vulnerability

August 10, 2016

THREAT RESEARCH

Vulnerability Spotlight: BlueStacks App Player Privilege Escalation

1 min read

Discovered by Marcin ‘Icewall’ Noga of Cisco Talos Talos is releasing an advisory for a vulnerability in BlueStacks App Player. (TALOS-2016-0124/CVE-2016-4288). The BlueStacks App Player is designed to enable Android applications to run on Windows PCs and Macintosh computers. It’s commonly used to run popular Android games on these platforms. Details A weak registry key […]

July 19, 2016

THREAT RESEARCH

Vulnerability Spotlight: Apple Remote Code Execution With Image Files

1 min read

Vulnerabilities discovered by Tyler Bohan of Cisco Talos. Many of the wide variety of file formats are designed for specialized uses within specific industries. Apple offers APIs as interfaces to provide a definitive way to access image data for multiple image formats on the Apple OS X platform. Talos is disclosing the presence of five […]

July 11, 2016

THREAT RESEARCH

Vulnerability Spotlight: Local Code Execution via the Intel HD Graphics Windows Kernel Driver

1 min read

This vulnerability was discovered by Piotr Bania. Talos, in coordination with Intel, is disclosing the discovery of TALOS-2016-0087, a local arbitrary code execution vulnerability within the Intel HD Graphics Windows Kernel Driver. This vulnerability exists in the communication functionality of the driver and can be exploited if a specially crafted message is sent to the […]

June 21, 2016

THREAT RESEARCH

The Poisoned Archives

1 min read

libarchive is an open-source library that provides access to a variety of different file archive formats, and it’s used just about everywhere. Cisco Talos has recently worked with the maintainers of libarchive to patch three rather severe bugs in the library. Because of the number of products that include libarchive in their handling of compressed […]

Network Security is Not Child’s Play

3 min read

Do you remember the childhood game Gossip? Maybe you played it. A secret message is whispered from one person to the next until it reaches the last person who says out loud what they believed they heard. Whether by an honest misunderstanding or intentional sabotage, often the end message is nothing like the original. Now, […]

April 28, 2016

SECURITY

The Evolution of Scoring Security Vulnerabilities

6 min read

The Common Vulnerability Scoring System (CVSS), which is used by many in the industry as a standard way to assess and score security vulnerabilities, is evolving to a new version known as CVSSv3. These changes addressed some of the challenges that existed in CVSSv2; CVSSv3 analyzes the scope of a vulnerability and identifies the privileges […]

April 7, 2016

THREAT RESEARCH

News Flash! Another Adobe Flash Zero-day Vulnerability Spotted in the Wild

1 min read

In today’s threat landscape, Adobe Flash Player unfortunately remains an attractive attack vector for adversaries to exploit and compromise systems. Over the past year, Talos has observed several instances where adversaries have identified zero-day vulnerabilities and exploited them to compromise systems. Talos is aware of reports that CVE-2016-1019, an Adobe Flash 0-day vulnerability, is currently […]

February 8, 2016

THREAT RESEARCH

The Internet of Things Is Not Always So Comforting

1 min read

Over the past few years, the Internet of Things (IoT) has emerged as reality with the advent of smart refrigerators, smart HVAC systems, smart TVs, and more. Embedding internet-enabled devices into everything presents new opportunities in connecting these systems to each other, making them “smarter,” and making our lives more convenient than ever before. Despite […]

September 8, 2015

THREAT RESEARCH

Microsoft Patch Tuesday – September 2015

5 min read

Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release sees a total of 12 bulletins released which address 55 CVEs. Five bulletins are rated “Critical” this month and address vulnerabilities in Edge, Graphics Component, Internet Explorer, Journal, and Office. The other seven bulletins […]