vulnerabilities
March 2018 Cisco IOS and IOS XE Software Bundled Publication
Today, we released the first Cisco IOS and IOS XE Software Security Advisory Bundled Publication of 2018. As a reminder, Cisco discloses vulnerabilities in Cisco IOS Software and Cisco IOS XE Software on a predictable schedule—the fourth Wednesday of March and September in each calendar year. Today’…
Microsoft Patch Tuesday – March 2018
Today, Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month’s advisory release addresses 74 new vulnerabilities, with 14 of them rated critical and 59 of them rated important. These vulnerabili…
Workload protection is a full cycle. Tetration uniquely delivers on it all.
There’s always an inherent challenge between providing a secure infrastructure for your applications and delivering agility. How do you manage a complex web – where apps are dynamic and distributed across your own data center and the cloud – and keep security at the front of your priorities? I…
Vulnerability Spotlight: Multiple Vulnerabilities in the CPP and Parity Ethereum Client
Talos is disclosing the presence of multiple vulnerabilities in the CPP and the Parity Ethereum clients. TALOS-2017-0503 / CVE-2017-14457 describes a denial of service vulnerability and potential memory leak in libevm. The function is not currently enabled in the default build. This vulnerability on…
Vulnerability Spotlight: TALOS-2017-0393 / CVE-2017-2886 – ACDSee Ultimate 10 Remote Code Execution Vulnerability
Overview Talos has discovered a remote code execution vulnerability in the ACDSee Ultimate 10 application from ACD Systems International Inc. Exploiting this vulnerabilities can potentially allow an attacker to gain full control over the victim’s machine. If an attacker builds a specially craf…
Perspective About the Recent WPA Vulnerabilities (KRACK Attacks)
On October 16th,Mathy Vanhoef and Frank Piessens, from the University of Leuven, published a paper disclosing a series of vulnerabilities that affect the Wi-Fi Protected Access (WPA) and the Wi-Fi Protected Access II (WPA2) protocols. These are protocol-level vulnerabilities that affect wireless ven…
Vulnerability Spotlight: Multiple vulnerabilities in Computerinsel Photoline
These vulnerabilities are discovered by Piotr Bania of Cisco Talos. Today, Talos is releasing details of multiple vulnerabilities discovered within the Computerinsel GmbH PhotoLine image processing software. PhotoLine, developed by Computerinsel GmbH, is a well established raster and vector graphics…
September 2017 Cisco IOS & IOS XE Software Bundled Publication
Today, we released the last Cisco IOS & IOS XE Software Security Advisory Bundled Publication of 2017. (As a reminder, Cisco discloses vulnerabilities in Cisco IOS and IOS XE Software on a predictable schedule—the fourth Wednesday of March and September in each calendar year). Today’s edition o…
CSAF Common Vulnerability Reporting Framework (CVRF) Version 1.2 is Now Available
I am pleased to announce that the OASIS CSAF Common Vulnerability Reporting Framework (CVRF) Version 1.2 committee specification is now available. As covered in our previous blog posts, the purpose of the OASIS Common Security Advisory Framework (CSAF) Technical Committee (TC) is to standardize the…
4