- Our Favorite Topics:
Get Ready, Get Certified: Early Adoption of CBPR Makes Doing Business with Asia Easier
2 min read
While the EU General Data Protection Regulation (GDPR) enforcement deadline is less than a year away and it’s “all systems go” to get ready, privacy – like all other fundamental human rights – is not just a European issue. The specific rules and requirements might differ between jurisdictions, but the principles of protecting and respecting […]
Vulnerability Spotlight: YAML Parsing Remote Code Execution Vulnerabilities in Ansible Vault and Tablib.
1 min read
Talos is disclosing the presences of remote code execution vulnerabilities in the processing of Yet Another Markup Language (YAML) content in Ansible Vault and Tablib. Attackers can exploit these vulnerabilities through supplying malicious YAML content to execute arbitrary commands on vulnerable systems. YAML is a data serialisation markup format which is designed to be readable […]
When Walls Come Down: Working Together to Protect IoT Devices
3 min read
When you begin remodeling an older home you realize that some walls are there for good reasons. Others block our modern, open-floor-plan lifestyles and can come down. Years ago, factories and utilities separated their Information Technology (IT) and Operations Technology (OT) teams. The thinking was that such walls helped ensure reliability and uptime so that […]
Vulnerability Spotlight: LibOFX Tag Parsing Code Execution Vulnerability
1 min read
This vulnerability was discovered by Cory Duplantis of Talos Update 9/20/2017: A patch is now available to fix this issue. Overview LibOFX is an open source implementation of OFX (Open Financial Exchange) an open format used by financial institutions to share financial data with clients. As an implementation of a complex standard, this library is […]
Microsoft Patch Tuesday – September 2017
1 min read
Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month’s advisory release addresses 81 new vulnerabilities with 27 of them rated critical, 52 rated important, and 2 rated moderate. These vulnerabilities impact Edge, Hyper-V, Internet Explorer, Office, Remote Desktop Protocol, Sharepoint, Windows Graphic […]
Vulnerability Spotlight: TALOS-2017-0430/0431: Multiple Vulnerabilities in FreeXL Library
1 min read
Talos has discovered two remote code execution vulnerabilities in the the FreeXL library. FreeXL is an open source C library to extract valid data from within an Excel (.xls) spreadsheet. Exploiting these vulnerabilities can potentially allow an attacker to execute arbitrary code on the victim’s machine. If an attacker builds a specially crafted XLS (Excel) […]
Another Apache Struts Vulnerability Under Active Exploitation
1 min read
This post authored by Nick Biasini with contributions from Alex Chiu. Earlier this week, a critical vulnerability in Apache Struts was publically disclosed in a security advisory. This new vulnerability, identified as CVE-2017-9805, manifests due to the way the REST plugin uses XStreamHandler with an instance of XStream for deserialization without any type filtering. As […]
Vulnerability Spotlight: Content Security Policy bypass in Microsoft Edge, Google Chrome and Apple Safari
1 min read
The vulnerabilities were discovered by Nicolai Grødum of Cisco. Today, Talos is releasing details of vulnerabilities discovered in Microsoft Edge browser as well as older versions of Google Chrome (CVE-2017-5033) and browsers based on the Webkit such as Apple Safari (CVE-2017-2419). An attacker may be able to exploit the vulnerabilities and bypass the Content Security […]
Graftor – But I Never Asked for This…
1 min read
Overview Free software often downloaded from large freeware distribution sites is a boon for the internet, providing users with functionality that otherwise they would not be able to use. Often users, happy that they are getting something free, fail to pay attention to the hints in the licence agreement that they are receiving additional software […]
Cisco Cybersecurity Viewpoints
Where security insights and innovation meet. Read the e-book, see the video, dive into the infographic and more...
Why Cisco Security?
Explore our Products & Services
1