Vulnerability Spotlight: Multiple vulnerabilities in Synology DiskStation Manager
The vulnerabilities exist in various features inside the operating system, including AppArmor and QuickConnect.
Vulnerability Spotlight: Remote code execution vulnerabilities in Cosori smart air fryer
Dave McDaniel of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Update (April 27, 2021): Cosori has released an update for this product that fixes these two vulnerabilities. Cisco Talos recently discovered two code execution vulnerabilities in the Cosori smart
Microsoft Patch Tuesday for April 2021 — Snort rules and prominent vulnerabilities
By Jon Munshaw, with contributions from Vanja Svajcer. Microsoft released its monthly security update Tuesday, disclosing 108 vulnerabilities across its suite of products, the most in any month so far this year. Four new remote code execution vulnerabilities in Microsoft Excha
Vulnerability Spotlight: Multiple vulnerabilities in OpenClinic’s GA web portal
Yuri Kramarz of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered multiple vulnerabilities in OpenClinic’s GA web portal. OpenClinic GA is an open-source, fully integrated hospital management solution. The web portal allows users
Sowing Discord: Reaping the benefits of collaboration app abuse
As telework has become the norm throughout the COVID-19 pandemic, attackers are modifying their tactics to take advantage of the changes to employee workflows. * Attackers are leveraging collaboration platforms, such as Discord and Slack, to stay under the radar and evade organ
Cheating the cheater: How adversaries are using backdoored video game cheat engines and modding tools
By Nick Lister and Holger Unterbrink, with contributions from Vanja Svajcer. News summary * Cisco Talos recently discovered a new campaign targeting video game players and other PC modders. * Talos detected a new cryptor used in several different malware campaigns hidden
Microsoft Patch Tuesday for March 2021 — Snort rules and prominent vulnerabilities
By Jon Munshaw, with contributions from Nick Biasini. Microsoft released its monthly security update Tuesday, disclosing 89 vulnerabilities across its suite of products, the most in any month so far this year. There are 14 critical vulnerabilities as part of this release and on
Domain dumpster diving
By Jaeson Schultz. Dumpster diving — searching through the trash looking for items of value — has long been a staple of hacking culture. In the 1995 movie "Hackers," Acid Burn and Crash Override are seen dumpster diving for information they can use to help them "h
ObliqueRAT returns with new campaign using hijacked websites
By Asheer Malhotra. * Cisco Talos has observed another malware campaign that utilizes malicious Microsoft Office documents (maldocs) to spread the remote access trojan (RAT) ObliqueRAT. * This campaign targets organizations in South Asia. * ObliqueRAT has been linked to th