Microsoft Patch Tuesday - April 2017
It’s that time again! Today we bring you April’s Microsoft Patch Tuesday information. These fixed vulnerabilities affect Outlook, Edge, Internet Explorer, Hyper-V, .NET, and Scripting Engine. Bulletins Rated Critical CVE-2017-0106 outlines a vulnerability in Microsoft Word. It
Threat Round-up for the Week of Mar 20 - Mar 24
Today, Talos is publishing a glimpse into the most prevalent threats we've observed over the past week. As with previous round-ups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behav
Vulnerability Spotlight: Apple Garage Band Out of Bounds Write Vulnerability
Discovered by Tyler Bohan of Cisco Talos Overview Talos is disclosing TALOS-2016-0262 (CVE-2017-2372) and TALOS-2017-0275 (CVE-2017-2374), an out of bounds write vulnerability in Apple GarageBand. GarageBand is a music creation program, allowing users to create and edit music
Matryoshka Doll Reconnaissance Framework
This post authored by David Maynor & Paul Rascagneres with the contribution of Alex McDonnell and Matthew Molyett Overview Talos has identified a malicious Microsoft Word document with several unusual features and an advanced workflow, performing reconnaissance on the ta
IEC 104 Protocol Detection Rules
IEC 60870-5-104 Protocol Detection Rules Cisco Talos has released 33 Snort rules which are used to analyze/inspect IEC 60870-5-104 network traffic. These rules will help Industrial Control Systems/Supervisory Control and Data Acquisition (ICS/SCADA) asset owners to allow the iden
Vulnerability Spotlight: ImageMagick Convert Tiff Out of Bounds Write
Vulnerability discovered by Tyler Bohan Overview Talos is disclosing TALOS-2016-0216 / CVE-2016-8707, an out of bounds write vulnerability in ImageMagick. ImageMagick is a photo editing software program that allows users to edit and manipulate various types of image files. This
Vulnerability Spotlight: Hopper Disassembler ELF Section Header Size Code Execution
Vulnerability Discovered by Tyler Bohan and Cory Duplantis of Cisco Talos Talos has identified an exploitable out-of-bounds write vulnerability in the ELF Section Header parsing functionality of Hopper (TALOS-2016-0222/CVE-2016-8390). Hopper is a reverse engineering tool for mac
Vulnerability Spotlight: Foxit PDF Reader JBIG2 Parser Information Disclosure
Vulnerability discovered by Aleksandar Nikolic of Talos. Talos has identified an information disclosure vulnerability in Foxit PDF Reader (TALOS-2016-0201/CVE-2016-8334). A wrongly bounded call to `memcpy`, while parsing jbig2 segments within a PDF file, can be triggered in Foxi
Vulnerability Spotlight: OpenJPEG JPEG2000 mcc record Code Execution Vulnerability
Vulnerability discovered by Aleksandar Nikolic of Cisco Talos Overview Talos has identified an exploitable out-of-bounds vulnerability in the JPEG 2000 image file format parser implemented in OpenJPEG library (TALOS-2016-0193/CVE-2016-8332). The JPEG 2000 file format is comm