Vulnerability Spotlight: Multiple vulnerabilities in LEADTOOLS software
Marcin Towalski and Cory Duplantis of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered multiple vulnerabilities in the LEADTOOLS line of imaging toolkits. LEADTOOLS is a collection of toolkits designed to perform a variety of fun
Threat Source newsletter (Dec. 5, 2019)
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. We hope everyone had a safe and happy Thanksgiving in the U.S. The holiday shopping season is now in full swing, and
Vulnerability Spotlight: AMD ATI Radeon ATIDXX64.DLL shader functionality sincos denial-of-service vulnerability
Piotr Bania of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered a denial-of-service vulnerability in a specific dll inside of the AMD ATI Radeon line of video cards. This vulnerability can be triggered by supplying a malformed pixel
ClamAV team shows off new Mussels dependency build automation tool
By Micah Snyder. Today I'm very excited, and a little bit nervous, to unveil Mussels. Mussels is a cross-platform, general-purpose dependency build automation tool. You might compare it with Vcpkg, Conan, or Buildout. It serves a similar purpose, but the approach is a little
Vulnerability Spotlight: SQL injection vulnerabilities in Forma Learning Management System
Yuri Kramarz of Security Advisory EMEAR discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered three SQL injection vulnerabilities in the authenticated portion of the Formal Learning Management System. LMS is a set of software that allows companie
Vulnerability Spotlight: Accusoft ImageGear PNG IHDR width code execution vulnerability
Marcin Noga of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Accusoft ImageGear contains two remote code execution vulnerabilities. ImageGear is a document and imaging library from Accusoft that developers can use to build their applications. The library contai
Vulnerability Spotlight: Two vulnerabilities in EmbedThis GoAhead
A Cisco Talos researcher discovered these vulnerabilities. Blog by Jon Munshaw. EmbedThis’ GoAhead Web Server contains two vulnerabilities that both arise when the software attempts to process a multi-part/form-data HTTP request. An attacker could exploit these vulnerabilities t
Best practices for staying safe online during the holiday shopping season
By Jon Munshaw. This holiday shopping season, the basics of avoiding a malware infection boils down to: If it sounds too good to be true, it probably is. While sometimes retailers do give out small-dollar gift cards, that $500 discount on a new iPhone is probably not real. If i
Threat Source newsletter (Nov. 21, 2019)
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. It’s nearly holiday shopping season, which means it’s prime scam season. On the latest Beers with Talos episode, we