The evolution and abuse of proxy networks
Proxy and anonymization networks have been dominating the headlines, this piece discusses its origins and evolution on the threat landscape with specific focus on state sponsored abuse.
Find the helpers
Bill discusses how to find 'the helpers' and the importance of knowledge sharing. Plus, there's a lot to talk about in our latest vulnerability roundup.
Slew of WavLink vulnerabilities
Lilith >_> of Cisco Talos discovered these vulnerabilities. Forty-four vulnerabilities and sixty-three CVEs were discovered across ten .cgi and three .sh files, as well as the static login page, of the Wavlink AC3000 wireless router web application. The Wavlink AC3000
Microsoft Patch Tuesday for January 2025 — Snort rules and prominent vulnerabilities
Microsoft has released its monthly security update for January of 2025 which includes 159 vulnerabilities, including 10 that Microsoft marked as “critical.” The remaining vulnerabilities listed are classified as “important.”
Do we still have to keep doing it like this?
Hazel gets inspired by watching Wendy Nather’s recent keynote, and explores ways to challenge security assumptions.
Welcome to the party, pal!
In the last newsletter of the year, Thorsten recalls his tech-savvy gift to his family and how we can all incorporate cybersecurity protections this holiday season.
Acrobat out-of-bounds and Foxit use-after-free PDF reader vulnerabilities found
Cisco Talos’ Vulnerability Research team recently disclosed three out-of-bounds read vulnerabilities in Adobe Acrobat Reader, and two use-after-free vulnerabilities in Foxit Reader. These vulnerabilities exist in Adobe Acrobat Reader and Foxit Reader, two of the most popular a
Exploring vulnerable Windows drivers
This post is the result of research into the real-world application of the Bring Your Own Vulnerable Driver (BYOVD) technique along with Cisco Talos’ series of posts about malicious Windows drivers.
Something to Read When You Are On Call and Everyone Else is at the Office Party
Its mid-December, if you’re on-call or working to defend networks, this newsletter is for you. Martin discusses the widening gap between threat and defences as well as the growing problem of home devices being recruited to act as proxy servers for criminals.