security
SUMMARY: Open at Cisco is Moving!
“In our collective eagerness to talk about our growing list of cloud offerings, emerging cloud strategies, and contributions to the cloud community, we all started blogging from different places. The data center folks were talking about Cisco’s cloud-optimized hardware on one blog, the open so…
Security-as-a-Feature
Some of you may remember Marathon Man, starring Lawrence Olivier as the evil Nazi dentist Dr. Christian Szell, and Dustin Hoffman as a graduate student nicknamed Babe. Szell has come to New York from his South American jungle hideaway to retrieve a cache of diamonds, but he’s not sure he won’t be wa…
Governments Need Global Standards of Conduct for Surveillance
Privacy and human rights advocates, technology companies, and trade associations have today called on U.S. political leaders to reform the country’s surveillance laws. We add our voice to those calls. These reforms will help show the world that the U.S. Government is ready to lead the dialogue on gl…
Announcing the First Cisco IOS Software and IOS XE Software Security Advisory Bundled Publication
Today, we released the first ever Cisco IOS Software and IOS XE Software Security Advisory Bundled Publication. As a reminder, Cisco discloses IOS vulnerabilities on a predictable schedule (on the fourth Wednesday of March and September each calendar year). In direct response to your feedback, we ha…
Microsoft Patch Tuesday for March 2015: 14 Bulletins Released; FREAK Patched
Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release sees a total of 14 bulletins being released which address 45 CVEs. The first 5 bulletins are rated critical and address vulnerabilities wit…
Mitigations Available for the DRAM Row Hammer Vulnerability
This blog post was authored by Troy Fridley and Omar Santos of Cisco PSIRT. On Mar 9 2015, the Project Zero team at Google revealed findings from new research related to the known issue in the DDR3 Memory specification referred to as “Row Hammer”. Row Hammer is an industry-wide issue tha…
The Seven Wonders of User Access Control: Part II
In the first of a two-part blog series, The Seven Deadly Sins of User Access Controls, my colleague Jean Gordon Kocienda provided fresh insights into overly-permissive user access controls as a common underlying cause of data breaches. In this blog, I address the solutions to those “Seven Dead…
Telefónica and Cisco Personalize the Consumer Experience at Mobile World Congress
On March 2 at Mobile World Congress, Robert Franks, Managing Director, Digital Commerce at Telefónica UK and Cisco’s Kelly Ahuja, SVP, Service Provider Business, Products & Solutions, had a standing-room only crowd as part of the “Personalizing the Consumer Experience” keynote. During their ses…
The Seven Deadly Sins of User Access Controls: Part I
2014 was a terrible year for corporate data breaches. If there is to be any silver lining, information security professionals must draw lessons from the carnage. A good place to start is to identify common denominators. Several of the most damaging incidents started with phishing emails into office…