vulnerability

October 6, 2020

THREAT RESEARCH

90 days, 16 bugs, and an Azure Sphere Challenge

1 min read

Cisco Talos reports 16 vulnerabilities in Microsoft Azure Sphere’s sponsored research challenge. By Claudio Bozzato and Lilith [-_-]; and Dave McDaniel.   On May 15, 2020, Microsoft kicked off the Azure Sphere Security Research Challenge, a three-month initiative aimed at finding bugs in Azure Sphere. Among the teams and individuals selected, Cisco Talos conducted a […]

June 26, 2020

SECURITY

Ripple20: Critical Vulnerabilities Might be Putting Your IoT/OT Devices at Risk

4 min read

Ripple20 are critical vulnerabilities targeting IoT and OT assets. Learn how Cisco Cyber Vision and ISA3000 can help you detect them and protect your industrial operations.

December 20, 2019

SECURITY

Cisco ASA DoS Bug Attacked in Wild

1 min read

This post authored by Nick Biasini Cisco Talos has recently noticed a sudden spike in exploitation attempts against a specific vulnerability in our Cisco Adaptive Security Appliance (ASA) and Firepower Appliance. The vulnerability, CVE-2018-0296, is a denial-of-service and information disclosure directory traversal bug found in the web framework of the appliance. The attacker can use a specially […]

July 2, 2019

THREAT RESEARCH

Vulnerability Spotlight: Remote code execution vulnerabilities in Simple DirectMedia Layer

1 min read

Simple DirectMedia Layer contains two vulnerabilities that could an attacker to remotely execute code on the victim’s machine. Both bugs are present in the SDL2_image library, which is used for...

January 30, 2019

THREAT RESEARCH

Vulnerability Spotlight: Multiple vulnerabilities in ACD Systems Canvas Draw 5

1 min read

Cisco Talos is disclosing several vulnerabilities in ACD Systems' Canvas Draw 5, a graphics-editing tool for Mac. The vulnerable component of Canvas Draw 5 lies in the handling of TIFF...

January 15, 2019

THREAT RESEARCH

Vulnerability Deep Dive: TP-Link TL-R600VPN remote code execution vulnerabilities

1 min read

Introduction TP-Link recently patched three vulnerabilities in their TL-R600VPN gigabit broadband VPN router, firmware version 1.3.0. Cisco Talos publicly disclosed these issues after working with TP-Link to ensure...

January 9, 2019

THREAT RESEARCH

Microsoft Patch Tuesday — January 2019: Vulnerability disclosures and Snort coverage

1 min read

Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 49 vulnerabilities, seven of which are rated “critical,”...

November 1, 2018

THREAT RESEARCH

Talos Vulnerability Deep Dive – TALOS-2018-0636 / CVE-2018-3971 Sophos HitmanPro.Alert vulnerability

1 min read

Overview After disclosing two vulnerabilities in Sophos HitmanPro.Alert on Thursday, Cisco Talos will show you the process of developing an exploit for one of these bugs. We will take...

October 25, 2018

THREAT RESEARCH

Vulnerability Spotlight: TALOS-2018-0635/0636 – Sophos HitmanPro.Alert memory disclosure and code execution vulner …

1 min read

Overview Cisco Talos is disclosing two vulnerabilities in Sophos HitmanPro.Alert, a malware detection and protection tool. Both vulnerabilities lie in the input/output control (IOCTL) message handler. One could allow an...