Better email classification, courtesy of you
Cisco customers with Email Security Appliances (ESA) or Cloud Email Security (CES) accounts already know the benefits of Cisco’s email filtering. Every day, millions of malicious emails are automatically sent to the trash bin. Cisco encourages customers to participate in honing t
Vulnerability Spotlight: Code execution, memory corruption vulnerabilities in Accusoft ImageGear
Emmanuel Tacheau of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered two vulnerabilities in Accusoft ImageGear. The ImageGear library is a document-imaging developer toolkit to assist users with image conversion, creation, editin
Quarterly Report: Incident Response trends in Summer 2020
By David Liebenberg and Caitlin Huey. For the fifth quarter in a row, Cisco Talos Incident Response (CTIR) observed ransomware dominating the threat landscape. Infections involved a wide variety of malware families including Ryuk, Maze, LockBit, and Netwalker, among others. In
Vulnerability Spotlight: Multiple SQL, code injection vulnerabilities in OpenSIS
Yuri Kramarz and Yves Younan discovered these vulnerabilities. Blog by Jon Munshaw Cisco Talos researchers recently discovered multiple vulnerabilities in the OpenSIS software family. OpenSIS is a student information management system for K-12 students. It is available in commer
Threat Source newsletter for Aug. 27, 2020
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. As part of our continued look at election security ahead of the November election, we have another research paper out this week. This time, we’re taking a closer look at disinformation campaigns, popularly known
Vulnerability Spotlight: Remote code execution, privilege escalation bugs in Microsoft Azure Sphere
Claudio Bozzato, Lilith >_> and Dave McDaniel of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Update (Sept. 17, 2020): This post has been updated to reflect the status of Microsoft assigning CVEs to these issues. Cisco Talos researchers recently disc
Vulnerability Spotlight: Use-after-free vulnerability in Google Chrome WebGL could lead to code execution
Marcin Towalski of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. The Google Chrome web browser contains a use-after-free vulnerability in its WebGL component that could allow a user to execute arbitrary code in the context of the browser process. This vulnerabi
Vulnerability Spotlight: Internet Systems Consortium BIND server DoS
Emanuel Almeida of Cisco Systems discovered this vulnerability. Blog by Jon Munshaw. The Internet Systems Consortium’s BIND server contains a denial-of-service vulnerability that exists when processing TCP traffic through the libuv library. An attacker can exploit this vulnerabi
Threat Source newsletter for Aug. 20, 2020
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. Hactivism always seems to cool and noble in the movies. Video games and TV shows have no shortage of their “hacker heroes,” too. But what are the real-world consequences of users who release sensitive informatio