Vulnerability Spotlight: LibOFX Tag Parsing Code Execution Vulnerability
This vulnerability was discovered by Cory Duplantis of Talos Update 9/20/2017: A patch is now available to fix this issue. Overview LibOFX is an open source implementation of OFX (Open Financial Exchange) an open format used by financial institutions to share financial data wi
Vulnerability Spotlight: Content Security Policy bypass in Microsoft Edge, Google Chrome and Apple Safari
The vulnerabilities were discovered by Nicolai Grødum of Cisco. Today, Talos is releasing details of vulnerabilities discovered in Microsoft Edge browser as well as older versions of Google Chrome (CVE-2017-5033) and browsers based on the Webkit such as Apple Safari (CVE-2017-24
When combining exploits for added effect goes wrong
Introduction Since public disclosure in April 2017, CVE-2017-0199 has been frequently used within malicious Office documents. The vulnerability allows attackers to include Ole2Link objects within RTF documents to launch remote code when HTA applications are opened and parsed by M
Vulnerability Spotlight: EZB Systems UltraISO ISO Parsing Code Execution Vulnerability
Discovered by Piotr Bania of Cisco Talos. Today, Talos is releasing details of a new vulnerability discovered within the EZB Systems UltraISO ISO disk image creator software. TALOS-2017-0342 (CVE-2017-2840) may allow an attacker to execute arbitrary code remotely on the vulnerab
Vulnerability Spotlight: Multiple Vulnerabilities in CorelDRAW X8
Today, Talos is disclosing several vulnerabilities that have been identified in CorelDRAW X8. CorelDRAW X8 is graphics suite used for manipulating raster and vector images and is a common alternative to Adobe Creative Cloud. Several of the vulnerabilities being disclosed today s
Modified Zyklon and plugins from India
Introduction Streams of malicious emails Talos inspects every day usually consist of active spamming campaigns for various ransomware families, phishing campaigns and the common malware family suspects such as banking Trojans and bots.. It is however often more interesting to ana
Vulnerability Spotlight: Power Software PowerISO ISO Code Execution Vulnerabilities
These vulnerabilities were discovered by Piotr Bania of Cisco Talos. Today, Talos is releasing details of a new vulnerability discovered within the Power Software PowerISO disk imaging software. TALOS-2017-0318 and TALOS-2017-0324 may allow an attacker to execute arbitrary code
Hacking the Belkin E Series OmniView 2-Port KVM Switch
Author: Ian Payton, Security Advisory EMEAR This post is available to download as a whitepaper. Introduction Too frequently security professionals only consider software vulnerabilities when considering the risks of connecting devices to their networks and systems. When it com