Vulnerability Spotlight: LibTIFF Issues Lead To Code Execution
These Vulnerabilities were discovered by Tyler Bohan of Cisco Talos. Talos is releasing multiple vulnerabilities (TALOS-2016-0187, TALOS-2016-0190 & TALOS-2016-0205) in the LibTIFF library . One vulnerability (TALOS-2016-0187) is an exploitable heap based buffer overflow that impacts the LibTIFF TIFF2PDF conversion tool. Another vulnerability (TALOS-2016-0190) impacts the parsing and handling of TIFF images ultimately leading to […]
Pumpkin Spiced Locky
This post was authored by Warren Mercer & Edmund Brumaghin Summary We had .locky, we had .odin and then we had .zepto but today we hit rock bottom and we now have Locky using .shit as their encrypted file extension. In today’s latest wave of spam, Talos has observed three distinct spam campaigns distributing the […]
IoT: Securing the Next Chapter of the Digitization “Book”
The Internet of Things (IoT) era is here: Nearly two-thirds of organizations currently collect data from equipment, devices or other connected endpoints and use it for a business purpose,...
Piecing Together Malicious Behavior in Encrypted Traffic
This post was authored by Jan Kohout, Veronica Valeros and Petr Somol. Increasing adoption of encryption in web communication significantly contributes to protection of users' privacy. However, it also brings...
Turning Cybersecurity into a Strategic Advantage
C-suite leaders should think about cybersecurity as a strategic advantage that not only protects business value, but enables new business value.
MBRFilter – Can’t Touch This!
This post was authored by Edmund Brumaghin and Yves Younan Summary Ransomware has become increasingly prevalent in the industry, and in many cases, unless there is a publicly released decryptor available, there is often not an easy means of retrieving encrypted files once a system has been infected. In addition to the creation and maintenance […]
Combatting Cybercrime with an Incident Response Plan
Based on the cybersecurity news proliferating in the mainstream media today – from ransomware incidents to data breaches of massive proportions – it has become clear that organizations need to...
Malicious Microsoft Office Documents Move Beyond InkPicture
In late August we began to detect malicious Microsoft Word documents that contained VisualBasic (VB) macro code and the code appeared to be triggering when the document was opened. However, the documents did not contain any of the standard events used to launch VB macro code when a document is opened, including Document_Open, or Auto_Open events. Upon […]
Evolving Security Disclosures : The New OASIS Common Security Advisory Framework (CSAF) Technical Committee
During the last few years we have witnessed how the cyber security threat landscape has evolved. The emergence of the Internet of Things combined with recent events have profoundly changed how we protect our systems and people, and drive us to think about new approaches for vendors to disclose security vulnerabilities to customers and consumers. […]
Why Cisco Security?
Explore our Products & Services
Get Security Blogs via Email
Stay up to date and get the latest blogs from Cisco Security