Omar Santos
Principal Engineer
Cisco Product Security Incident Response Team (PSIRT) Security Research and Operations
Articles
The PSIRT Services Framework: Helping the Industry Protect the Ecosystem
At Cisco, our leadership made the decision over twenty four years ago that we would clearly publicly communicate security vulnerabilities or other issues that could potentially expose customers to risk. This is when the Cisco Product Security Incident Response Team (PSIRT) was born. Our team and the…
Insights About the Global Internet Routing Table Reaching the 768k Milestone
Back in 2014, I wrote an article that highlighted that global Internet routing table passed the 512,000 or 512k route mark. Today we know that another significant milestone has been reached, as we passed the 768k route mark! Many have predicted Internet outages may be expected. In short, the “sky i…
Celebrating the 100th Anniversary of Veterans Day Serving Those Who Served
This week marks the 100th Anniversary of Armistice Day and Veterans Day. With veterans top of mind, Cisco today announces the expansion of CyberVetsUSA, a free cybersecurity training program for eligible veterans, transitioning service members, military spouses, and members of the Reserves and Nati…
Cisco PSIRT Notice About Public Exploitation of the Cisco ASA Web Services Denial of Service Vulnerability
PSIRT has recently become aware of public exploitation of the Cisco Adaptive Security Appliance Web Services Denial of Service Vulnerability identified by Cisco bug ID CSCvi16029 and CVE ID CVE-2018-0296. With the security of our customers’ networks being a top priority, we’re taking act…
Understanding the Attack Vectors of CVE-2018-0101 – Cisco ASA Remote Code Execution and Denial of Service Vulnerabilit …
Cisco is committed to responsible coordinated disclosure about vulnerabilities, and maintains a very open relationship with the security research community. On January 29, 2018, the Cisco PSIRT learned about public knowledge of a remote code execution and denial of service vulnerability affecting th…
Perspective About the Recent WPA Vulnerabilities (KRACK Attacks)
On October 16th,Mathy Vanhoef and Frank Piessens, from the University of Leuven, published a paper disclosing a series of vulnerabilities that affect the Wi-Fi Protected Access (WPA) and the Wi-Fi Protected Access II (WPA2) protocols. These are protocol-level vulnerabilities that affect wireless ven…
CSAF Common Vulnerability Reporting Framework (CVRF) Version 1.2 is Now Available
I am pleased to announce that the OASIS CSAF Common Vulnerability Reporting Framework (CVRF) Version 1.2 committee specification is now available. As covered in our previous blog posts, the purpose of the OASIS Common Security Advisory Framework (CSAF) Technical Committee (TC) is to standardize the…
CVRF Version 1.2 Now Available for Public Comment
A few months ago, I wrote about the new OASIS Common Security Advisory Framework (CSAF) Technical Committee (TC). The purpose of the CSAF Technical Committee is to standardize the practices for structured machine-readable security vulnerability-related advisories. And then we will further refine tho…
Urgent Proactive Customer Notification to Prevent ASA Outages
On March 29, Cisco became aware of several customer outages involving different releases and models of Cisco ASA and Cisco Firepower Threat Defense (FTD) appliances. Cisco has published a Field Notice urging Cisco customers who are running specific releases of software to reboot their devices to pre…