patch

Responsible disclosure of vulnerabilities is a key aspect of security research. Often, the difficulty in responsible disclosure is balancing competing interests – assisting a vendor with patching their product and notifying the general public to prevent a 0-day situation. It is uncomfortable t…

In today’s threat landscape, Adobe Flash Player unfortunately remains an attractive attack vector for adversaries to exploit and compromise systems. Over the past year, Talos has observed several instances where adversaries have identified zero-day vulnerabilities and exploited them to comprom…

Microsoft’s Patch Tuesday has arrived. Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release is fairly light with a total of 6 bulletins released addressing 33 vulnerabilities. Half of the…

Today an out of band advisory was released by Microsoft to address CVE-2015-2502. This vulnerability is addressed by MS15-093. MS15-093 address a memory corruption vulnerability in Internet Explorer versions 7, 8, 9, 10, and 11. This affects all currently supported versions of Windows, including Wi…

This post was authored by Yves Younan and edited by Armin Pelkmann Table of contents CVE-2014-3697, VRT-2014-0205 CVE-2014-3696, VRT-2014-0204 CVE-2014-3695, VRT-2014-0203 Cisco Talos is announcing the discovery and patching of another three 3 CVE vulnerabilities in Pidgin (An open-source multi-plat…

Many network engineers recall the iOS7 update on September 18, 2013 as one of the most historic download days of their network’s history. All the more reason for us in the wireless world who anxiously anticipated the September 17 release of iOS8. We asked a few of our customers to monitor the effect…

Listening to the radio on the way to work recently, I heard that hackers had stolen some 1.2 billion usernames and passwords, affecting as many as 420,000 websites. When asked what listeners could do to protect themselves, the security expert speaking recommended changing passwords. He did not menti…

Is it the end of October already? As has been true for centuries, there is a tradition for children to wear costumes and disguise themselves while going door to door with a simple question: “Trick or treat?” While I am not sure there is a coincidence, but having National Cyber Security Awareness Mon…