Vulnerability in Acrobat Reader could lead to remote code execution; Microsoft patches information disclosure issue in Windows API
CVE-2024-38257 is considered “less likely” to be exploited, though it does not require any user interaction or user privileges.
Four zero-days included in group of 79 vulnerabilities Microsoft discloses, including one with 9.8 severity score
September’s monthly round of patches from Microsoft included 79 vulnerabilities, seven of which are considered critical.
The best and worst ways to get users to improve their account security
In my opinion, mandatory enrollment is best enrollment.
No, not every Social Security number in the U.S. was stolen
It’s not unusual for a threat actor to exaggerate the extent of a hack or breach to drum up interest, and hopefully, the eventual purchase or ransom price.
AI, election security headline discussions at Black Hat and DEF CON
Voting Village co-founder Harri Hursti told Politico the list of vulnerabilities ran “multiple pages.”
Talos discovers 11 vulnerabilities between Microsoft, Adobe software disclosed on Patch Tuesday
Eight of the vulnerabilities affect the license update feature for CLIPSP.SYS, a driver used to implement Client License System Policy on Windows 10 and 11.
Talos discovers Microsoft kernel mode driver vulnerabilities that could lead to SYSTEM privileges; Seven other critical issues disclosed
The most serious of the issues included in August’s Patch Tuesday is CVE-2024-38063, a remote code execution vulnerability in Windows TCP/IP.
The top stories coming out of the Black Hat cybersecurity conference
As with everything nowadays, politics are sure to come into play.
Ryan Pentney reflects on 10 years of Talos and his many roles from the Sourcefire days
Pentney and his team are threat hunters and researchers who contribute to Talos’ research and reports shared with government and private sector partners.