Vulnerability Spotlight: Two vulnerabilities in RDP for Windows 7, XP
A Cisco Talos researcher discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered two issues in two implementations of Microsoft Remote Desktop Services: a denial-of-service vulnerability that affects Windows 7/Windows Server 2008 (when RDP 8.0 is enab
Microsoft Patch Tuesday — Dec. 2019: Vulnerability disclosures and Snort coverage
By Jon Munshaw. Microsoft released its monthly security update today, disclosing vulnerabilities across many of its products and releasing corresponding updates. This month's Patch Tuesday covers 25 vulnerabilities, two of which are considered critical. This month’s securit
Vulnerability Spotlight: Multiple vulnerabilities in LEADTOOLS software
Marcin Towalski and Cory Duplantis of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered multiple vulnerabilities in the LEADTOOLS line of imaging toolkits. LEADTOOLS is a collection of toolkits designed to perform a variety of fun
Threat Source newsletter (Dec. 5, 2019)
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. We hope everyone had a safe and happy Thanksgiving in the U.S. The holiday shopping season is now in full swing, and
Vulnerability Spotlight: AMD ATI Radeon ATIDXX64.DLL shader functionality sincos denial-of-service vulnerability
Piotr Bania of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered a denial-of-service vulnerability in a specific dll inside of the AMD ATI Radeon line of video cards. This vulnerability can be triggered by supplying a malformed pixel
ClamAV team shows off new Mussels dependency build automation tool
By Micah Snyder. Today I'm very excited, and a little bit nervous, to unveil Mussels. Mussels is a cross-platform, general-purpose dependency build automation tool. You might compare it with Vcpkg, Conan, or Buildout. It serves a similar purpose, but the approach is a little
Vulnerability Spotlight: SQL injection vulnerabilities in Forma Learning Management System
Yuri Kramarz of Security Advisory EMEAR discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered three SQL injection vulnerabilities in the authenticated portion of the Formal Learning Management System. LMS is a set of software that allows companie
Vulnerability Spotlight: Accusoft ImageGear PNG IHDR width code execution vulnerability
Marcin Noga of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Accusoft ImageGear contains two remote code execution vulnerabilities. ImageGear is a document and imaging library from Accusoft that developers can use to build their applications. The library contai
Vulnerability Spotlight: Two vulnerabilities in EmbedThis GoAhead
A Cisco Talos researcher discovered these vulnerabilities. Blog by Jon Munshaw. EmbedThis’ GoAhead Web Server contains two vulnerabilities that both arise when the software attempts to process a multi-part/form-data HTTP request. An attacker could exploit these vulnerabilities t