligence collaboration

In a new agreement, Cisco and IBM Security will work closer together across products, services and threat intelligence for the benefit of customers. Cisco security solutions will integrate with IBM’s QRadar to protect organizations across networks, endpoints and cloud. Customers will also benefit from the scale of IBM Global Services support of Cisco products in…

Vulnerabilities

Issued by: Security Week

Actively Exploited Struts Flaw Affects Cisco Products

Cisco informed customers on Friday that at least some of its products are affected by an Apache Struts2 command execution vulnerability that has been exploited in the wild over the past days. The flaw has been confirmed to affect the Cisco Identity Services Engine (ISE), the Prime Service Catalog Virtual Appliance, and the Unified SIP…

Network Security

Issued by: CSO

Fileless Powershell malware uses DNS as covert communication channel

Targeted attacks are moving away from traditional malware to stealthier techniques that involve abusing standard system tools and protocols, some of which are not always monitored. The latest example is an attack dubbed DNSMessenger, which was analyzed by researchers from Cisco Systems’ Talos team. The attack starts with a malicious Microsoft Word document distributed through…