Cisco released two security advisories addressing five vulnerabilities in the Cisco Unified Operations Manager and CiscoWorks Common Services. These advisories and the latest vulnerability, threat, and mitigation recommendations are available on the Cisco Security Intelligence Operations website.

So security experts beware of these latest developments and make sure you are ready to face challenges as the spam activity has increased a lot and the spam message authors continue to create variations in their attempts to bypass ant spam protection and trick users into acting on the messages.

Starting December 13, 2010 doesn’t get shocked for not downloading IOS images for any of your Cisco Products from Cisco Website. As of today if anyone having a valid SMARTNET contract with a valid CCO id can download IOS for any Cisco Catalyst Switches, Cisco Routers , Cisco security, voice  and wireless products. It will not be same effective December 13, 2010. Cisco Systems is coming up with a new policy. All software download on Cisco.com will be verified against Products registered on your Services contract.  Attempts to download Software for Products not registered on your Services contract will not be permitted.

Cisco Systems wants improve customer experience and protect your investments in Cisco Products. The major change is Cisco Systems will ask their customers to complete the following action before December 13, 2010

• Verify all applicable Cisco Products are covered under Cisco Service contracts, and that you have a valid license for Cisco Software.
• Verify your Services contracts are accurate and make necessary corrections – serial numbers, part ID’s and locations must be accurate on each Services contract.
• Associate all Services contracts to applicable Cisco.com user ID’s
• Verify all Cisco.com user IDs for your company are valid and properly assigned to individuals in your company.

So make sure all your SMARTNET and service contract are up to date and make sure you manage all your active contacts by associating with a valid Cisco.com user ID’s via the Service Access Management Tool (SAMT). This tool enables administrators to manage which individuals are allowed to request Service from Cisco (e.g. technical support/TAC, hardware replacement/RMA).

Cisco.com users can use the Cisco.com Profile Manager to view which Services contracts are associated to their profiles.

Guess what Cisco Systems; Security division is coming up with a unique contest. It’s all about creating your own new episode of The Realm. Creating a new episode at your own is not a hard task as you will have the privilege to use the original artwork, backgrounds and music available at The Realm home page,  using all the resources available at The Realm home page, you can build pages of your story and at the end all you have to do is to submit those stories.

Ten finalists will receive a Flip camcorder and one grand prize of an LCD TV will be awarded to the winner with the most popular votes. 

According to the Cisco 2009 Midyear Security Report , the Conficker worm is still active and affecting thousands of Systems daily.  Just to recap the Conficker worm began infecting the Systems in late 2008 and still an active worm.

Pic Courtesy:Cisco Systems

 Cisco Systems released the Cisco 2009 Midyear Security Report on 14^th of July 2009 and the report highlights some of the most common technical and business strategies that Internet  criminals used to breach corporate networks compromise Web sites and steal personnel information.

The highlights of the Cisco 2009 Midyear Security Report is as follows

• The Conficker worm, which began infecting computer systems late last year by exploiting a Windows operating system vulnerability, continues to spread. Several million computer systems were under Conficker’s control as of June 2009.
• Online criminals are up on current events and making the most of them. After the outbreak of H1N1 influenza (“swine flu”) in April, cybercriminals quickly blanketed the Web with spam that advertised preventive drugs and linked to fake pharmacies. Cybercriminals will often seize on major news events to launch this type of attack.  While many spammers continue to operate with extremely high volumes, some are opting for lower-volume but more frequent attacks in an effort to remain under the radar.
• President Barack Obama has made strengthening U.S. cybersecurity a high priority for his administration and looks to work with the international community and the private sector to leverage technology innovations to reduce cybercrime. This focus is expected to have a significant positive impact for the industry in the coming months. John N. Stewart, Cisco’s chief security officer and a contributor to the Center for Strategic and International Studies (CSIS) report for the Obama administration, provided additional insight in a recent blog and video blog post.

Specific Threats

• Botnets. These networks of compromised computers serve as efficient means of launching an attack. Increasingly, botnet owners are renting out these networks to fellow criminals, effectively using these compromised resources to deliver spam and malware via the software-as-a-service (SaaS) model.
• Spam. One of the most established ways to reach millions of computers with legitimate sales pitches or links to malicious Web sites, spam remains a major vehicle for spreading worms and malware, as well as for clogging Internet traffic. A staggering 180 billion spam messages are sent each day, representing about 90 percent of the world’s e-mail traffic.
• Worms. The rise of social networking has made it easier to launch worm attacks. People engaging in these online communities are more likely to click links and download content they believe were sent by people they know and trust.
• Spamdexing. Many types of businesses use search engine optimization to be listed more prominently in searches conducted on Google and other sites. Spamdexing, which packs a Web site with relevant keywords or search terms, is increasingly being used by cybercriminals seeking to disguise malware as legitimate software. Because so many consumers tend to trust rankings on leading search engines, they may readily download one of the fake software packages.
• Text message scams. Since the start of 2009 at least two or three new campaigns have surfaced every week targeting handheld mobile devices. Cisco describes the rapidly growing mobile device audience as a “new frontier for fraud irresistible to criminals.” With some 4.1 billion mobile phone subscriptions worldwide, a criminal may cast an extraordinarily wide net and still walk away with a nice profit, even if the attack yields only a small fraction of victims.
• Insiders. The global recession has caused many job losses. As a result, insider threats are an increasing concern for businesses in the months ahead. Insiders who commit fraud can be contractors or other third parties as well as current and former employees.

Download the Cisco 2009 Midyear Security Report.

[kml_flashembed movie="http://www.youtube.com/v/fEFTnJwnRS8" width="425" height="350" wmode="transparent" /]

Cisco Systems will release its Mid Year Security Report on 14^th of July. The Cisco 2009 Midyear Security Report will present the overview of Cisco Security Intelligence, highlighting threat information and trends from the first half of the year 2009. The Cisco 2009 Midyear Security Report also includes recommendations from Cisco Security experts and predictions of how identified trends will evolve.

Pic Courtesy: Cisco Systems

Meanwhile there will be a webcast on 14^th July, 2009. Where the Cisco Security, Fred Kost and Patrick Peterson, will discuss findings from the Cisco 2009 Midyear Security report recapping the security events and trends from the first half of this year.

Do check the webcast  on 14^th of July, 2009

When: July 14th, 2009.
Time: 8am PDT
HOSTED BY:
Fred Kost and Patrick Peterson, Cisco Security Executives

http://tools.cisco.com/cmn/jsp/index.jsp?id=89479