Vulnerability Spotlight: Use-after-free vulnerability in Google Chrome could lead to code execution
Marcin Towalski of Cisco Talos discovered this vulnerability. Cisco Talos recently discovered an exploitable use-after-free vulnerability in Google Chrome. Google Chrome is a cross-platform web browser — and Chromium is the open-source version of the browser that other software
Talos’ tips for staying safe while shopping online this holiday season
By Jon Munshaw. Attackers will resort to all tactics to trick users into downloading malware, handing over credit card data or completing compromising their machine. No topic is off-limits, and threat actors have resorted to using everything from PlayStation 5 sales, to COVID-1
Vulnerability Spotlight: Vulnerabilities in Lantronix PremierWave 2050 could lead to code execution, file deletion
Matt Wiseman discovered these vulnerabilities. Cisco Talos recently discovered multiple vulnerabilities in Lantronix’s PremierWave 2050, an embedded Wi-Fi module. There are several vulnerabilities in PremierWave 2050’s Web Manager, a web-accessible application that allows users
Talos Takes Ep. #76: What is Kimsuky phishing around for?
The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. Blog posts aren't just for sharing your darkest secrets from high school anymore. They're also used by attackers
Threat Source newsletter (Nov. 11, 2021)
Good afternoon, Talos readers. It's important to be proactive, and not reactive, with your security. It's always better to see the worst coming and block it than have to scramble to deal with the worst-case scenario in the moment. That's why it's so important to
Microsoft Patch Tuesday for Nov. 2021 — Snort rules and prominent vulnerabilities
By Jon Munshaw and Tiago Pereira. Microsoft released its monthly security update Tuesday, disclosing 56 vulnerabilities in the company’s various software, hardware and firmware offerings, including one that’s actively being exploited in the wild. November’s security update feat
Cisco Talos finds 10 vulnerabilities in Azure Sphere’s Linux kernel, Security Monitor and Pluton
By Claudio Bozzato and Lilith [-_-];. Following our previous engagements (see blog posts 1, 2, 3 and 4) with Microsoft's Azure Sphere IoT platform, we decided to take another look at the device, without all the rush and commotion that normally entails a hacking challenge. T
Threat Source newsletter (Nov. 4, 2021)
Good afternoon, Talos readers. A series of vulnerabilities in Microsoft Exchange Server made waves earlier this year for coming under attack. And while they've come and gone from the headlines since then, attackers are still very much paying attention. Attackers spreading t
Threat Source newsletter (Oct. 28, 2021)
Good afternoon, Talos readers. Most people know about chicken and waffles. But what about squirrel and waffles? They may not be the most appetizing brunch, but they are teaming up for one heck of a spam campaign. We have new research out detailing this threat and examining whet