Registration now open for Talos webinar on Android malware
Major ransomware attacks like those against hospital systems and government agencies are always going to make headlines. But some of the most prolific and widespread threats on the landscape today are more about smaller devices and networks — the ones that fit in your pocket. At
Threat Source newsletter (March 18, 2021)
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. Start spreading the word now, the Snort scholarship is back for 2021! This year, we’re giving away two $10,000 awards to two college students who are studying cybersecurity or another IT-related field. Applicati
Talos Takes Ep. #44: A roundtable discussion on SolarWinds
The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. Welcome to the first-ever XL edition of Talos Takes. This one is a little longer than usual, but we promise you it’s wor
Threat Source newsletter (March 11, 2021) — Featuring new SolarWinds roundtable
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. We have a special edition of the Threat Source newsletter to bring you this week, because we’re premiering a new video for you right now! Below, you’ll find a full roundtable we put together discussing the Sola
Vulnerability Spotlight: Use-after-free vulnerability in 3MF Consortium lib3mf
Lilith >_> of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. 3MF Consortium’s lib3mf library is vulnerable to a use-after-free vulnerability that could allow an adversary to execute remote code on the victim machine. The lib3mf library is an open-source im
Microsoft Patch Tuesday for March 2021 — Snort rules and prominent vulnerabilities
By Jon Munshaw, with contributions from Nick Biasini. Microsoft released its monthly security update Tuesday, disclosing 89 vulnerabilities across its suite of products, the most in any month so far this year. There are 14 critical vulnerabilities as part of this release and on
Talos Takes Ep. #43: What you should know about the Microsoft Exchange Server zero-days
The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. We put this episode together quickly this week to address the zero-day vulnerabilities Microsoft disclosed earlier this
Threat Source newsletter (March 4, 2021)
Newsletter compiled by Jon Munshaw. Of course, we will start things off talking about the Microsoft Exchange Server zero-day vulnerabilities disclosed earlier this week. Microsoft said in a statement that a threat actor is exploiting these vulnerabilities in the wild to steal us
Vulnerability Spotlight: Remote code execution vulnerability in WebKit WebAudio API
Marcin “Icewall” Noga of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. The WebKit browser engine contains a remote code execution vulnerability in its WebAudio API interface. A malicious web page code could trigger a use-after-free error, which could lead to