Threat Source Newsletter (April 22, 2021)
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. We went viral this week! Everyone seemed to love to joke about these vulnerabilities we discovered in a WiFi-connected air fryer. An attacker, if they had physical access to the device, could exploit these vulne
Threat Advisory: Pulse Secure Connect Coverage
Pulse Secure announced that a critical vulnerability (CVE-2021-22893) was discovered in their VPN service "Pulse Secure Connect" in a recent security advisory. The advisory states that, "a vulnerability was discovered under Pulse Connect Secure (PCS). This include
Beers with Talos Ep. #103: ICS/SCADA Security — The permanence and people problems
Beers with Talos (BWT) Podcast episode No. 103 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. By Mitch Neff. Recorded March 2021 ICS and SCADA systems are deeply embedded all around us in
Vulnerability Spotlight: Code execution vulnerabilities in PrusaSlicer
Lilith >_> of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered two out-of-bounds write vulnerabilities in Prusa Research’s PrusaSlicer. Prusa Slicer is an open-source 3-D printer slicing program forked off Slic3r that can c
A year of Fajan evolution and Bloomberg themed campaigns
By Vanja Svajcer. News summary * Some malware campaigns are designed to spread malware to as many people as possible — while some others carefully choose their targets. Cisco Talos recently discovered a malware campaign that does not fit in any of the two categories. This ac
Vulnerability Spotlight: Multiple vulnerabilities in Synology DiskStation Manager
The vulnerabilities exist in various features inside the operating system, including AppArmor and QuickConnect.
Vulnerability Spotlight: Remote code execution vulnerabilities in Cosori smart air fryer
Dave McDaniel of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Update (April 27, 2021): Cosori has released an update for this product that fixes these two vulnerabilities. Cisco Talos recently discovered two code execution vulnerabilities in the Cosori smart
Threat Roundup for April 9 to April 16
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between April 9 and April 16. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting
Talos Takes Ep. #49: LodaRAT keeps growing....and growing
The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. Chris Neal from Talos Outreach has followed LodaRAT for years now. It’s gone from a fairly small threat to a full-on mal