Articles
Vulnerability Spotlight: Multiple Vulnerabilities in Moxa EDR-810 Industrial Secure Router
These vulnerabilities were discovered by Carlos Pacho of Cisco Talos Today, Talos is disclosing several vulnerabilities that have been identified in Moxa EDR-810 industrial secure router. Moxa EDR-810 is an industrial secure router with firewall/NAT/VPN and managed Layer 2 switch functions. It is de…
Malware monitor – leveraging PyREBox for malware analysis
This post was authored by Xabier Ugarte Pedrero In July 2017 we released PyREBox, a Python Scriptable Reverse Engineering Sandbox as an open source tool. This project is part of our continuous effort to create new tools to improve our workflows. PyREBox is a versatile instrumentation framework based…
Vulnerability Spotlight: TALOS-2018-0529-531 – Multiple Vulnerabilities in NASA CFITSIO library
Vulnerabilities discovered by Tyler Bohan from Talos Overview Talos is disclosing three remote code execution vulnerabilities in the NASA CFITSIO library. CFITSIO is a library of C and Fortran subroutines for reading and writing data files in the Flexible Image Transport System (FITS) data format. F…
Vulnerability Spotlight: Multiple Simple DirectMedia Layer Vulnerabilities
Discovered by Lilith Wyatt of Cisco Talos Overview Talos is disclosing several vulnerabilities identified in Simple DirectMedia Layer’s SDL2_Image library that could allow code execution. Simple DirectMedia Layer is a cross-platform development library designed to provide low level access to a…
Vulnerability Spotlight: Multiple Computerinsel PhotoLine PSD Code Execution Vulnerabilities
Discovered by Tyler Bohan of Cisco Talos Overview Today, Cisco Talos is disclosing a vulnerability within Computerinsel PhotoLine’s PSD-parsing functionality. Photoline is an image processing tool used to modify and edit images, as well as other graphic-related material. This product has a lar…
Microsoft Patch Tuesday – April 2018
Today, Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month’s advisory release addresses 68 new vulnerabilities, with 26 of them rated critical, 40 of them rated important and 1 of them rated m…
Critical Infrastructure at Risk: Advanced Actors Target Smart Install Client
Update: 4/9 Cisco PSIRT has released additional guidance available here. Cisco has recently become aware of specific advanced actors targeting Cisco switches by leveraging a protocol misuse issue in the Cisco Smart Install Client. Several incidents in multiple countries, including some specifically…
Vulnerability Spotlight: Natus NeuroWorks Multiple Vulnerabilities
Vulnerabilities discovered by Cory Duplantis from Talos Overview Talos has discovered multiple vulnerabilities in Natus NeuroWorks software. This software is used in the Natus Xltek EEG medical products from Natus Medical Inc. The vulnerable devices contain an ethernet connection for data acquisitio…
Vulnerability Spotlight: Moxa AWK-3131A Multiple Features Login Username Parameter OS Command Injection Vulnerability
This vulnerability is discovered by Patrick DeSantis and Dave McDaniel of Cisco Talos Today, Talos is disclosing TALOS-2017-0507 (CVE-2017-14459), a vulnerability that has been identified in Moxa AWK-3131A industrial wireless access point. The Moxa AWK-3131A Industrial IEEE 802.11a/b/g/n wireless A…