CacheWarp Attack: New Vulnerability in AMD SEV Exposes Encrypted VMs

A group of academics has disclosed a new "software fault attack" on AMD's Secure Encrypted Virtualization (SEV) technology that could be potentially exploited by threat actors to infiltrate encrypted virtual machines (VMs) and even perform privilege escalation. The attack has been codenamed CacheWarp (CVE-2023-20592) by researchers from the CISPA Helmholtz Center for Information Security and the

Signal Debunks Zero-Day Vulnerability Reports, Finds No Evidence

Encrypted messaging app Signal has pushed back against "viral reports" of an alleged zero-day flaw in its software, stating it found no evidence to support the claim. "After responsible investigation *we have no evidence that suggests this vulnerability is real* nor has any additional info been shared via our official reporting channels," it said in a series of messages posted in X (formerly

Signal Messenger Introduces PQXDH Quantum-Resistant Encryption

Encrypted messaging app Signal has announced an update to the Signal Protocol to add support for quantum resistance by upgrading the Extended Triple Diffie-Hellman (X3DH) specification to Post-Quantum Extended Diffie-Hellman (PQXDH). "With this upgrade, we are adding a layer of protection against the threat of a quantum computer being built in the future that is powerful enough to break current

Apple Threatens to Pull iMessage and FaceTime from U.K. Amid Surveillance Demands

Apple has warned that it would rather stop offering iMessage and FaceTime services in the U.K. than bowing down to government pressure in response to new proposals that seek to expand digital surveillance powers available to state intelligence agencies. The development, first reported by BBC News, makes the iPhone maker the latest to join the chorus of voices protesting against forthcoming

EncroChat Bust Leads to 6,558 Criminals' Arrests and €900 Million Seizure

Europol on Tuesday announced that the takedown of EncroChat in July 2020 led to 6,558 arrests worldwide and the seizure of €900 million in illicit criminal proceeds. The law enforcement agency said that a subsequent joint investigation initiated by French and Dutch authorities intercepted and analyzed over 115 million conversations that took place over the encrypted messaging platform between no

SE Labs 2023 Annual Security Report Names Cisco as Best Next Generation Firewall

Cisco is honored to be this year’s winner of the Best Next Generation Firewall Award in the SE Labs 2023 Annual Report. This industry recognition validates Cisco’s continuous push towards harmonizing network, workload, and application security across hybrid and multicloud environments. I’m incredibly proud of the Cisco Secure Firewall team and am thankful for our amazing customers who continue to trust Cisco and develop their network security around our capabilities. 

SE Labs, a cybersecurity testing and evaluation firm, provides impartial and independent assessments of various cybersecurity products and solutions. In their 2023 Annual Report, SE Labs states: 

“Our Annual Security Awards recognizes security vendors that notonly do well in our tests, but perform well in the real world withreal customers. These awards are the only in the industry thatrecognize strong lab work combined with practical success.”

SE Labs Testing Methodology 

SE Labs performs tests on behalf of customers seeking independent proof-of-value assistance, as well as security vendors. At Cisco, we use third-party evaluations from multiple sources, including SE Labs, to augment our internal testing and to drive product improvement. 

Winners were determined after months of in-depth testing, based on a combination of continual public testing, private assessments and feedback from corporate clients who use SE Labs to help choose security products and services. The award further validates that our customers can expect superior threat protection and performance with Cisco Secure Firewall. 

SE Labs’ reports use the MITRE ATT&CK framework, employing both common “commodity” malware samples and sophisticated, targeted attacks. Their network security testing uses full attack chains to assess the detection and protection abilities of network devices and combinations of network and endpoint solutions. SE Labs publishes its testing methodologies and is BS EN ISO 9001: 2015 certified for The Provision of IT Security Product Testing. 

As a worldwide leader in networking and security, Cisco is better positioned than any other security vendor to incorporate effective firewall controls into our customers’ infrastructure — anywhere data and applications reside. We offer a comprehensive threat defense with industry-leading Snort 3 IPS to protect users, applications, and data from continuously evolving threats. Our solutions also leverage machine learning and advanced threat intelligence from Cisco Talos, one of the world’s largest commercial threat intelligence teams. 

Cisco Secure Firewall Key Features 

• Cisco Secure Firewall’s threat-focused architecture enables superior visibility and control of network traffic. Many security practitioners today struggle with a lack of visibility into encrypted traffic, which is why Cisco has developed the differentiated Encrypted Visibility Engine that detects threats in encrypted traffic – with minimal to no decryption. Secure Firewall’s detailed analysis, visibility, and reporting enable organizations to rapidly gain insights into their network traffic, applications, and assets. 
• Cisco Secure Firewall capabilities provide a unified security posture across the entire network. This is achieved through its tight integration with workload, web, email, and cloud security through our SecureX XDR platform. This integration increases the efficiency of the SecOps team, by accelerating threat investigation and response time. 
• Designed to be adaptive and highly scalable in dynamic environments, Cisco Secure Firewall is expressly designed to reduce total cost of ownership. It helps teams save time with consistent policy enforcement, helping our customers realize up to a 195% return on investment over three years, as noted in the third-party research we commissioned with Forrester Consulting.   

In the constantly evolving world of cybersecurity, it is important to have access to the latest and most advanced technologies to stay ahead of threats. Whether you are an enterprise, government, healthcare, or a service provider organization, Cisco Secure Firewall provides top-ranked security. 

When you invest in Cisco Secure Firewall, you are investing in award-winning threat defense with capabilities that are built for the real world. Learn more about SE Labs 2023 Annual Report, Cisco Secure Firewall and how you can refresh your firewall. 

---

We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!

Cisco Secure Social Channels

Instagram
Facebook
Twitter
LinkedIn

Encrypted Messaging App Exclu Used by Criminal Groups Cracked by Joint Law Enforcement

A joint law enforcement operation conducted by Germany, the Netherlands, and Poland has cracked yet another encrypted messaging application named Exclu used by organized crime groups. Eurojust, in a press statement, said the February 3 exercise resulted in the arrests of 45 individuals across Belgium and the Netherlands, some of whom include users as well as the administrators and owners of the

Encryption is on the Rise!

When the Internet Engineering Task Force (IETF) announced the TLS 1.3 standard in RFC 8446 in August 2018, plenty of tools and utilities were already supporting it (even as early as the year prior, some web browsers had implemented it as their default standard, only having to roll it back due to compatibility issues. Needless to say, the rollout was not perfect).

Toward the end of 2018, EMA conducted a survey of customers regarding their TLS 1.3 implementation and migration plans. In the January 2019 report, EMA concluded:

Some participants’ organizations may find they have to go back to the drawing board and come up with a Plan B to enable TLS 1.3 without losing visibility, introducing unacceptable performance bottlenecks and greatly increasing operational overhead. Whether they feel they have no choice but to enable TLS 1.3 because major web server and browser vendors have already pushed ahead with it or because they need to keep pace with the industry as it embraces the new standard is unclear. What is clear is that security practitioners see the new standard as offering greater privacy and end-to-end data security for their organizations, and that the long wait for its advancement is over.

When EMA asked many of the same questions in an updated survey of 204 technology and business leaders toward the end of 2022, they found that nearly all the conclusions in the 2018/2019 report still hold true today. Here are the three biggest takeaways from this most recent survey:

• Remote work, regulatory and vendor controls, and improved data security are drivers. With all the attention paid to data security and privacy standards over the past few years, it is little wonder that improved data security and privacy were primary drivers for implementation – and those goals were generally achieved with TLS 1.3. The push for remote working has also increased TLS 1.3 adoption because security teams are looking for better ways for remote workers (76% using) and third-party vendors (64% using) to access sensitive data.
• Resource and implementation costs are significant. Eighty-seven percent that have implemented TLS 1.3 require some level of infrastructure changes to accommodate the update. As organizations update their network infrastructure and security tools, migration to TLS 1.3 becomes more realistic, but it is a difficult pill to swallow for many organizations to revamp their network topology due to this update. Over time, organizations will adopt TLS 1.3 for no other reason than existing technologies being depreciated – but that continues to be a slow process. There is also a real consideration about the human resources available to implement a project with very little perceived business value (81%), causing workload increases to thinly stretched security staff. Again, this will likely change as the technology changes and improves, but competing business needs will take a higher priority.
• Visibility and monitoring considerations remain the biggest obstacle to adoption. Even with vendor controls and regulatory requirements, many organizations have delayed implementing TLS 1.3 for the significant upheaval that it would cause with their security and monitoring plans within their environment. Even with improved technologies (since the first announcement of TLS 1.3), organizations still cannot overcome these challenges. Organizations are evaluating the risks and compensating controls when it comes to delaying the implementation, and they continue to evaluate stop-gap solutions that are easier and less intrusive to implement than TLS 1.3 while road-mapping their eventual TLS 1.3 migration.

While regulatory frameworks and vendor controls continue to push the adoption of the TLS 1.3 standard, adoption still comes with a significant price tag – one that many organizations are just not yet ready or able to consume. Technology improvements will increase rates of adoption over time, such as Cisco Secure Firewall’s ability to decrypt and inspect encrypted traffic. More recent and unique technologies, like Cisco’s encrypted visibility engine, allow the firewall to recognize attack patterns in encrypted traffic without decryption. This latter functionality preserves performance and privacy of the encrypted flows without sacrificing the visibility and monitoring that 94% of respondents were concerned about.

Readers wishing to read the full EMA report can do so here and readers wishing to learn more about Cisco Secure Firewall’s encyrpted visibility engine can do so here.

---

We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!

Cisco Secure Social Channels

Instagram
Facebook
Twitter
LinkedIn