Threat Trends: Vulnerabilities
Are the most talked about vulnerabilities the same as those that are most widely used in attacks?
Talos Vulnerability Discovery Year in Review — 2020
Cisco Talos' Systems Vulnerability Research Team discovered 231 vulnerabilities this year across a wide range of products. And thanks to our vendor partners, these vulnerabilities were patched and published before any attackers could exploit them. Mitigating possible zero-day breeches in your defenses is the easiest and fastest way to prevent wide-ranging and business-critical cyber attacks.
Trustworthy Networking is Not Just Technological, It’s Cultural
With the multitude of dangers constantly testing networks, there should be no such concept of “implicit trust”. At the core of the defensive network is the principle of proven trustworthy hardware and software, working in conjunction to protect network devices, data, and applications from attacks.
Talos Vulnerability Discovery Year in Review – 2019
Introduction Cisco Talos’ Systems Security Research Team investigates software, operating system, IOT and ICS vulnerabilities in order to discover them before malicious threat actors do. We provide this information to the affected vendors so that they can create patches and protect their customers as soon as possible. We strive to improve the security of our […]
Keeping Up with Security Vulnerability Disclosures with the Cisco PSIRT openVuln API
The Cisco PSIRT openVuln API is a RESTful API that allows customers to obtain Cisco security vulnerability information in different machine-consumable formats. It supports industrywide security standards such as the Common Vulnerability Reporting Framework (CVRF), Open Vulnerability and Assessment Language (OVAL), Common Vulnerability and Exposure (CVE) identifiers, Common Weakness Enumeration (CWE), and the Common Vulnerability Scoring System (CVSS). This API […]
Microsoft Patch Tuesday – December 2016
The final patch Tuesday of 2016 has arrived. Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release contains 12 bulletins addressing 48 vulnerabilities. Six bulletins are rated critical and address vulnerabilities in Internet Explorer, Edge, Microsoft Graphics Components, Microsoft Uniscribe, and Adobe Flash […]
Microsoft Patch Tuesday – November 2016
Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. For a detailed explanation of each of the categories listed below, please go to https://technet.microsoft.com/en-us/security/gg309177.aspx. This month’s release is packed full of goodies, but you don’t want to wait to review them over Thanksgiving dinner as there […]
Fiesta Exploit Pack is No Party for Drive-By Victims
This post was also authored by Andrew Tsonchev and Steven Poulson. Update 2014-05-26: Thank you to Fox-IT for providing the Fiesta logo image. We updated the caption to accurately reflect image attribution. Cisco’s Cloud Web Security (CWS) service provides TRAC researchers with a constant fire hose of malicious insight and now that we are collaborating with Sourcefire’s Vulnerability Research […]