security vulnerabilities

1 min read

Vulnerabilities discovered by Talos Talos is disclosing multiple vulnerabilities discovered in the Aerospike Database Server. These vulnerabilities range from memory disclosure to potential remote code execution. This software is used by various companies that require a high performance NoSQL database. Aerospike fixed these issues in  version 3.11. The Aerospike Database Server is both a distributed and […]

1 min read

The final patch Tuesday of 2016 has arrived. Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release contains 12 bulletins addressing 48 vulnerabilities. Six bulletins are rated critical and address vulnerabilities in Internet Explorer, Edge, Microsoft Graphics Components, Microsoft Uniscribe, and Adobe Flash […]

1 min read

Overview Crash triaging can be a long and complicated process; by using proper tools and having an optimal approach, we can make this a bit easier and less time consuming. In this post we describe a triaging strategy and toolset based on two examples of vulnerability classes: Stack based buffer overflow Heap based buffer overflow […]

3 min read

Back in April, I wrote a blog post about the new version of the Common Vulnerability Scoring System (CVSS). The changes made for CVSSv3 addressed some of the challenges that existed in CVSSv2. For example, CVSSv3 analyzes the scope of a vulnerability and identifies the privileges an attacker needs to exploit it. The CVSSv3 enhancements […]

3 min read

In late August we began to detect malicious Microsoft Word documents that contained VisualBasic (VB) macro code and the code appeared to be triggering when the document was opened. However, the documents did not contain any of the standard events used to launch VB macro code when a document is opened, including Document_Open, or Auto_Open events. Upon […]

1 min read

Today, we released the last Cisco IOS & IOS XE Software Security Advisory Bundled Publication of 2016. (As a reminder, Cisco discloses vulnerabilities in Cisco IOS and IOS XE Software on a predictable schedule—the fourth Wednesday of March and September in each calendar year).  Today’s edition of the Cisco IOS & IOS XE Software Security Advisory […]

3 min read

Cisco has been working to draw attention to the hidden security risks organizations face by not properly maintaining their aging infrastructure and patching vulnerable systems. Threat actors, including ransomware operators, are using vulnerable Internet infrastructure as a foothold to launch their campaigns. The trends lead us to believe we should expect to see more of […]

1 min read

Vulnerabilities discovered by Aleksandar Nikolic. Blog post authored by Jaeson Schultz and Aleksandar Nikolic. One of the most fundamental tasks performed by many software programs involves the reading, writing, and general processing of files. In today’s highly networked environments, files and the programs that process them can be found just about everywhere: FTP transfers, HTTP […]

1 min read

These vulnerabilities were discovered by Yves Younan. Pidgin is a universal chat client that is used on millions of systems worldwide. The Pidgin chat client enables you to communicate on multiple chat networks simultaneously. Talos has identified multiple vulnerabilities in the way Pidgin handles the MXit protocol. These vulnerabilities fall into the following four categories. […]