Cisco Talos Blog

January 26, 2022 16:09

Vulnerability Spotlight: WiFi-connected security camera could be manipulated to spy on communications, among other malicious actions

Francesco Benvenuto of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered several vulnerabilities in the Reolink RLC-410W security camera that could allow an attacker to perform several malicious actions, including performing man-in-the-middle attacks,

January 25, 2022 12:31

Vulnerability Spotlight: Vulnerability in Apple iOS, iPad OS and MacOS could lead to disclosure of sensitive memory data

Jaewon Min of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered an out-of-bounds read vulnerability in Apple’s macOS and iOS operating systems that could lead to the disclosure of sensitive memory content. An attacker could capitalize on that informat

January 11, 2022 12:09

Vulnerability Spotlight: Two vulnerabilities in Adobe Acrobat DC could lead to arbitrary code execution

Aleksandar Nikolic of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered two vulnerabilities in Adobe Acrobat Reader DC that could allow an attacker to eventually gain the ability to execute arbitrary code. Acrobat is one of the m

January 11, 2022 10:07

Vulnerability Spotlight: Heap buffer overflow condition in Google Chrome could lead to code execution

Marcin Towalski of Cisco Talos discovered this vulnerability. Cisco Talos recently discovered an exploitable heap-based buffer overflow vulnerability in Google Chrome. Google Chrome is a cross-platform web browser — and Chromium is the open-source version of the browser that ot

January 10, 2022 09:40

Vulnerability Spotlight: Buffer overflow vulnerability in AnyCubic Chitubox plugin

Carl Hurd of Cisco Talos discovered this vulnerability. Cisco Talos recently discovered an exploitable heap-based buffer overflow vulnerability in the Chitubox AnyCubic plugin. Chitubox is 3-D printing software for users to download and process models and send them to a 3-D pri

December 20, 2021 11:11

Vulnerability Spotlight: Vulnerabilities in metal detector peripheral could allow attackers to manipulate security devices

Matt Wiseman of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered multiple vulnerabilities in a device from Garrett Metal Detectors that could allow remote attackers to bypass authentication requirements, manipulate metal detector configurations, and

December 20, 2021 09:00

Vulnerability Spotlight: Vulnerabilities in DaVinci Resolve video editing software could lead to code execution

Cisco Talos recently discovered two vulnerabilities in the DaVinci Resolve video editing software that could allow an adversary to execute code in the context of the application. DaVinci Resolve is a non-linear video editing application from Blackmagic Software that is available

December 1, 2021 08:20

Vulnerability Spotlight: Use-after-free condition in Google Chrome could lead to code execution

Marcin Towalski of Cisco Talos discovered this vulnerability. Cisco Talos recently discovered an exploitable use-after-free vulnerability in Google Chrome. Google Chrome is a cross-platform web browser — and Chromium is the open-source version of the browser that other software

November 22, 2021 14:00

A review of Azure Sphere vulnerabilities: Unsigned code execs, kernel bugs, escalation chains and firmware downgrades

Summary of all the vulnerabilities reported by Cisco Talos in Microsoft Azure Sphere By Claudio Bozzato and Lilith [>_>]. In May 2020, Microsoft kicked off the Azure Sphere Security Research Challenge, a three-month initiative aimed at finding bugs in Azure Sphere. In