Talos Takes Ep. #82: Log4j followed us in 2022
The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. It's a new year, but unfortunately, we're facing the same cybersecurity problems. Log4j followed us into the ho
Threat Source Newsletter (Jan. 13, 2022)
Good afternoon, Talos readers. Move out of the way, Log4j! Traditional malware is back with a bang in 2022. While Log4j is likely still occupying many defenders' minds, the bad guys are still out there doing not-Log4j things. We have new research out on a campaign spreading
Microsoft Patch Tuesday for Jan. 2022 — Snort rules and prominent vulnerabilities
Microsoft released its monthly security update Tuesday, disclosing 102 vulnerabilities across its large collection of hardware and software. This is the largest amount of vulnerabilities Microsoft has disclosed in a monthly security update in eight months, however, none of the is
Vulnerability Spotlight: Two vulnerabilities in Adobe Acrobat DC could lead to arbitrary code execution
Aleksandar Nikolic of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered two vulnerabilities in Adobe Acrobat Reader DC that could allow an attacker to eventually gain the ability to execute arbitrary code. Acrobat is one of the m
Vulnerability Spotlight: Heap buffer overflow condition in Google Chrome could lead to code execution
Marcin Towalski of Cisco Talos discovered this vulnerability. Cisco Talos recently discovered an exploitable heap-based buffer overflow vulnerability in Google Chrome. Google Chrome is a cross-platform web browser — and Chromium is the open-source version of the browser that ot
Vulnerability Spotlight: Buffer overflow vulnerability in AnyCubic Chitubox plugin
Carl Hurd of Cisco Talos discovered this vulnerability. Cisco Talos recently discovered an exploitable heap-based buffer overflow vulnerability in the Chitubox AnyCubic plugin. Chitubox is 3-D printing software for users to download and process models and send them to a 3-D pri
Threat Source Newsletter (Jan. 6, 2022)
Good afternoon, Talos readers. We hope everyone had some well-deserved, relaxing time off over the holidays. Unfortunately, we are all back now and Log4j is still an issue. And even though it seems like Log4j has already been in the news for a year, it's actually only been
2021: Looking back on the year in malware and cyber attacks, from SolarWinds to Log4j
It seems like we were just recovering from the aftermath of the massive SolarWinds campaign a month or two ago. And now suddenly, it’s been a year since one of the largest cyber attacks in history and moving onto another threat that could last for years. That just seemed to be h
Vulnerability Spotlight: Vulnerabilities in metal detector peripheral could allow attackers to manipulate security devices
Matt Wiseman of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered multiple vulnerabilities in a device from Garrett Metal Detectors that could allow remote attackers to bypass authentication requirements, manipulate metal detector configurations, and