Cisco Talos Blog

August 8, 2017 12:15

Vulnerability Spotlight: Adobe Reader DC Parser Confusion

Parser vulnerabilities in common software packages such as Adobe Acrobat Reader pose a significant security risk to large portions of the internet. The fact that these software packages typically have a large footprints often gives attackers a broad attack surface they can potent

July 11, 2017 10:29

Vulnerability Spotlight: Iceni Infix PDF Editor Memory Corruption

Today, Talos is disclosing a vulnerability that has been identified in Iceni Infix PDF Editor that could lead to arbitrary code execution on affected hosts. This vulnerability manifests in a way that could be exploited if a user opens a specifically crafted PDF file that triggers

June 19, 2017 11:45

Vulnerability Spotlight: Multiple Foscam C1 Vulnerabilities Come in to Focus

Executive Summary The Foscam C1 is a webcam that is marketed for use in a variety of applications including home security monitoring. As an indoor webcam, it is designed to be set up inside of a building and features the ability to be accessed remotely via a web interface or from

June 14, 2017 14:41

Deep dive in Lexmark Perceptive Document Filters Exploitation

This post authored by Marcin Noga with contributions from Nick Biasini Introduction Talos discovers and releases software vulnerabilities on a regular basis. We don't always publish a deep technical analysis of how the vulnerability was discovered or its potential impact.

June 13, 2017 16:48

Microsoft Patch Tuesday - June 2017

Today, Microsoft has release their monthly set of security updates designed to address vulnerabilities. This month's release addresses 92 vulnerabilities with 17 of them rated critical and 75 rated important. Impacted products include Edge, Internet Explorer, Office, Sharepoi

May 25, 2017 03:31

Samba Vulnerability: Dancing Its Way to a Network Near You

Overview Today, a new vulnerability affecting the widely used Samba software was released. Samba is the SMB/CIFS protocol commonly used in *NIX operating systems. CVE-2017-7494 has the potential to impact many systems around the world. This vulnerability could allow a user to up

May 8, 2017 12:54

Vulnerability Spotlight: WolfSSL library X.509 Certificate Text Parsing Code Execution Vulnerability

Discovered by Aleksandar Nikolic of Cisco Talos Overview Talos is disclosing TALOS-2017-0293 / CVE 2017-2800, a code execution vulnerability in WolfSSL. WolfSSL is a lightweight SSL/TLS library targeted specifically for embedded and RTOS (Real-Time Operating System) environme

May 3, 2017 17:28

Gmail Worm Requiring You To Give It A Push And Apparently You All Are Really Helpful

Attackers are always looking for creative ways to send large amount of spam to victims. A short-lived, but widespread Google Drive themed phishing campaign has affected a large number of users across a variety of verticals. This campaign would be bcc'd to a target while being

April 26, 2017 10:03

Vulnerability Spotlight: IrfanView Jpeg2000 Reference Tile width Arbitrary Code Execution Vulnerability

Discovered by Aleksandar Nikolic of Cisco Talos Overview Talos is disclosing TALOS-2017-0310 / CVE-2017-2813, an arbitrary code execution vulnerability in the JP2 plugin for IrfanView image viewer. IrfanView is a widely used, Windows based, image viewing and editing applicati