Vulnerability Spotlight: Kernel Information Leak & Multiple DOS Issues Within Kaspersky Internet Security Suite
A further local denial of service attack is possible through Kaspersky’s KL1 driver. A malicious user can send a specially crafted IOCTL call to the KL1 driver. Under certain conditions, this can causing the driver to read memory outside of an allocated buffer. This may provoke a
Vulnerability Spotlight: Kaspersky Unhandled Windows Messages Denial of Service Vulnerability
Vulnerability discovered by Marcin ‘Icewall’ Noga of Cisco Talos. Overview Talos is disclosing the presence of TALOS-2016-0175 / CVE-2016-4329, a local denial of service vulnerability within Kaspersky anti-virus. A system user is able to cause a denial of service attack agains
Vulnerability Spotlight: Multiple Remote Code Execution Vulnerabilities Within Lexmark Perceptive Document Filters.
Vulnerabilities discovered by Tyler Bohan & Marcin Noga of Cisco Talos Talos are today releasing three new vulnerabilities discovered within the Lexmark Perceptive Document Filters library. TALOS-2016-0172, TALOS-2016-0173 and TALOS-2016-0183 allow for a remote code executio
Vulnerability Spotlight: Rockwell Automation MicroLogix 1400 SNMP Credentials Vulnerability
This vulnerability was discovered by Patrick DeSantis. Description Talos recently discovered a vulnerability in Allen-Bradley Rockwell Automation MicroLogix 1400 Programmable Logic Controllers (PLCs) related to the default configuration that is shipped with devices running affe
Vulnerability Spotlight: BlueStacks App Player Privilege Escalation
Discovered by Marcin ‘Icewall’ Noga of Cisco Talos Talos is releasing an advisory for a vulnerability in BlueStacks App Player. (TALOS-2016-0124/CVE-2016-4288). The BlueStacks App Player is designed to enable Android applications to run on Windows PCs and Macintosh computers. It
Vulnerability Spotlight: MS Edge/Windows PDF Library Arbitrary Code Execution Vulnerability Identified and Patched
Vulnerability discovered by Aleksandar Nikolic of Cisco Talos. Yesterday, Microsoft released its monthly set of security bulletins and patches for various flaws within currently supported products. Two of the bulletins in yesterday's release are rated critical and address CV
Microsoft Patch Tuesday - August 2016
This post was authored by Edmund Brumaghin and Jonah Samost Today is Patch Tuesday for August 2016, and Microsoft has released several security bulletins and associated patches to resolve security issues across their products. This month’s patch release includes 9 bulletins addr
Vulnerability Spotlight: Multiple Arbitrary Code Execution Vulnerabilities Identified in Hancom Hangul Office
Vulnerabilities discovered by the Talos Vulnerability Development Team. Blog post authored by Alex Chiu. Securing your network and environment is a challenging task, especially when organizations need to keep track of various software packages that are used on a daily basis. Pro
Macro Intruders: Sneaking Past Office Defenses
This blog was written by Matthew Molyett with contributions from Martin Lee . Introduction Macros have been used since the mid 1990s to spread malware and infect systems. Increased user awareness of the need to disable the macro function within Microsoft Word during the late 90