• Combing through the fuzz: Using fuzzy hashing and deep learning to counter malware detection evasion techniques
    by Eric Avena on July 27, 2021 at 4:00 pm

    A new approach for malware classification combines deep learning with fuzzy hashing. Fuzzy hashes identify similarities among malicious files and a deep learning methodology inspired by natural language processing (NLP) better identifies similarities that actually matter, improving detection quality and scale of deployment. The post Combing through the fuzz: Using fuzzy hashing and deep learning to counter malware detection evasion techniques appeared first on Microsoft Security Blog. […]

  • Several Bugs Found in 3 Open-Source Software Used by Several Businesses
    by noreply@blogger.com (Ravie Lakshmanan) on July 27, 2021 at 3:47 pm

    Cybersecurity researchers on Tuesday disclosed nine security vulnerabilities affecting three open-source projects — EspoCRM, Pimcore, and Akaunting — that are widely used by several small to medium businesses and, if successfully exploited, could provide a pathway to more sophisticated attacks. All the security flaws in question, which impact EspoCRM v6.1.6, Pimcore Customer Data Framework […]

  • New Bug Could Let Attackers Hijack Zimbra Server by Sending Malicious Email
    by noreply@blogger.com (Ravie Lakshmanan) on July 27, 2021 at 3:46 pm

    Cybersecurity researchers have discovered multiple security vulnerabilities in Zimbra email collaboration software that could be potentially exploited to compromise email accounts by sending a malicious message and even achieve a full takeover of the mail server when hosted on a cloud infrastructure. The flaws — tracked as CVE-2021-35208 and CVE-2021-35208 — were discovered and reported in […]

  • Three Zero-Day Bugs Plague Kaseya Unitrends Backup Servers
    by Lisa Vaas on July 27, 2021 at 3:43 pm

    The unpatched flaws include RCE and authenticated privilege escalation on the client-side: Just the latest woe for the ransomware-walloped MSP. […]

  • Apple Patches Actively Exploited Zero-Day in iOS, MacOS
    by Elizabeth Montalbano on July 27, 2021 at 1:36 pm

    Company urges iPhone, iPad and Mac users to install updates to fix a critical memory corruption flaw that can allow for attackers to take over a system. […]

  • Hackers Turning to ‘Exotic’ Programming Languages for Malware Development
    by noreply@blogger.com (Ravie Lakshmanan) on July 27, 2021 at 12:39 pm

    Threat actors are increasingly shifting to “exotic” programming languages such as Go, Rust, Nim, and Dlang that can better circumvent conventional security protections, evade analysis, and hamper reverse engineering efforts. “Malware authors are known for their ability to adapt and modify their skills and behaviors to take advantage of newer technologies,” said Eric Milam, Vice President of […]

  • Apple Releases Urgent 0-Day Bug Patch for Mac, iPhone and iPad Devices
    by noreply@blogger.com (Ravie Lakshmanan) on July 27, 2021 at 11:14 am

    Apple on Monday rolled out an urgent security update for iOS, iPadOS, and macOS to address a zero-day flaw that it said may have been actively exploited, making it the thirteenth such vulnerability Apple has patched since the start of this year. The updates, which arrive less than a week after the company released iOS 14.7, iPadOS 14.7, and macOS Big Sur 11.5 to the public, fixes a memory […]

  • BIMI: A Visual Take on Email Authentication and Security
    by noreply@blogger.com (The Hacker News) on July 27, 2021 at 10:04 am

    There is a saying that goes something like, “Do not judge a book by its cover.” Yet, we all know we can not help but do just that – especially when it comes to online security. Logos play a significant role in whether or not we open an email and how we assess the importance of each message. Brand Indicators for Message Identification, or BIMI, aims to make it easier for us to quickly identify […]

  • New PetitPotam NTLM Relay Attack Lets Hackers Take Over Windows Domains
    by noreply@blogger.com (Ravie Lakshmanan) on July 27, 2021 at 5:19 am

    A newly uncovered security flaw in the Windows operating system can be exploited to coerce remote Windows servers, including Domain Controllers, to authenticate with a malicious destination, thereby allowing an adversary to stage an NTLM relay attack and completely take over a Windows domain. The issue, dubbed “PetitPotam,” was discovered by security researcher Gilles Lionel, who shared […]

  • Kaseya Gets Universal Decryptor to Help REvil Ransomware Victims
    by noreply@blogger.com (Ravie Lakshmanan) on July 27, 2021 at 5:14 am

    Nearly three weeks after Florida-based software vendor Kaseya was hit by a widespread supply-chain ransomware attack, the company on Thursday said it obtained a universal decryptor to unlock systems and help customers recover their data. <!–adsense–> “On July 21, Kaseya obtained a decryptor for victims of the REvil ransomware attack, and we’re working to remediate customers impacted by t […]

  • Podcast: IoT Piranhas Are Swarming Industrial Controls
    by Threatpost on July 26, 2021 at 10:09 pm

    Enormous botnets of IoT devices are going after decades-old legacy systems that are rife in systems that control crucial infrastructure. […]

  • Babuk Ransomware Gang Ransomed, New Forum Stuffed With Porn
    by Becky Bracken on July 26, 2021 at 9:08 pm

    A comment spammer flooded Babuk’s new ransomware forum with gay orgy porn GIFs and demanded $5K in bitcoin. […]

  • Microsoft Rushes Fix for ‘PetitPotam’ Attack PoC
    by Tom Spring on July 26, 2021 at 7:33 pm

    Microsoft releases mitigations for a Windows NT LAN Manager exploit that forces remote Windows systems to reveal password hashes that can be easily cracked. […]

  • Malware Makers Using ‘Exotic’ Programming Languages
    by Lisa Vaas on July 26, 2021 at 3:00 pm

    Sprechen Sie Rust? Polyglot malware authors are increasingly using obscure programming languages to evade detection. […]

  • The True Impact of Ransomware Attacks
    by Threatpost on July 26, 2021 at 1:00 pm

    Keeper’s research reveals that in addition to knocking systems offline, ransomware attacks degrade productivity, cause organizations to incur significant indirect costs, and mar their reputations. […]

  • How to Mitigate Microsoft Windows 10, 11 SeriousSAM Vulnerability
    by noreply@blogger.com (The Hacker News) on July 26, 2021 at 11:21 am

    Microsoft Windows 10 and Windows 11 users are at risk of a new unpatched vulnerability that was recently disclosed publicly. As we reported last week, the vulnerability — SeriousSAM — allows attackers with low-level permissions to access Windows system files to perform a Pass-the-Hash (and potentially Silver Ticket) attack.  Attackers can exploit this vulnerability to obtain hashed passwords […]

  • Microsoft Warns of LemonDuck Malware Targeting Windows and Linux Systems
    by noreply@blogger.com (Ravie Lakshmanan) on July 26, 2021 at 10:13 am

    An infamous cross-platform crypto-mining malware has continued to refine and improve upon its techniques to strike both Windows and Linux operating systems by setting its sights on older vulnerabilities, while simultaneously latching on to a variety of spreading mechanisms to maximize the effectiveness of its campaigns. “LemonDuck, an actively updated and robust malware that’s primarily known […]

  • Nasty macOS Malware XCSSET Now Targets Google Chrome, Telegram Software
    by noreply@blogger.com (Ravie Lakshmanan) on July 26, 2021 at 3:38 am

    A malware known for targeting macOS operating system has been updated once again to add more features to its toolset that allows it to amass and exfiltrate sensitive data stored in a variety of apps, including apps such as Google Chrome and Telegram, as part of further “refinements in its tactics.” XCSSET was uncovered in August 2020, when it was found targeting Mac developers using an unusua […]

  • Dutch Police Arrest Two Hackers Tied to “Fraud Family” Cybercrime Ring
    by noreply@blogger.com (Ravie Lakshmanan) on July 25, 2021 at 3:27 pm

    Law enforcement authorities in the Netherlands have arrested two alleged individuals belonging to a Dutch cybercriminal collective who were involved in developing, selling, and renting sophisticated phishing frameworks to other threat actors in what’s known as a “Fraud-as-a-Service” operation. The apprehended suspects, a 24-year-old software engineer and a 15-year-old boy, are said to have been […]

  • Discord CDN and API Abuses Drive Wave of Malware Detections
    by Becky Bracken on July 23, 2021 at 9:52 pm

    Targets of Discord malware expand far beyond gamers. […]

  • 5 Steps to Improving Ransomware Resiliency
    by Alex Restrepo on July 23, 2021 at 6:52 pm

    Alex Restrepo, cybersecurity researcher at Veritas, lays out the key concepts that organizations should be paying attention to now and implementing today. […]

  • FIN7’s Liquor Lure Compromises Law Firm with Backdoor
    by Tara Seals on July 23, 2021 at 4:24 pm

    Using a lure relating to a lawsuit against the owner of Jack Daniels whiskey, the cybergang launched a campaign that may be bent on ransomware deployment. […]

  • Wake up! Identify API Vulnerabilities Proactively, From Production Back to Code
    by noreply@blogger.com (The Hacker News) on July 23, 2021 at 2:14 pm

    After more than 20 years in the making, now it’s official: APIs are everywhere. In a 2021 survey, 73% of enterprises reported that they already publish more than 50 APIs, and this number is constantly growing. APIs have crucial roles to play in virtually every industry today, and their importance is increasing steadily, as they move to the forefront of business strategies. This comes as no […]

  • Cisco Reinforces Commitment to Bridging the Digital Divide
    by Jonathan Davidson on July 23, 2021 at 12:00 pm

    Cisco announces new research on the U.S. Municipal Infrastructure Index 2021, to measure how broadband infrastructure is prioritized across the country. We discuss the results with industry leaders and explore how to close the digital divide in the U.S. […]

  • Malicious NPM Package Caught Stealing Users’ Saved Passwords From Browsers
    by noreply@blogger.com (Ravie Lakshmanan) on July 23, 2021 at 4:29 am

    A software package available from the official NPM repository has been revealed to be actually a front for a tool that’s designed to steal saved passwords from the Chrome web browser. The package in question, named “nodejs_net_server” and downloaded over 1,283 times since February 2019, was last updated seven months ago (version 1.1.2), with its corresponding repository leading to non-existent […]

  • How to protect your CAD data files with MIP and HALOCAD
    by Lauren Goodwin on July 22, 2021 at 6:00 pm

    SECUDE has integrated their HALOCAD solution with Microsoft Information Protection SDK which extends the data protection beyond the organization’s IT perimeter. The post How to protect your CAD data files with MIP and HALOCAD appeared first on Microsoft Security Blog. […]

  • A guide to balancing external threats and insider risk
    by Emma Jones on July 22, 2021 at 5:00 pm

    Rockwell Automation Vice President and Chief Information Security Officer Dawn Cappelli talks about assessing, measuring, and protecting against insider risk. The post A guide to balancing external threats and insider risk appeared first on Microsoft Security Blog. […]

  • When coin miners evolve, Part 1: Exposing LemonDuck and LemonCat, modern mining malware infrastructure
    by Eric Avena on July 22, 2021 at 4:00 pm

    LemonDuck, an actively updated and robust malware that’s primarily known for its botnet and cryptocurrency mining objectives, adopted more sophisticated behavior and escalated its operations. Today, beyond using resources for its traditional bot and mining activities, LemonDuck steals credentials, removes security controls, spreads via emails, moves laterally, and ultimately drops more tools for human-operated activity. The post When coin miners evolve, Part 1: Exposing LemonDuck and LemonCat, modern mining malware infrastructure appeared first on Microsoft Security Blog. […]

  • APT Hackers Distributed Android Trojan via Syrian e-Government Portal
    by noreply@blogger.com (Ravie Lakshmanan) on July 22, 2021 at 12:04 pm

    An advanced persistent threat (APT) actor has been tracked in a new campaign deploying Android malware via the Syrian e-Government Web Portal, indicating an upgraded arsenal designed to compromise victims. “To the best of our knowledge, this is the first time that the group has been publicly observed using malicious Android applications as part of its attacks,” Trend Micro researchers Zhengyu […]

  • Reduce End-User Password Change Frustrations
    by noreply@blogger.com (The Hacker News) on July 22, 2021 at 10:12 am

    Organizations today must give attention to their cybersecurity posture, including policies, procedures, and technical solutions for cybersecurity challenges.  This often results in a greater burden on the IT service desk staff as end-users encounter issues related to security software, policies, and password restrictions.  One of the most common areas where security may cause challenges for […]

  • Oracle Warns of Critical Remotely Exploitable Weblogic Server Flaws
    by noreply@blogger.com (Ravie Lakshmanan) on July 22, 2021 at 8:21 am

    Oracle on Tuesday released its quarterly Critical Patch Update for July 2021 with 342 fixes spanning across multiple products, some of which could be exploited by a remote attacker to take control of an affected system. Chief among them is CVE-2019-2729, a critical deserialization vulnerability via XMLDecoder in Oracle WebLogic Server Web Services that’s remotely exploitable without […]

  • Another Hacker Arrested for 2020 Twitter Hack and Massive Bitcoin Scam
    by noreply@blogger.com (Ravie Lakshmanan) on July 22, 2021 at 8:04 am

    A U.K. citizen has been arrested in the Spanish town of Estepona over his alleged involvement in the July 2020 hack of Twitter, resulting in the compromise of 130 high-profile accounts. Joseph O’Connor, 22, has been charged with intentionally accessing a computer without authorization and obtaining information from a protected computer, as well as for making extortive communications. The Spanis […]

  • XLoader Windows InfoStealer Malware Now Upgraded to Attack macOS Systems
    by noreply@blogger.com (Ravie Lakshmanan) on July 22, 2021 at 6:25 am

    A popular malware known for stealing sensitive information from Windows machines has evolved into a new strain capable of also targeting Apple’s macOS operating system. The upgraded malware, dubbed “XLoader,” is a successor to another well-known Windows-based info stealer called Formbook that’s known to vacuum credentials from various web browsers, capture screenshots, record keystrokes, and […]

  • US and Global Allies Accuse China of Massive Microsoft Exchange Attack
    by noreply@blogger.com (Ravie Lakshmanan) on July 22, 2021 at 3:41 am

    The U.S. government and its key allies, including the European Union, the U.K., and NATO, formally attributed the massive cyberattack against Microsoft Exchange email servers to state-sponsored hacking crews working affiliated with the People’s Republic of China’s Ministry of State Security (MSS). In a statement issued by the White House on Monday, the administration said, “with a high degree of […]

  • Several New Critical Flaws Affect CODESYS Industrial Automation Software
    by noreply@blogger.com (Ravie Lakshmanan) on July 22, 2021 at 3:38 am

    Cybersecurity researchers on Wednesday disclosed multiple security vulnerabilities impacting CODESYS automation software and the WAGO programmable logic controller (PLC) platform that could be remotely exploited to take control of a company’s cloud operational technology (OT) infrastructure. The flaws can be turned “into innovative attacks that could put threat actors in position to remotely […]

  • New Windows and Linux Flaws Give Attackers Highest System Privileges
    by noreply@blogger.com (Ravie Lakshmanan) on July 22, 2021 at 3:36 am

    Microsoft’s Windows 10 and the upcoming Windows 11 versions have been found vulnerable to a new local privilege escalation vulnerability that permits users with low-level permissions access Windows system files, in turn, enabling them to unmask the operating system installation password and even decrypt private keys. The vulnerability has been nicknamed “SeriousSAM.””Starting with Windows 10 […]

  • Microsoft acquires CloudKnox Security to offer unified privileged access and cloud entitlement management
    by Emma Jones on July 21, 2021 at 4:05 pm

    Today on the Official Microsoft Blog, Microsoft announced the acquisition of CloudKnox Security, a leader in Cloud Infrastructure Entitlement Management (CIEM). CloudKnox offers complete visibility into privileged access. The post Microsoft acquires CloudKnox Security to offer unified privileged access and cloud entitlement management appeared first on Microsoft Security Blog. […]

  • The evolution of a matrix: How ATT&CK for Containers was built
    by Emma Jones on July 21, 2021 at 4:00 pm

    As containers become a major part of many organizations’ IT workloads, it becomes crucial to consider the unique security threats that target such environments when building security solutions. The first step in this process is understanding the relevant attack landscape. The post The evolution of a matrix: How ATT&CK for Containers was built appeared first on Microsoft Security Blog. […]

  • [eBook] A Guide to Stress-Free Cybersecurity for Lean IT Security Teams
    by noreply@blogger.com (The Hacker News) on July 21, 2021 at 9:52 am

    Today’s cybersecurity landscape is enough to make any security team concerned. The rapid evolution and increased danger of attack tactics have put even the largest corporations and governments at heightened risk. If the most elite security teams can’t prevent these attacks from happening, what can lean security teams look forward to?  Surprisingly, leaner teams have a much greater chance than […]

  • 16-Year-Old Security Bug Affects Millions of HP, Samsung, Xerox Printers
    by noreply@blogger.com (Ravie Lakshmanan) on July 20, 2021 at 11:47 am

    Details have emerged about a high severity security vulnerability affecting a software driver used in HP, Xerox, and Samsung printers that has remained undetected since 2005. Tracked as CVE-2021-3438 (CVSS score: 8.8), the issue concerns a buffer overflow in a print driver installer package named “SSPORT.SYS” that can enable remote privilege and arbitrary code execution. Hundreds of millions of […]

  • This New Malware Hides Itself Among Windows Defender Exclusions to Evade Detection
    by noreply@blogger.com (Ravie Lakshmanan) on July 20, 2021 at 8:48 am

    Cybersecurity researchers on Tuesday lifted the lid on a previously undocumented malware strain dubbed “MosaicLoader” that singles out individuals searching for cracked software as part of a global campaign. “The attackers behind MosaicLoader created a piece of malware that can deliver any payload on the system, making it potentially profitable as a delivery service,” Bitdefender researchers […]

  • Researchers Warn of Linux Cryptojacking Attackers Operating from Romania
    by noreply@blogger.com (Ravie Lakshmanan) on July 20, 2021 at 5:49 am

    A threat group likely based in Romania and active since at least 2020 has been behind an active cryptojacking campaign targeting Linux-based machines with a previously undocumented SSH brute-forcer written in Golang. Dubbed “Diicot brute,” the password cracking tool is alleged to be distributed via a software-as-a-service model, with each threat actor furnishing their own unique API keys to […]

  • Introducing Bounty Awards for Teams Mobile Applications Security Research
    by Lynn Miyashita on July 19, 2021 at 5:00 pm

    We are pleased to announce the addition of Microsoft Teams mobile applications to the Microsoft Applications Bounty Program. Through the expanded program we welcome researchers from across the globe to seek out and disclose any high impact security vulnerabilities they may find in Teams mobile applications to help secure customers. Rewards up to $30,000 USD … Introducing Bounty Awards for Teams Mobile Applications Security Research Read More &raquo […]

  • Announcing the Top MSRC 2021 Q2 Security Researchers – Congratulations!
    by Lynn Miyashita on July 15, 2021 at 5:00 pm

    We’re excited to announce the top contributing researchers for the 2021 Second Quarter (Q2)! Congratulations to all the researchers recognized in this quarter’s leaderboard and thank you to everyone who continues to help secure our customers and the ecosystem. The top three researchers of the 2021 Q2 Security Researcher Leaderboard are: Yuki Chen (765 points), … Announcing the Top MSRC 2021 Q2 Security Researchers – Congratulations! Read More &raquo […]

  • Protecting customers from a private-sector offensive actor using 0-day exploits and DevilsTongue malware
    by Eric Avena on July 15, 2021 at 3:21 pm

    The Microsoft Threat Intelligence Center (MSTIC) alongside the Microsoft Security Response Center (MSRC) has uncovered a private-sector offensive actor, or PSOA, that we are calling SOURGUM in possession of now-patched, Windows 0-day exploits (CVE-2021-31979 and CVE-2021-33771). The post Protecting customers from a private-sector offensive actor using 0-day exploits and DevilsTongue malware appeared first on Microsoft Security Blog. […]

  • Microsoft delivers comprehensive solution to battle rise in consent phishing emails
    by Eric Avena on July 14, 2021 at 5:00 pm

    Microsoft threat analysts are tracking a continued increase in consent phishing emails, also called illicit consent grants, that abuse OAuth request links in an attempt to trick recipients into granting attacker-owned apps permissions to access sensitive data. The post Microsoft delivers comprehensive solution to battle rise in consent phishing emails appeared first on Microsoft Security Blog. […]

  • MISA expands portfolio and looks ahead during Microsoft Inspire
    by Emma Jones on July 14, 2021 at 3:00 pm

    MISA extends product portfolio, adds sessions for Microsoft Inspire, and more. The post MISA expands portfolio and looks ahead during Microsoft Inspire appeared first on Microsoft Security Blog. […]

  • How Microsoft Security empowers partners to build customer trust
    by Emma Jones on July 14, 2021 at 3:00 pm

    Our world is changing, and Microsoft Security is rising to the challenges of a new normal. Today, I want to share more about how we are empowering our partners to be successful in building trust with customers and enabling business growth. The post How Microsoft Security empowers partners to build customer trust appeared first on Microsoft Security Blog. […]

  • Gaia-X: Partnering for Europe’s digital future
    by Wendy Mars on July 13, 2021 at 6:00 am

    The European Gaia-X initiative brings together leaders from government, business and science to develop a federated ecosystem of cloud, data services and data spaces, elevating Europeans’ rights and interests in line with GDPR. Cisco is proud to be part of the Gaia-X journey, driven by transparency, privacy, inter-operability and open standards. […]

  • Clarified Guidance for CVE-2021-34527 Windows Print Spooler Vulnerability
    by MSRC Team on July 9, 2021 at 1:00 am

    On Tuesday July 6, 2021, Microsoft issued CVE-2021-34527 regarding a Windows Print Spooler vulnerability. Updates were released on July 6 and 7 which addressed the vulnerability for all supported Windows versions. We encourage customers to update as soon as possible. CVE-2021-34527 – Windows Print Spooler Remote Code Execution Vulnerability. Following the out of band release … Clarified Guidance for CVE-2021-34527 Windows Print Spooler Vulnerability Read More &raquo […]

  • Microsoft Bug Bounty Programs Year in Review: $13.6M in Rewards
    by MSRC Team on July 8, 2021 at 4:00 pm

    Partnering with the security research community is an important part of Microsoft’s holistic approach to defending against security threats. Bug bounty programs are one part of this partnership. By discovering and reporting vulnerabilities to Microsoft through Coordinated Vulnerability Disclosure (CVD), researchers continue to help us secure millions of customers. Over the past 12 months, Microsoft … Microsoft Bug Bounty Programs Year in Review: $13.6M in Rewards Read More &raquo […]

  • Your employees are ready for hybrid working. Are you?
    by Wendy Mars on July 7, 2021 at 7:01 am

    Whether your business is preparing to return to the office full-time, or letting people work from home indefinitely, we know that employees want the flexibility to decide how and where to work. Cisco EMEAR President, Wendy Mars, lays out 5 topics to help managers prepare for a hybrid working environment. […]

  • Out-of-Band (OOB) Security Update available for CVE-2021-34527
    by MSRC Team on July 6, 2021 at 11:36 pm

    Today Microsoft released an Out-of-Band (OOB) security update for CVE-2021-34527, which is being discussed externally as PrintNightmare. This is a cumulative update release, so it contains all previous security fixes and should be applied immediately to fully protect your systems.   The fix that we released today fully addresses the public vulnerability, and it also includes a new feature that allows customers to implement stronger protections. See: KB5005010: … Out-of-Band (OOB) Security Update available for CVE-2021-34527 Read More &raquo […]

  • Welcoming Cisco’s New Chief Legal Officer
    by Chuck Robbins on June 29, 2021 at 4:40 pm

    Welcoming Dev Stahlkopf as Cisco’s new Executive Vice President and Chief Legal Officer! […]

  • Announcing the Cisco Global Problem Solver Challenge 2021 winners
    by Tae Yoo on June 29, 2021 at 3:00 pm

    Tae Yoo, SVP of Corporate Affairs at Cisco, announces the winners of the fifth annual Cisco Global Problem Solver Challenge. […]

  • New Nobelium activity
    by MSRC Team on June 25, 2021 at 10:18 pm

    The Microsoft Threat Intelligence Center is tracking new activity from the NOBELIUM threat actor. Our investigation into the methods and tactics being used continues, but we have seen password spray and brute-force attacks and want to share some details to help our customers and communities protect themselves.   This recent activity was mostly unsuccessful, and the majority of targets were not successfully compromised – we … New Nobelium activity Read More &raquo […]

  • Investigating and Mitigating Malicious Drivers
    by MSRC Team on June 25, 2021 at 7:34 pm

    The security landscape continues to rapidly evolve as threat actors find new and innovative methods to gain access to environments across a wide range of vectors. As the industry moves closer to the adoption of a Zero Trust security posture with broad and layered defenses, we remain committed to sharing threat intelligence with the community … Investigating and Mitigating Malicious Drivers Read More &raquo […]

  • Powering an inclusive recovery through retail
    by Rachel Barger on June 21, 2021 at 3:00 pm

    Kiva and Cisco discuss how we’re working to create inclusive, equitable opportunities for all retailers. It’s a future that you can be part of: Cisco is donating $25 dollars, up to $25,000, for every attendee who joins the session. […]

  • Offering EU Data Residency with the New Webex
    by Wendy Mars on June 8, 2021 at 10:00 am

    Cisco is announcing the all-new Cisco Webex Suite for rich, interactive hybrid work experiences. Privacy and security are always top of mind for the hybrid workforce, so Cisco Webex is built on industry-leading security. We now enable all European customers, from both the public and private sectors, to store and process their Webex data in the European Union (EU). […]

  • Investing for an Inclusive Future
    by Maria Martinez on May 20, 2021 at 12:00 pm

    Maria Martinez, Cisco Executive Vice President & Chief Operating Officer, explains why Cisco is making a $150 million commitment to build an inclusive future and help HBCUs strategically recover and flourish. […]

  • Cisco Names Maria Poveromo as Chief Communications Officer
    by Chuck Robbins on May 17, 2021 at 12:00 pm

    I am thrilled to share that Maria Poveromo will join Cisco’s Executive Leadership Team as our Senior Vice President and Chief Communications Officer, leading our amazing Global Communications team to shape and amplify Cisco’s story both internally and externally across the world. […]

  • “BadAlloc” – Memory allocation vulnerabilities could affect wide range of IoT and OT devices in industrial, medical, and enterprise networks
    by MSRC Team on April 29, 2021 at 4:56 pm

    Microsoft’s Section 52, the Azure Defender for IoT security research group, recently uncovered a series of critical memory allocation vulnerabilities in IoT and OT devices that adversaries could exploit to bypass security controls in order to execute malicious code or cause a system crash. These remote code execution (RCE) vulnerabilities cover more than 25 CVEs … “BadAlloc” – Memory allocation vulnerabilities could affect wide range of IoT and OT devices in industrial, medical, and enterprise networks Read More &raquo […]

  • Congratulating Our Top MSRC 2021 Q1 Security Researchers!
    by Lynn Miyashita on April 15, 2021 at 5:00 pm

    We’re excited to announce the top contributing researchers for the 2021 First Quarter (Q1)! Congratulations to all the researchers recognized in this quarter’s leaderboard and thank you to everyone who continues to help secure our customers and the ecosystem. The top three researchers of the 2021 Q1 Security Researcher Leaderboard are: Yuki Chen (4365 points), … Congratulating Our Top MSRC 2021 Q1 Security Researchers! Read More &raquo […]

  • April 2021 Update Tuesday packages now available
    by MSRC Team on April 13, 2021 at 5:01 pm

    Today is Update Tuesday – our commitment to provide a predictable monthly schedule to release updates and provide the latest protection to our customers. Update Tuesday is a monthly cycle when Microsoft releases patches for vulnerabilities that we have found proactively or that have been disclosed to us through our security partnerships under a coordinated … April 2021 Update Tuesday packages now available Read More &raquo […]