wsa

Defenders have a lot of work to do, and many challenges to overcome. While conducting the Cisco 2018 Security Capabilities Benchmark Study, where we touched more than 3600 customers across 26 countries, these assumptions were confirmed. We have seen that defenders are struggling with the orchestrati…

This post is the second part of my series around the impact of encrypted protocols on network security. You can find the first article about HTTP/2 here: http://blogs.cisco.com/security/the-impact-on-network-security-through-encrypted-protocols-http2 Now let us focus on the new and upcoming specific…

When asked about IPv6, many companies are aware that they must do something, but are not sure what is the best way to approach IPv6. In my talks with customers, I found that the unfamiliarity with IPv6 is one of the biggest obstacles. So, to gain experience with IPv6, there are several paths to go d…

Today the web is a favorite vector for threat actors to launch their attacks. According to the Cisco 2014 Midyear Security Report, More than 90 percent of customer networks observed in the first half of 2014 were identified as having traffic going to websites that host malware. More recently, Talos…

This post was authored by Armin Pelkmann. On September 8th, Cisco’s Talos Security Intelligence & Research Group unveiled the existence of the “Kyle and Stan” Malvertisement Network. The network was responsible for placing malicious advertisements on big websites like amazon.co…

This post was authored by Shaun Hurley, David McDaniel and Armin Pelkmann. Update 2014-09-22: Updates on this threat can be found here Have you visited amazon.com, ads.yahoo.com, www.winrar.com, youtube.com, or any of the 74 domains listed below lately? If the answer is yes, then you may have been a…

Many web sites provide a setting to reduce the amount of explicit, or objectionable, content returned by the site. The user configures these settings, but many users are unaware such a setting exists, or that it needs to be set for each web site. Additionally, the security administrator cannot audit…

My personal email has 4 characteristics that drive me crazy: I get way too much email Most of my emails are a waste of time Emails carry the risk of, very rarely, nasty virus payloads (or link you to sites that have worse) Despite all this, I can’t live without email…

Cisco Security Intelligence Operations is tracking reports of ongoing exploitation of a vulnerability in the popular web application framework Ruby on Rails that creates a Linux-based botnet. The vulnerability dates back to January 2013 and affects Ruby on Rails versions prior to 3.2.11, 3.1.10, 3.0…