Microsoft Patch Tuesday — Oct. 2019: Vulnerability disclosures and Snort coverage
By Jon Munshaw. Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday discloses 60 vulnerabilities, nine of which are considered "critical," with the rest being deemed "im
Vulnerability Spotlight: Foxit PDF Reader JavaScript Array.includes remote code execution vulnerability
Aleksandar Nikolic of Cisco Talos discovered this vulnerability. Foxit PDF Reader contains a remote code execution vulnerability in its JavaScript engine. Foxit aims to be one of the most feature-rich PDF readers on the market, and contains many similar functions to that of Adob
Threat Source newsletter (Sept. 26)
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. An attacker known as “Tortoiseshell” is using a phony, malicious website to deliver malware. The site specifically t
An in-depth look at cyber insurance: We sat down with risk expert, Cisco's Leslie Lamb
Y2K is known for being one of the most widespread times of panic in IT. It was generally thought that on Dec. 31, 1999, computers across the globe would shut down when they would fail to properly process that it would become the year 2000 the next day. It made headlines across t
Threat Source newsletter (Sept. 19, 2019)
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. We’re all still trying to shake off the summer. Gone are the early Fridays, beach vacations and days by the pool. Tu
Vulnerability Spotlight: Multiple vulnerabilities in Aspose PDF API
Marcin Noga of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered multiple remote code execution vulnerabilities in the Aspose.PDF API. Aspose provides a series of APIs for manipulating or converting a large family of document formats. These vulnerabil
New Cisco Talos web reputation verdicts
Cisco Talos has updated and expanded the Talos Threat Levels used to describe our web reputation verdicts. As you will see in the chart below, we are increasing the amount of reputation verdicts from three to five. We are retaining the Unknown category, just as before. Cisco Se
Vulnerability Spotlight: AMD ATI Radeon ATIDXX64.DLL shader functionality remote code execution vulnerability
Piotr Bania of Cisco Talos discovered this vulnerability. Some AMD Radeon cards contain a remote code execution vulnerability in their ATIDXX64.DLL driver. AMD produces the Radeon line of hardware, which includes graphics cards and graphics processing units. This specific vulner
Vulnerability Spotlight: Multiple vulnerabilities in Atlassian Jira
Ben Taylor of Cisco ASIG discovered these vulnerabilities. Atlassian’s Jira software contains multiple vulnerabilities that could allow an attacker to carry out a variety of actions, including the disclosure of sensitive information and the remote execution of JavaScript code. J