Threat Round Up for January 5 - 12

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between January 05 and January 12. As with previous round-ups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlig

Vulnerability Spotlight: Multiple Unpatched Vulnerabilities in Blender Identified

Update 1/25/18: Blender has released version 2.79a to address these issues Technology has evolved in incredible ways that has helped people to create and visualize media like never before. Today, people can use tools such as Blender to visualize, model, and animate 3D content,

Vulnerability Spotlight: Ruby Rails Gem XSS Vulnerabilities

Vulnerabilities discovered by Zachary Sanchez of Cisco ASIG Overview Talos has discovered two XSS vulnerabilities in Ruby Rails Gems. Rails is a Ruby framework designed to create web services or web pages. Ruby Gems is a package manager for distributing software packages as 

Microsoft Patch Tuesday - January 2018

Today Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 56 new vulnerabilities with 16 of them rated critical, 39 of them rated important and 1

Vulnerability Spotlight: Multiple Vulnerabilities in the CPP and Parity Ethereum Client

Meltdown and Spectre

Cisco Talos is aware of three new vulnerabilities impacting Intel, AMD, Qualcomm and ARM processors used by almost all computers. We are investigating these issues and although we have not observed exploitation of these vulnerabilities in the wild, that does not mean that it has

Threat Round Up for December 29 - January 5

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between December 29 and January 05. As with previous round-ups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highli

Not So Crystal Clear - Zeus Variant Spoils Ukrainian Holiday

This post was authored by Edmund Brumaghin with contributions from Ben Baker, Dave Maynor and Matthew Molyett. Introduction Talos has observed a cyber attack which was launched using the official website of Ukraine-based accounting software developer Crystal Finance Millennium

Tutorial: Mutiny Fuzzing Framework and Decept Proxy

Here's a basic demo video for our new opensource tools, Decept and Mutiny. Happy New Year <(^_^)>  ~ Lilith Recently, Talos released new tools to assist in the monumental task of finding vulnerabilities in network applications. Mutiny and Decept work together to hel