Attackers Employ Sneaky New Method to Control Trojans
A new malware sample shows threat actors have begun using DNS TXT record and queries for C2 communications, Cisco Talos says, Security researchers at Cisco’s Talos intelligence and research group have discovered what they describe as an extremely evasive and uncommon way for threat actors to command and to communicate with a Remote Access Trojan…
Cisco deepens enterprise network virtualization, security detection of DNA suite
Cisco today announced a variety of hardware, software and services designed to increase network virtualization and bolster security for campus, branch office and cloud customers. The products, which include a Network Functions Virtualization branch office device and improved security network segmentation software, fall under Cisco’s overarching Digital Network Architecture plan. DNA offers integrated networking software—virtualization,…
Women in cybersecurity: Cisco, IBM, Symantec help pave the way
Women make up roughly half the world’s population, they hold around 50 percent of jobs in the U.S. workforce and fill 25 percent of IT jobs, yet they account for only 10 percent of the positions in cybersecurity. Females in the field are uniting to help move the needle on those numbers towards 50 percent…
Cisco CloudCenter Orchestrator Flaw Exploited in Attacks
Cisco has warned customers about a critical privilege escalation vulnerability that has been exploited against Cisco CloudCenter Orchestrator (CCO) systems. Cisco CloudCenter is a hybrid cloud management platform with two primary components: CloudCenter Manager, the interface utilized by users and administrators, and CloudCenter Orchestrator, which automates application deployment and infrastructure provisioning and configuration. CCO was…
Cisco dents Arista again with patent infringement ruling
A US trade judge ruled today that Arista Networks infringed on two Cisco switch patents – the second important victory the networking giant has won against Arista in their ongoing legal confrontation since it began in 2014. U.S. International Trade Commission Judge MaryJoan McNamara issued the so-called “initial determination” on the case which now must…
Cisco Resets Passwords on Careers Portal
Cisco last week prompted a password reset for the user accounts on its Cisco Professional Careers mobile website after a security researcher discovered a vulnerability in the portal. The networking giant decided to reset the user passwords to ensure that accounts are kept secure, and says that the issue would have resulted in exposing “a…
Cisco Patches 9 Flaws in Email Security Appliance
The most serious, rated “high severity,” are three DoS flaws in the AsyncOS software for Cisco ESA. The security holes, tracked as CVE-2016-6356, CVE-2016-1486 and CVE-2016-1481, allow a remote, unauthenticated attacker to cause a DoS condition on affected devices using specially crafted emails and malicious attachments. CVE-2016-1481 and CVE-2016-6356 affect AsyncOS versions 8.0 and prior,…
MBRFilter: Cisco open sources tool to protect the Master Boot Record
Cisco’s Talos research team has open sourced MBRFilter, a tool that aims to prevent a system’s Master Boot Record (MBR) getting overwritten by malware. The latest malware families that use this tactic are HDDCryptor (aka Mamba) and Petya, two pieces of ransomware that not only encrypt victims’ files, but also effectively lock them out of…
Video: Take Back Control of Your Information Security
The numbers are staggering. PWC reported there were 60 million information security attacks on enterprises last year and CyberEdge Group found over 70% of all companies were breached. The attack surface has expanded rapidly as the number of managed devices increased another 72% over 2014 according to Cisco. According to IBM and CSO, the typical…