Threat Source newsletter for July 16, 2020
Good afternoon, Talos readers. If you haven’t already, we highly recommend you read our in-depth research paper on election security. This paper represents four years of hands-on research, interviews and insight into how things have changed since 2016, and what hurdles remain to
What to expect when you’re electing: Talos’ 2020 election security primer
Editor's note: Related reading on Talos election security research: * /what-to-expect-when-youre-electing * /election-roundtable-video * /what-to-expect-electing-disinformation-building-blocks After the 2016 General Election, the talk was all around foreign meddling. Rumo
Vulnerability Spotlight: Multiple vulnerabilities in RemoteFX affects, AMD, Intel chips
Piotr Bania of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered multiple vulnerabilities in Intel’s Graphics Accelerator Driver and in an AMD Radeon driver. The Intel driver was released in 2019 and is used in multiple Intel inte
Microsoft Patch Tuesday for July 2020 — Snort rules and prominent vulnerabilities
Microsoft released its monthly security update Tuesday, disclosing more than 120 vulnerabilities across its array of products. While only a few vulnerabilities are considered critical, users of all Microsoft and Windows products are urged to update their software as soon as poss
Vulnerability Spotlight: SQL injection vulnerability in Glacies IceHRM
Yuri Kramarz of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos researchers recently discovered that the Glacies' IceHRM software contains a vulnerability that could allow an adversary to inject SQL. IceHRM is a human resource management tool, all
New Snort rule addresses critical vulnerability in F5 BIG-IP
By Jon Munshaw. Cisco Talos just released Snort coverage for a prominent vulnerability in F5’s BIG-IP. BIG-IP is one of the most popular networking products on the modern market. This product is used to shape web traffic, access gateways, limit rates and much more. F5 disclosed
Threat Source newsletter for July 2, 2020
Good afternoon, Talos readers. Our latest research you should catch up on is the Valak malware. This information-stealer sneaks its way onto victim machines by hijacking legitimate email threads. The threat actors send their phishing emails and attachments in email threads, hop
Vulnerability Spotlight: Google Chrome PDFium memory corruption vulnerability
Aleksandar Nikolic of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. The PDF renderer inside Google Chrome, known as PDFium, contains a memory corruption vulnerability that could be exploited by an adversary. PDFium is open-source software that is utilized in th
Vulnerability Spotlight: Information disclosure vulnerability in Mozilla Firefox
Cisco Talos recently discovered an information disclosure vulnerability in Mozilla Firefox. An attacker can exploit this bug by tricking a user into visiting a specially crafted web page through the browser. If successful, the adversary could use leaked memory to bypass ASLR an