vulnerability

July 2, 2019

THREAT RESEARCH

Vulnerability Spotlight: Remote code execution vulnerabilities in Simple DirectMedia Layer

Simple DirectMedia Layer contains two vulnerabilities that could an attacker to remotely execute code on the victim’s machine. Both bugs are present in the SDL2_image library, which is used for...

January 30, 2019

THREAT RESEARCH

Vulnerability Spotlight: Multiple vulnerabilities in ACD Systems Canvas Draw 5

Cisco Talos is disclosing several vulnerabilities in ACD Systems' Canvas Draw 5, a graphics-editing tool for Mac. The vulnerable component of Canvas Draw 5 lies in the handling of TIFF...

January 15, 2019

THREAT RESEARCH

Vulnerability Deep Dive: TP-Link TL-R600VPN remote code execution vulnerabilities

Introduction TP-Link recently patched three vulnerabilities in their TL-R600VPN gigabit broadband VPN router, firmware version 1.3.0. Cisco Talos publicly disclosed these issues after working with TP-Link to ensure...

January 9, 2019

THREAT RESEARCH

Microsoft Patch Tuesday — January 2019: Vulnerability disclosures and Snort coverage

Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 49 vulnerabilities, seven of which are rated “critical,”...

November 1, 2018

THREAT RESEARCH

Talos Vulnerability Deep Dive – TALOS-2018-0636 / CVE-2018-3971 Sophos HitmanPro.Alert vulnerability

Overview After disclosing two vulnerabilities in Sophos HitmanPro.Alert on Thursday, Cisco Talos will show you the process of developing an exploit for one of these bugs. We will take...

October 25, 2018

THREAT RESEARCH

Vulnerability Spotlight: TALOS-2018-0635/0636 – Sophos HitmanPro.Alert memory disclosure and code execution vulner …

Overview Cisco Talos is disclosing two vulnerabilities in Sophos HitmanPro.Alert, a malware detection and protection tool. Both vulnerabilities lie in the input/output control (IOCTL) message handler. One could allow an...

October 16, 2018

THREAT RESEARCH

Vulnerability Spotlight: Linksys ESeries Multiple OS Command Injection Vulnerabilities

These vulnerabilities were discovered by Jared Rittle of Cisco Talos Today, Talos is disclosing several vulnerabilities that have been identified in Linksys E Series of routers operating system. Multiple exploitable...

October 9, 2018

THREAT RESEARCH

Microsoft Patch Tuesday — October 18: Vulnerability disclosures and Snort coverage

Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 49 vulnerabilities, 12 of which are rated "critical,"...

October 1, 2018

THREAT RESEARCH

Vulnerability Spotlight: Multiple vulnerabilities in Atlantis Word Processor

Atlantis Word Processor is a portable word processor that is also capable of converting any TXT, RTF, ODT, DOC, WRI, or DOCX document into an eBook in the ePub format.