Vulnerability Spotlight: Remote code execution vulnerabilities in Schneider Electric EcoStruxure
Alexander Perez-Palma and Jared Rittle of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered two code execution vulnerabilities in Schneider Electric EcoStruxure. An attacker could exploit these vulnerabilities by sending the victim a
Vulnerability Spotlight: Code execution vulnerability in Microsoft Excel
Marcin “Icewall” Noga of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered a code execution vulnerability in some versions of Microsoft Excel. An attacker could exploit this vulnerability by tricking the victim into opening a special
Microsoft Patch Tuesday (Dec. 2020) — Snort rules and notable vulnerabilities
By Jon Munshaw, with contributions from Bill Largent. Microsoft released its monthly security update Tuesday, disclosing 58 vulnerabilities across its suite of products, the lowest number of vulnerabilities in any Patch Tuesday since January. There are only 10 critical vulnerab
Threat Source newsletter (Dec. 3, 2020)
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. While ransomware has made all the headlines this year, that doesn’t mean cryptocurrency miners are going anywhere. We recently discovered a new actor we’re calling “Xanthe” that’s mining Monero on targets’ machi
Vulnerability Spotlight: DoS, code execution vulnerabilities in EIP Stack Group OpENer
Martin Zeiser and Jared Rittle of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Executive summary Cisco Talos recently discovered two vulnerabilities in the Ethernet/IP function of EIP Stack Group OpENer. OpENer is an Ethernet/IP stack for I/O adapter devi
Vulnerability Spotlight: Multiple vulnerabilities in WebKit
Marcin “Icewall” Noga of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Executive summary The WebKit browser engine contains multiple vulnerabilities in various functions of the software. A malicious web page code could trigger multiple use-after-free error
Threat Source newsletter (Nov. 19, 2020)
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. In case you hadn’t already realized, Snort somehow became a meme this week, so that was fun. As 2020 (finally...or already...I can’t decide which) comes to an end, we’re going to start doing a look back at the
Vulnerability Spotlight: Multiple vulnerabilities in Pixar OpenUSD affects some versions of macOS
Aleksandar Nikolic of Cisco Talos discovered these vulnerabilities. Blog by Aleksandar Nikolic and Jon Munshaw. Pixar OpenUSD contains multiple vulnerabilities that attackers could exploit to carry out a variety of malicious actions. OpenUSD stands for “Open Universal Scene Des
Threat Source newsletter (Nov. 12, 2020)
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. We’re back after a few-week hiatus! And to celebrate, we just dropped some new research on the CRAT trojan that’s bringing some ransomware friends along with it. This blog post has all the details of this threat