Threat Source newsletter (March 30, 2023) — It’s impossible to tell if your home security camera or doorbell is truly safe
Very few of us looking to buy these pieces of equipment are qualified to say if these products are even secure, and those among us who are are probably smart enough to know not to buy these products in the first place.
Vulnerability Spotlight: Specially crafted files could lead to denial of service, information disclosure in OpenImageIO parser
OpenImageIO is a library that converts, compares and processes various image files. Blender and AliceVision, two often used computer imaging services, utilize the library, among other software offerings.
Vulnerability Spotlight: SNIProxy contains remote code execution vulnerability
An attacker could exploit this vulnerability by sending a specially crafted HTTP, TLS or DTLS packet to the target machine, potentially causing a denial of service or gaining the ability to execute remote code.
Threat Source newsletter (March 23, 2023) — Meta is threatening to ban news sharing in Canada. Good.
Facebook users are notoriously the biggest offenders for sharing fake news and misinformation.
Fighting the Good Fight: Life inside the Talos Ukraine Task Unit
In the months leading up to Russia’s invasion of Ukraine, Cisco and Talos did everything we could to support our friends, partners and colleagues, who were facing a reality unlike anything that can be found in any technical training manual, SOP or SLA.
Threat Source newsletter (March 16, 2023) — A deep dive into Talos' work in Ukraine
The latest episode of ThreatWise TV from Hazel Burton is the closest look yet at the team Talos assembled in the days after Russia invaded Ukraine.
Microsoft Patch Tuesday for March 2023 — Snort rules and prominent vulnerabilities
Microsoft disclosed 83 vulnerabilities across the company’s hardware and software line, including two issues that are actively being exploited in the wild, continuing a trend of zero-days appearing in Patch Tuesdays over the past few months.
Researcher Spotlight: How David Liebenberg went from never having opened Terminal to hunting international APTs
When Dave Liebenberg started his first day at Talos, he had never even opened Terminal on a Mac before — let alone written a Snort rule or infiltrated a dark web forum.
Threat Source newsletter (March 9, 2023) — Stop freaking out about ChatGPT
Don't expect AI to suddenly start stealing jobs or making malware more powerful.