Threat Source newsletter (Jan. 28, 2021)
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. Unfortunately, I don’t have any stock tips to give you to help you get rich overnight. But I do have two Vulnerability Spotlights you should read so your network can stay safer. We disclosed multiple vulnerabili
Vulnerability Spotlight: Multiple vulnerabilities in phpGACL class
Claudio Bozzato of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered multiple vulnerabilities in the phpGACL class. One of these vulnerabilities also affects OpenEMR, a medical practice management software written in PHP. phpGACL
Nation-state campaign targets Talos researchers
Google's Threat Analysis Group published a blog Monday evening warning of an ongoing campaign attempting to compromise security researchers. Google TAG's blog outlines the attacker's motivations and various TTPs used in these attacks. We can confirm that multiple Ci
Vulnerability Spotlight: Denial-of-service vulnerabilities in Micrium uc-HTTP’s HTTP server
Kelly Leuschner of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered two vulnerabilities in Micrium uc-HTTP’s HTTP server that could cause denial-of-service conditions. An attacker could trigger these vulnerabilities by targeting
Threat Roundup for January 15 to January 22
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Jan. 15 and Jan. 22. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting k
Talos Takes Ep. #37: What's with all this talk about supply chain attacks?
The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. The major SolarWinds campaign has been generating headlines for weeks now. And while its specific targets make this atta
Threat Source newsletter (Jan. 21, 2021)
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. We know it’s hard to focus on anything happening outside of Washington, D.C. this week. But we would be remiss if we didn’t mention the exciting news that the Snort 3 GA is officially out now! This update has be
Vulnerability Spotlight: Multiple vulnerabilities in PrusaSlicer
Lilith >_> of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered two out-of-bounds write vulnerabilities in Prusa Research’s PrusaSlicer. Prusa Slicer is an open-source 3-D printer slicing program forked off Slic3r that can c
Beers with Talos Ep. #99: P@ssw0rds and closing out 2020
Beers with Talos (BWT) Podcast episode No. 99 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. By Mitch Neff. Recorded late November 2020. We recorded this episode toward the end of 2020 and