Vulnerability Spotlight: Multiple vulnerabilities in RemoteFX affects, AMD, Intel chips
Piotr Bania of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered multiple vulnerabilities in Intel’s Graphics Accelerator Driver and in an AMD Radeon driver. The Intel driver was released in 2019 and is used in multiple Intel inte
Microsoft Patch Tuesday for July 2020 — Snort rules and prominent vulnerabilities
Microsoft released its monthly security update Tuesday, disclosing more than 120 vulnerabilities across its array of products. While only a few vulnerabilities are considered critical, users of all Microsoft and Windows products are urged to update their software as soon as poss
Vulnerability Spotlight: SQL injection vulnerability in Glacies IceHRM
Yuri Kramarz of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos researchers recently discovered that the Glacies' IceHRM software contains a vulnerability that could allow an adversary to inject SQL. IceHRM is a human resource management tool, all
New Snort rule addresses critical vulnerability in F5 BIG-IP
By Jon Munshaw. Cisco Talos just released Snort coverage for a prominent vulnerability in F5’s BIG-IP. BIG-IP is one of the most popular networking products on the modern market. This product is used to shape web traffic, access gateways, limit rates and much more. F5 disclosed
Threat Source newsletter for July 2, 2020
Good afternoon, Talos readers. Our latest research you should catch up on is the Valak malware. This information-stealer sneaks its way onto victim machines by hijacking legitimate email threads. The threat actors send their phishing emails and attachments in email threads, hop
Vulnerability Spotlight: Google Chrome PDFium memory corruption vulnerability
Aleksandar Nikolic of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. The PDF renderer inside Google Chrome, known as PDFium, contains a memory corruption vulnerability that could be exploited by an adversary. PDFium is open-source software that is utilized in th
Vulnerability Spotlight: Information disclosure vulnerability in Mozilla Firefox
Cisco Talos recently discovered an information disclosure vulnerability in Mozilla Firefox. An attacker can exploit this bug by tricking a user into visiting a specially crafted web page through the browser. If successful, the adversary could use leaked memory to bypass ASLR an
Vulnerability Spotlight: Remote code execution vulnerabilities in LEADTOOLS 20
Cisco Talos recently discovered a remote code execution vulnerability in the LEADTOOLS line of imaging toolkits. LEADTOOLS is a collection of toolkits designed to perform a variety of functions aimed at integrating documents, multimedia and imaging technologies into applications.
Threat Source newsletter for June 25, 2020
Good afternoon, Talos readers. We recently decided to replace our use of the terms "blacklist" and "whitelist" with "block list" and "allow list.” Even though these terms are commonly in use in the security industry, we will not go along with c