Cisco Talos Intelligence Blog

March 30, 2023 15:03

Vulnerability Spotlight: Vulnerability in ManageEngine OpManager could lead to XXE attack

XXE attacks allow an adversary to interact with other backend or external systems that OpManager accesses.

March 30, 2023 14:03

Threat Source newsletter (March 30, 2023) — It’s impossible to tell if your home security camera or doorbell is truly safe

Very few of us looking to buy these pieces of equipment are qualified to say if these products are even secure, and those among us who are are probably smart enough to know not to buy these products in the first place.

March 30, 2023 12:03

Vulnerability Spotlight: Specially crafted files could lead to denial of service, information disclosure in OpenImageIO parser

OpenImageIO is a library that converts, compares and processes various image files. Blender and AliceVision, two often used computer imaging services, utilize the library, among other software offerings.

March 30, 2023 10:03

Vulnerability Spotlight: SNIProxy contains remote code execution vulnerability

An attacker could exploit this vulnerability by sending a specially crafted HTTP, TLS or DTLS packet to the target machine, potentially causing a denial of service or gaining the ability to execute remote code.

March 23, 2023 14:03

Threat Source newsletter (March 23, 2023) — Meta is threatening to ban news sharing in Canada. Good.

Facebook users are notoriously the biggest offenders for sharing fake news and misinformation.

March 21, 2023 13:03

Vulnerability Spotlight: Netgear Orbi router vulnerable to arbitrary command execution

Cisco Talos recently discovered four vulnerabilities in the Netgear Orbi mesh wireless system, including the main hub router and satellite routers that extend the network’s range.

March 21, 2023 09:03

Vulnerability Spotlight: WellinTech ICS platform vulnerable to information disclosure, buffer overflow vulnerabilities

If an adversary could capture an authentication packet, it contains all the necessary information to steal the target user’s username and password for the software.

March 16, 2023 14:03

Vulnerability Spotlight: Node-SQLite3 issue could lead to denial of service in Ghost CMS

Due to JSON format limitations, the vulnerability only manifests itself as a remote denial of service in Ghost CMS, which crashes the Node.js process. However, the vulnerability could potentially lead to remote code execution in other products that use it.

March 16, 2023 14:03

Threat Source newsletter (March 16, 2023) — A deep dive into Talos' work in Ukraine

The latest episode of ThreatWise TV from Hazel Burton is the closest look yet at the team Talos assembled in the days after Russia invaded Ukraine.