Cisco Talos Intelligence Blog

October 11, 2022 10:10

Vulnerability Spotlight: Data deserialization in VMware vCenter could lead to remote code execution

Marcin “Icewall” Noga of Cisco Talos discovered this vulnerability. Cisco Talos recently discovered an exploitable data deserialization vulnerability in the VMware vCenter server platform. VMware is one of the most popular virtual machine solutions currently available, and its

October 6, 2022 14:10

Threat Source newsletter (Oct. 6, 2022) — Continuing down the Privacy Policy rabbit hole

Any time we welcome this software and hardware into our homes and on our devices, it’s worth considering what sacrifices we might be making elsewhere.

October 3, 2022 10:10

Researcher Spotlight: Globetrotting with Yuri Kramarz

“You have completely different angles in preparing different customers for defense during major global events depending on their role, technology and function,” Kramarz said.

September 29, 2022 14:09

Threat Source newsletter (Sept. 29, 2022) — Personal health apps are currently under a spotlight, but their warning signs have always been there

A report from the Washington Post also released last week found that this app, as well as popular health sites like WebMD, “gave advertisers the information they’d need to market to people, or groups of consumers based on their health concerns.”

September 22, 2022 14:09

Threat Source newsletter (Sept. 22, 2022) — Attackers are already using student loan relief for scams

The Better Business Bureau and the U.S. Federal Trade Commission both released warnings over the past few weeks around fake offers, scams and website links related to the debt forgiveness plan, with which some borrowers will have up to $20,000 worth of loans forgiven.

September 22, 2022 05:09

Vulnerability Spotlight: Vulnerabilities in popular library affect Unix-based devices

TALOS-2022-1517 (CVE-2022-29503 - CVE-2022-29504) is a memory corruption vulnerability in uClibC and uClibc-ng that can occur if a malicious user repeatedly creates threads.

September 20, 2022 10:09

Our current world, health care apps and your personal data

In the wake of the U.S. Supreme Court’s ruling in Dobbs v. Jackson Women’s Health Organization that reversed previous interpretations of the 14th amendment on privacy from Roe v. Wade, users of sensitive health apps need to be mindful of the kinds of data these apps keep, sell and share.

September 15, 2022 14:09

Threat Source newsletter (Sept. 15, 2022) — Teachers have to be IT admins now, too

Public schools in the United States already rely on our teachers for so much — they have to be educators, occasional parental figures, nurses, safety officers, law enforcement and much more.

September 13, 2022 14:09

Microsoft Patch Tuesday for September 2022 — Snort rules and prominent vulnerabilities

September's security update features five critical vulnerabilities, 10 fewer than were included in last month’s Patch Tuesday.