0-day

August 18, 2015

THREAT RESEARCH

Microsoft Internet Explorer Out of Band Advisory

1 min read

Today an out of band advisory was released by Microsoft to address CVE-2015-2502. This vulnerability is addressed by MS15-093. MS15-093 address a memory corruption vulnerability in Internet Explorer versions 7, 8, 9, 10, and 11. This affects all currently supported versions of Windows, including Windows 10. This advisory is rated critical. An attacker can craft […]

August 13, 2015

THREAT RESEARCH

Talos Identifies Multiple Memory Corruption Issues in Quicktime

2 min read

Update 2015-08-21: This post has been updated to reflect an additional advisory released on August 20. Talos, in conjunction with Apple’s security advisories issued on August 13 and August 20, has released six advisories for vulnerabilities that Talos found in Apple Quicktime. In accordance with our Vendor Vulnerability Reporting and Disclosure policy, these vulnerabilities have been […]

July 17, 2015

THREAT RESEARCH

Vulnerability Spotlight: Total Commander FileInfo Plugin Denial of Service

1 min read

Talos is releasing an advisory for multiple vulnerabilities that have been found within the Total Commander FileInfo Plugin. These vulnerabilities are local denial of service flaws and have been assigned CVE-2015-2869. In accordance with our Vendor Vulnerability Reporting and Disclosure policy, these vulnerabilities have been disclosed to the plugin author(s) and CERT.  This post serves […]

June 30, 2015

THREAT RESEARCH

Vulnerability Spotlight: Apple Quicktime Corrupt stbl Atom Remote Code Execution

2 min read

This post was authored by Rich Johnson, William Largent, and Ryan Pentney. Earl Carter contributed to this post. Cisco Talos, in conjunction with Apple’s security advisory issued on June 30th,  is disclosing the discovery of a remote code execution vulnerability within Apple Quicktime. This vulnerability was initially discovered by the Talos Vulnerability Research & Development […]

May 12, 2015

THREAT RESEARCH

Microsoft Patch Tuesday – May 2015

4 min read

Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products.  This month’s release sees a total of 13 bulletins being released which address 48 CVEs. Three of the bulletins are listed as Critical and address vulnerabilities in Internet Explorer, GDI+ Font Parsing, and Windows Journal.  The remaining […]

April 14, 2015

THREAT RESEARCH

Microsoft Patch Tuesday for April 2015: 11 Bulletins Released

4 min read

Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products.  This month’s release sees a total of 11 bulletins being released which address 26 CVEs.  The first 4 bulletins are rated Critical and address vulnerabilities within Internet Explorer, Office, IIS, and Graphics Component. The remaining 7 bulletins […]

April 1, 2015

THREAT RESEARCH

Research Spotlight: Project FTR

3 min read

            Intro Historically, networks have always been at risk for new, undiscovered threats. The risk of state sponsored hackers or criminal organizations utilizing 0-day was a constant, and the best defense was simply to keep adding on technologies to maximize the odds of detecting the new threat – like adding […]

March 10, 2015

THREAT RESEARCH

Microsoft Patch Tuesday for March 2015: 14 Bulletins Released; FREAK Patched

5 min read

Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products.  This month’s release sees a total of 14 bulletins being released which address 45 CVEs.  The first 5 bulletins are rated critical and address vulnerabilities within Internet Explorer, Office, Windows, and VBScript. The remaining 9 bulletins are […]

February 10, 2015

THREAT RESEARCH

Microsoft Patch Tuesday for February 2015: 56 vulnerabilities fixed

3 min read

Microsoft’s Patch Tuesday for February 2015 has arrived.  This month’s round of security updates is large with Microsoft releasing 9 bulletins addressing 56 CVEs.  3 of the bulletins are rated critical and address vulnerabilities within Internet Explorer, Windows, and Group Policy.  The remaining 6 bulletins are rated important and address vulnerabilities in Office, Windows, Group […]