Vulnerability Research

October 21, 2015

THREAT RESEARCH

Cisco Identifies Multiple Vulnerabilities in Network Time Protocol daemon (ntpd)

1 min read

Cisco is committed to improving the overall security of the products and services our customers rely on. As part of this commitment, Cisco assesses the security of software components used in our products. Open source software plays a key role in many Cisco products and as a result, ensuring the security of open source software […]

August 13, 2015

THREAT RESEARCH

Talos Identifies Multiple Memory Corruption Issues in Quicktime

2 min read

Update 2015-08-21: This post has been updated to reflect an additional advisory released on August 20. Talos, in conjunction with Apple’s security advisories issued on August 13 and August 20, has released six advisories for vulnerabilities that Talos found in Apple Quicktime. In accordance with our Vendor Vulnerability Reporting and Disclosure policy, these vulnerabilities have been […]

July 27, 2015

SECURITY

The Best Defense is a Good Offense? Why Cisco Security Researchers Attack Cisco Technologies

1 min read

This week, Cisco provided comments on the Department of Commerce’s Bureau of Industry and Security (BIS) proposed cybersecurity regulations. These comments reflect the realities of how Cisco looks to protect both our customers and our products. They also emphasize the critical role that security researches, access to tools, and qualified talent have in cybersecurity. Cisco has […]

July 20, 2015

HIGH TECH POLICY

Concerns about the Department of Commerce’s Proposed Export Rule under the Wassenaar Arrangement

1 min read

Today, Cisco filed comments on a Proposed Rule published by the Department of Commerce’s Bureau of Industry and Security (BIS) in an effort to comply with an international agreement called the Wassenaar Arrangement. The proposal would regulate a wide array of technologies used in security research as controlled exports, in the same manner as if […]

July 17, 2015

THREAT RESEARCH

Vulnerability Spotlight: Total Commander FileInfo Plugin Denial of Service

1 min read

Talos is releasing an advisory for multiple vulnerabilities that have been found within the Total Commander FileInfo Plugin. These vulnerabilities are local denial of service flaws and have been assigned CVE-2015-2869. In accordance with our Vendor Vulnerability Reporting and Disclosure policy, these vulnerabilities have been disclosed to the plugin author(s) and CERT.  This post serves […]