vulnerability
Cisco ASA DoS Bug Attacked in Wild
This post authored by Nick Biasini Cisco Talos has recently noticed a sudden spike in exploitation attempts against a specific vulnerability in our Cisco Adaptive Security Appliance (ASA) and Firepower Appliance. The vulnerability, CVE-2018-0296, is a denial-of-service and information disclosure d…
Vulnerability Spotlight: Remote code execution vulnerabilities in Simple DirectMedia Layer
Simple DirectMedia Layer contains two vulnerabilities that could an attacker to remotely execute code on the victim’s machine. Both bugs are present in the SDL2_image library, which is used for loading images in different formats. There are vulnerabilities in the function responsible for loading PCX…
Vulnerability Spotlight: Multiple vulnerabilities in ACD Systems Canvas Draw 5
Cisco Talos is disclosing several vulnerabilities in ACD Systems’ Canvas Draw 5, a graphics-editing tool for Mac. The vulnerable component of Canvas Draw 5 lies in the handling of TIFF and PCX images. TIFF is a raster-based image format used in graphics editing projects, thus making it a very…
Vulnerability Deep Dive: TP-Link TL-R600VPN remote code execution vulnerabilities
Vulnerability discovery and research by Jared Rittle and Carl Hurd of Cisco Talos. Introduction TP-Link recently patched three vulnerabilities in their TL-R600VPN gigabit broadband VPN router, firmware version 1.3.0. Cisco Talos publicly disclosed these issues after working with TP-Link to ensure th…
Microsoft Patch Tuesday — January 2019: Vulnerability disclosures and Snort coverage
Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 49 vulnerabilities, seven of which are rated “critical,” 40 that are considered “important” and one that is “moderate.” This release also includes…
Talos Vulnerability Deep Dive – TALOS-2018-0636 / CVE-2018-3971 Sophos HitmanPro.Alert vulnerability
Overview Sophos patched two vulnerabilities in Sophos HitmanPro.Alert on Thursday. We publicly disclosed these issues last week here, Cisco Talos will show you the process of developing an exploit for one of these bugs. We will take a deep dive into TALOS-2018-0636/CVE-2018-3971 to show you the expl…
Vulnerability Spotlight: TALOS-2018-0635/0636 – Sophos HitmanPro.Alert memory disclosure and code execution vulner …
Overview Cisco Talos is disclosing two vulnerabilities in Sophos HitmanPro.Alert, a malware detection and protection tool. Both vulnerabilities lie in the input/output control (IOCTL) message handler. One could allow an attacker to read kernel memory contents, while the other allows code execution a…
Vulnerability Spotlight: Linksys ESeries Multiple OS Command Injection Vulnerabilities
These vulnerabilities were discovered by Jared Rittle of Cisco Talos Today, Talos is disclosing several vulnerabilities that have been identified in Linksys E Series of routers operating system. Multiple exploitable OS command injection vulnerabilities exist in the Linksys ESeries line of routers. S…
Microsoft Patch Tuesday — October 18: Vulnerability disclosures and Snort coverage
Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 49 vulnerabilities, 12 of which are rated “critical,” 34 that are rated “important,” two that are considered to have “moderate”…