Beers with Talos EP 19: The "Best" of BWT
Beers with Talos (BWT) Podcast Episode 19 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing: www.talosintelligence.com/podcast EP19 Show Notes: Quotes intended, we think you know why. Mitch takes con
Vulnerability Spotlight: VMWare VNC Vulnerabilities
UPDATE 03/15/2018: Added details for Talos-2017-0376/CVE-2018-6957 which has been recently patched. Today, Talos is disclosing a pair of vulnerabilities in the VNC implementation used in VMWare's products that could result in code execution. VMWare implements VNC for its rem
Virus Bulletin Publication And Presentation
Virus Bulletin conference is a well regarded intimate technical conference focused on malware research. It provides a good balance between listening to technical talks and spending time exchanging experiences with colleagues from different companies; all working on the same task
Beers with Talos EP 18: Kitties in My Blockchain, Obfuscating Pronunciations, and Other Security Stuff
Beers with Talos (BWT) Podcast Episode 18 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing: www.talosintelligence.com/podcast EP18 Show Notes: It’s the last full episode of the year! Thanks to you an
Microsoft Patch Tuesday - December 2017
Today, Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 34 new vulnerabilities with 21 of them rated critical and 13 of them rated important.
Threat Round Up for Dec 01 - Dec 08
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between December 01 and December 08. As with previous round-ups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highl
Vulnerability Spotlight: TALOS-2017-0393 / CVE-2017-2886 - ACDSee Ultimate 10 Remote Code Execution Vulnerability
An memory corruption vulnerability exists in the .PSD parsing functionality of ACD Systems International Inc. ACDSee Ultimate 10. An attacker can build a specially crafted PSD file that uses this bug to trigger a memory corruption. A byte value is taken directly from the .PSD fil
The Mutiny Fuzzing Framework and Decept Proxy
This blog post is authored by James Spadaro of Cisco ASIG and Lilith Wyatt of Cisco Talos. Imagine a scenario where you, as a vulnerability researcher, are tasked with auditing a network application to identify vulnerabilities. By itself, the task may not seem too daunting unti
