Exploring a Java Bot: Part 3
In this post we will examine some of the offensive features incorporated into a botnet designed to launch attacks and maintain control of hosts (aka victims).
View ArticleJava Exploits Another Example of Tomorrow’s Threat Landscape, Today
The last two years seem dominated by PDF vulnerabilities. As far as the specification and its various readers are concerned, there is likely more sour fruit yet to be uncovered; it's simply too complex...
View ArticleDownloading, Carts and Java
More than a year ago, we introduced a feature in the Cisco.com download flow that allows you to download multiple [...]
View ArticleResurrecting MPI and Java
Back in the ’90s, there was a huge bubble of activity about Java in academic circles. It was the new [...]
View ArticleNew Java Vulnerability Used in Targeted Attacks
Security researchers discovered a Java vulnerability (documented in IntelliShield alert 26751) that attackers are using to install malicious software on a victim's systems.
View ArticleOracle Java Zero Day Vulnerabilities Risks and Mitigations Part 2
In the previous Part 1 post , I discussed the initial response, risk, and mitigations for the recently-disclosed zero day Oracle Java vulnerabilities [...]
View ArticleNew Java Vulnerability Being Exploited in the Wild
The new Oracle Java arbitrary code execution vulnerability has not only hit many news wires and social media outlets, but many victims as well, and [...]
View ArticleMPI and Java: redux
In a prior blog entry, I discussed how we are resurrecting a Java interface for MPI in the upcoming v1.7 [...]
View ArticleWhy I Chose the Open Source Model I did for OpenDaylight
Now that OpenDaylight has arrived, it’s time to explain why I made the Open Source choices eventually embraced by its Founders and [...]
View ArticleBig Data in Security – Part I: TRAC Tools
Recently I had an opportunity to sit down with the talented data scientists from Cisco’s Threat Research, Analysis, and Communications (TRAC) [...]
View ArticleCisco is bringing together networking and programming
Well Cisco has done it. I have worked in IT since 1995 and never learned programming. Sure, I can do [...]
View ArticleFiesta Exploit Pack is No Party for Drive-By Victims
This post was also authored by Andrew Tsonchev and Steven Poulson. Cisco’s Cloud Web Security (CWS) service provides TRAC researchers with a [...]
View ArticleSummary: Cisco is bringing together networking and programming
With the announcements on NX-OS APIs, Application Centric infrastructure APIs , python scripting support, SDN, open source projects OpenStack , OpenDaylight, and Puppet, I have [...]
View ArticleJava Bindings for Open MPI
Today’s guest blog post is from Oscar Vega-Gisbert and Dr. Jose Roman from the Department of Information Systems and Computing at the Universitat Politècnica de [...]
View ArticleAngling for Silverlight Exploits
This post is co-authored by Andrew Tsonchev, Jaeson Schultz, Alex Chiu, Seth Hanford, Craig Williams, Steven Poulson, and Joel Esler. Special thanks [...]
View ArticleCisco 2015 Annual Security Report: Java on the Decline as Attack Vector
As recently as 2013, vulnerabilities involving Java appeared to be a favored tool of adversaries: Java was easy to exploit and, and exploits involving the programming language were difficult to detect....
View Article
