Security

1 min read

Overview Talos is disclosing TALOS-2016-0259 / CVE-2016-8710. An exploitable heap write out of bounds vulnerability exists in the decoding of BPG images in libbpg library. A crafted BPG image decoded by libbpg can cause an integer underflow vulnerability causing an out of bounds heap write leading to remote code execution. This vulnerability can be triggered […]

2 min read

It may have come to you in an email or perhaps during a 1:1 with your boss but either way the news probably caught you by surprise. You will be taking your security skills to the industrial side of the house. Congratulations! And good luck – you are going to need it. Much of what […]

2 min read

We humans love to share and communicate. From the beginning of recorded history, we’ve sought connection, culture, and commerce by sharing aspects of ourselves with others. But we also want to be left alone without undue interference to lead our lives. So how do we solve this dichotomy? First off, let me emphatically say that […]

2 min read

Networks today are supposed to be digital-ready, meaning fast and agile to propel business into a world where everything is connected. Getting there has hit some major speedbumps due to highly publicized hacks. And this has started a virtual arms race, where no expense is spared to deploy numerous, disparate security solutions. Yet somehow, the […]

1 min read

Discovered by Aleksandar Nikolic of Cisco Talos Overview Talos is disclosing TALOS-2016-0259 / CVE-2017-2791 an uninitialized memory vulnerability in Adobe Acrobat Reader DC. Adobe Acrobat Reader is one of the largest and well known PDF readers available today. This particular vulnerability is associated with the JPEG Decoder functionality embedded in the application. A specially crafted […]

4 min read

One of your sales people, Susan, is on the road putting some finishing touches on a presentation before a big meeting. Using the hotel Wi-Fi she does a quick search to see if there’s any relevant company or industry news she needs to know about before meeting with the client. She clicks on several websites, […]

1 min read

Recent cyber attacks on organizations around the world have demonstrated the need for consistency in managing security vulnerabilities. To answer that demand, the Industry Consortium for the Advancement of Security on the Internet (ICASI) and the Forum of Incident Response and Security Teams (FIRST) created the FIRST Vulnerability Coordination Special Interest Group (SIG). This is […]

6 min read

This blog post was authored by Veronica Valeros and Lukas Machlica Malicious actors are constantly evolving their techniques in order to evade detection. It is not only the sophistication or the rapid...

1 min read

The Cisco Product Security Incident Response Team (PSIRT) is now scoring all security advisories addressing security vulnerabilities that affect Cisco products and multivendor vulnerability alerts using the Common Vulnerability Scoring System version 3 (CVSSv3). The stakeholders at the Forum of Incident Response and Security Teams (FIRST) have done a great job in this new version […]