patch

November 28, 2016

THREAT RESEARCH

Talos Responsible Disclosure Policy Update

1 min read

Responsible disclosure of vulnerabilities is a key aspect of security research. Often, the difficulty in responsible disclosure is balancing competing interests - assisting a vendor with patching their...

April 7, 2016

THREAT RESEARCH

News Flash! Another Adobe Flash Zero-day Vulnerability Spotted in the Wild

1 min read

In today’s threat landscape, Adobe Flash Player unfortunately remains an attractive attack vector for adversaries to exploit and compromise systems. Over the past year, Talos has observed several instances where adversaries have identified zero-day vulnerabilities and exploited them to compromise systems. Talos is aware of reports that CVE-2016-1019, an Adobe Flash 0-day vulnerability, is currently […]

October 13, 2015

THREAT RESEARCH

Microsoft Patch Tuesday – October 2015

4 min read

Microsoft’s Patch Tuesday has arrived. Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release is fairly light with a total of 6 bulletins released addressing 33 vulnerabilities. Half of the bulletins are rated “Critical” and address vulnerabilities in Internet Explorer, JScript/VBScript, and the […]

August 18, 2015

THREAT RESEARCH

Microsoft Internet Explorer Out of Band Advisory

1 min read

Today an out of band advisory was released by Microsoft to address CVE-2015-2502. This vulnerability is addressed by MS15-093. MS15-093 address a memory corruption vulnerability in Internet Explorer versions 7, 8, 9, 10, and 11. This affects all currently supported versions of Windows, including Windows 10. This advisory is rated critical. An attacker can craft […]

November 7, 2014

THREAT RESEARCH

Talos Discovered Three More Vulnerabilities in Pidgin

3 min read

This post was authored by Yves Younan and edited by Armin Pelkmann Table of contents CVE-2014-3697, VRT-2014-0205 CVE-2014-3696, VRT-2014-0204 CVE-2014-3695, VRT-2014-0203 Cisco Talos is announcing the discovery and patching of another three 3 CVE vulnerabilities in Pidgin (An open-source multi-platform instant messaging client – see wikipedia page). These vulnerabilities were discovered by our team and reported to the Pidgin team. They were […]

August 21, 2014

SECURITY

Cisco 2014 Midyear Security Report: Brush Your Teeth, Change Your Passwords, Update Your Software

2 min read

Listening to the radio on the way to work recently, I heard that hackers had stolen some 1.2 billion usernames and passwords, affecting as many as 420,000 websites. When asked what listeners could do to protect themselves, the security expert speaking recommended changing passwords. He did not mention which ones. Indeed, the names of the […]

October 31, 2013

SECURITY

NCSAM 2013 Wrap-Up: Cisco Thought Leadership Regarding a Different Ghost in the Machine

1 min read

Is it the end of October already? As has been true for centuries, there is a tradition for children to wear costumes and disguise themselves while going door to door with a simple question: “Trick or treat?” While I am not sure there is a coincidence, but having National Cyber Security Awareness Month (NCSAM) end […]