Actively Exploited Struts Flaw Affects Cisco Products
Cisco informed customers on Friday that at least some of its products are affected by an Apache Struts2 command execution vulnerability that has been exploited in the wild over the past days. The flaw has been confirmed to affect the Cisco Identity Services Engine (ISE), the Prime Service Catalog Virtual Appliance, and the Unified SIP…
Wikileaks, CIA documents and some sober thoughts
So, my less than favorite topic found itself at the top of my reading list today. Wikileaks released a treasure trove of documents today that purport to outline all manner of CIA related operations. After I got passed the “what the actual…” moment, I had to pause. On social media and various news outlets there…
Zones of Trust: A New Way of Thinking about IoT Security
Recent attacks have focused attention on how to safely add “things”to enterprise networks, a topic that straddles IT and physical security. A zones-of-trust approach may be the answer. Last year, when attackers hacked into more than 25,000 Internet of Things (IoT) closed-circuit TV devices and used them in a denial-of-service botnet attack, this question was…
Why We Need To Reinvent How We Catalogue Malware
One obvious trend: crimeware technologies that come with simple user consoles and functionality to create unique binaries at the click of a button. To understand how the bad guys have become so adept at producing the flood of uniquely hashed malware, we need to look at what our adversaries have been doing the past few…
Cisco deepens enterprise network virtualization, security detection of DNA suite
Cisco today announced a variety of hardware, software and services designed to increase network virtualization and bolster security for campus, branch office and cloud customers. The products, which include a Network Functions Virtualization branch office device and improved security network segmentation software, fall under Cisco’s overarching Digital Network Architecture plan. DNA offers integrated networking software—virtualization,…
Are companies doing enough on the IoT security front?
We continue to hear dire warnings about the inherent security risks of the Internet of Things (IoT), and indeed IoT-related incidents are happening. With many companies beginning to capture IoT data from connected devices, a key question is are they doing enough to ensure that data and networks are secure? If security executives thought they…
The Role of the Network in Preventing Dyn 2.0
Much has been said about the DDoS attacks on Dyn and the subsequent security issues surrounding IoT devices. In late 2016, hackers exploited hundreds of thousands of IoT devices, such as security cameras and DVRs, to cause massive internet outages over a prolonged period of time. While this attack has resulted in an uproar of…
Will 2017 be the Year IoT Threats Go Mainstream?
The Internet of Things (IoT) is changing the way we live and work forever. It makes us more productive, healthier and happier, and it enables businesses to work smarter, more efficiently and with greater agility. There’s just one problem: from a security perspective IoT devices are fundamentally flawed. And the bad guys are getting pretty…
FTC Seeks Tools for Securing Home IoT Devices
The U.S. Federal Trade Commission (FTC) announced on Wednesday the launch of a contest that aims to find solutions for securing the Internet of Things (IoT) devices deployed in consumers’ homes. The IoT Home Inspector Challenge seeks a technical solution for addressing vulnerabilities in IoT devices. The FTC said the tool can be a physical…
Cyberrisk Through A Business Lens
As with any other aspect of operating a business, effectively managing cyberrisk is predicated on making well-informed decisions and then executing reliably within the context of those decisions. With that in mind, boards and senior executives must ensure that their organizations accomplish both. For the reasons described below, today many organizations are unable to do…