Beers with Talos Ep. #68: Takes from Talos on IoT (and the NEW “Talos Takes” podcast!)
By Mitch Neff. Beers with Talos (BWT) Podcast episode No. 68 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Recorded Dec. 9, 2019 We have a big announcement to make today! Check your feed
Vulnerability Spotlight: Multiple vulnerabilities in WAGO PFC200
Kelly Leuschner of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. The WAGO PFC200 and PFC100 controllers contain multiple exploitable vulnerabilities. The PFC200 is one of WAGO’s programmable automation controllers that are used in many industries including a
Threat Roundup for December 6 to December 13
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Dec. 6 and Dec. 13. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting ke
Threat Source newsletter (Dec. 12, 2019)
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. We’re entering our Year in Review period. Now’s the time to look back on the top stories from 2019 and think about w
Talos Vulnerability Discovery Year in Review — 2019
By Martin Zeiser. Cisco Talos' Systems Security Research Team investigates software, operating system, IoT and ICS vulnerabilities to make sure we find vulnerabilities before the bad guys do. We provide this information to the affected vendors so that they can create patche
Vulnerability Spotlight: Apple Safari SVG marker element baseVal remote code execution vulnerability
Marcin Towalski of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Apple’s Safari web browser is open to a remote code execution vulnerability via its SVG marker element feature inside the Safari WebKit. Safari uses the WebCore DOM rendering system in WebKit. Ren
Vulnerability Spotlight: Kakadu Software SDK ATK marker code execution vulnerability
Aleksandar Nikolic and Emmanuel Tacheau of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Kakadu Software’s SDK contains an exploitable heap overflow. Kakadu serves as a framework for developers to create a variety of commercial and non-commercial applications.
Vulnerability Spotlight: Denial-of-service vulnerabilities in Linux kernel, W1.fi
Mitchell Frank and Mark Leonard of Cisco discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered two denial-of-service vulnerabilities in the open-source program W1.fi. Both of these vulnerabilities target hostapd. One could allow an attacker to fo
Vulnerability Spotlight: Information leak vulnerability in Adobe Acrobat Reader
Aleksandar Nikolic of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered an information leak vulnerability in Adobe Acrobat Reader DC. An attacker could exploit this vulnerability by tricking the victim into opening a specially crafted