Cisco Management Center for Security Agent Remote Code Execution Vulnerability

The Management Center for Cisco Security Agent is affected by a vulnerability that may allow an unauthenticated attacker to perform remote code execution on the affected device.  Cisco Security Agent provides threat protection for server and desktop computing systems. Cisco Security Agent can function in a standalone manner or can be managed by the Management Center for Cisco Security Agent.  The Management Center for Cisco Security Agent is affected by a vulnerability that could allow an unauthenticated attacker to perform remote code execution on the affected device.  A successful exploit could allow the attacker to modify agent policies and system configuration and perform other administrative tasks.

Cisco has released free software updates and a workaround is also available to mitigate this vulnerability.  Cisco Security Agent installations on end-point workstations or servers are not affected by this vulnerability.

 The full advisory is posted at

There is also a FAQ:

Security Costing SMBs 16 Days/Month

IT staff at small and midsize businesses (SMBs) spend 127 hours every month managing their on-premises security, according to a new survey released by Webroot.  That’s roughly 16 eight-hour workdays devoted to tasks such as updating software and hardware, re-imaging infected machines, managing and enforcing end-user policies, and installing patches.

The study included 820 respondents working for firms with between 100 to 5,000 employees, and the numbers appear remarkably consistent across organizational size.  This means that SMBs are spending at least as much time as larger companies managing their security, only with fewer people and less money.  So, security maintenance is eating up a much larger slice of the IT resource pie.

  • One in three respondents listed mobile users and devices, from laptops to tablets to smartphones, as their biggest current challenge. 
  • Data breaches and malware threats ranked second and third, as the top security challenges for 2011.


HBGary Pulls Out of RSA

The hacker group Anonymous hacked HBGary Federal’s websites, corporate email systems and Twitter accounts, illegally acquiring and releasing more than 40,000 of HBGary Federal’s emails, followed by another 27,000 from its sister company, HBGary, in retaliation for an attempt by CEO Aaron Barr to penetrate and identify the group’s members.  The emails have revealed a long list of questionable tactics and the firm’s generally bad behavior.  

HBGary has apparently proposed services to clients that included launching cyberattacks, misinformation campaigns, phishing emails, fake social networking profiles, pressuring journalists, and intimidating the financial donors to clients’ enemies including WikiLeaks, unions and non-profits.  Read the full details here.

HBGary has responded to death threats and the vandalism of its RSA booth with a statement on their website advising that it will be cancelling its presence at the RSA conference.


UPDATE:  Anonymous fills in the details of the HBGary hack

BBC Streaming Sites Serve Up Malware

Streaming sites operated by the BBC were hacked on Tuesday, according to Websense, as part of a current mass-injection targeting vulnerable web sites.  The BBC sites began silently serving visitors malware.  An iframe tag at the foot of the page on the BBC’s 6 Music and 1Xtra websites injected an exploit from a website with an address ending in cc, a top level domain for the Cocos Islands.  Simply browsing to the page is enough to get infected with a malicious executable.  The malicious binary was generated by the Phoenix exploit kit, which dates back to 2007 and streamlines malware infections by collecting detailed statistics.

WinAmp Forums Hacked

The Hacker News is reporting that the WinAmp forums have been hacked, potentially exposing usernames, date of birth, and passwords.  If you have an account there, or have ever re-used your forum password elsewhere, you are encouraged to change it.

What happened?
As a result of our continuous security monitoring, we identified and blocked this attack.  Additionally, new security measures have been deployed to help keep this type of breach from happening in the future.

The Leaking Vault

Suzanne Widup, MSIA graduated with honors from the MSIA program at Norwich University in 2007.  She has significant experience in workplace investigation, digital forensics, e-discovery and litigation support.  Her background includes 16 years of security and Unix system administration, technical support, and software development.

She has put together a data breach study (The Leaking Vault – Five Years of Data Breaches) recently, released in July 2010 by the Digital Forensics Association.  This study takes a look not only at the number of records exposed by breaches, but also the frequency of incidents, breach vectors, geography, organizational and data types, relationships between data subjects and the organizations, how the data subject victims were treated by the disclosing organizations, and finally, cost estimates are provided with the findings.  Very impressive study, taking a multi-perspective view of data breaches and their impacts, and a great article at NetworkWorld.  Below are some of her key findings about how many breaches there were and how most of them happened.

Continue reading

C|EH Version 7 Launch in March

With recent news events like WikiLeaks, HBGary Federal, malware everywhere, and the growing fear of being hacked, companies are being forced to reevaluate their information security strategies.  In order to beat a hacker, you have to be able to think like one.  You need to understand the ways hackers access networks, the mindset of hackers, and how everyday situations become security breaches.

Certified Ethical Hacker version 7 is the most advanced information security and ethical hacking training program in the world, and is set for launch in March.  CEH version 7 breaks away from its earlier releases with more emphasis on techniques and methodologies hackers use to carry out attacks but more importantly, it provides countermeasures to better protect your corporation’s networks from malicious attacks.  Students walk away with the knowledge and tools to implement effective offensive security measures immediately.

CEH v7 is going to include completely rebuilt courseware.  To start, you will no longer see pages with slides with a box of text and a heading with more text below the slide.  The slides are now very graphical.  The courseware will also only be discussing the top tools in each category, instead of listing and going through a multitude of tools and options.  You won’t have slide after slide of tools you’ll never use.  The exam will be updated and I believe the objectives will be updated as well.  They have spent more money producing this CEH version than any version in the past, and they are taking this update very seriously. 

In addition to the makeover, CEHv7 includes two additional bundles; a Monster Hacking Tool Repository Codenamed Frankenstein, and a subscription based Virtual Lab Environment codenamed iLabs.  iLab is a subscription based service that allows students to logon to a virtualized remote machine running Windows 2003 Server to perform various exercises featured in the CEHv7Lab Guide.  All you need is a web browser to connect and start experimenting.  The virtual machine setup reduces the time and effort spent by instructors and partners prior to the classroom engagement. It is a hassle free service available 24×7 x number of days subscribed.


Global Knowledge: