Five defender priorities from the Talos Year in Review

A familiar theme in security right now is that the barrier to entry for attackers is at an all-time low. AI tools can spin up websites within minutes that can easily direct data to disposable external data stores and send alerts for new captures -- all without code. One such case was recently...

CVE-2019-17061

The Bluetooth Low Energy BLE stack implementation on Cypress PSoC 4 through 3.62 devices does not properly restrict the BLE Link Layer header and executes certain memory contents upon receiving a packet with a Link Layer ID LLID equal to zero. This allows attackers within radio range to cause...

Identity Threat Detection and Response Solution Guide

The Emergence of Identity Threat Detection and Response Identity Threat Detection and Response ITDR has emerged as a critical component to effectively detect and respond to identity-based attacks. Threat actors have shown their ability to compromise the identity infrastructure and move laterally...

SUSE-SU-2024:2890-1 Security update for libqt5-qtbase

This update for libqt5-qtbase fixes the following issues: - CVE-2023-51714: Fixed an incorrect integer overflow check bsc1218413. - CVE-2024-39936: Fixed information leakage due to process HTTP2 communication before encrypted can be responded to bsc1227426 - CVE-2023-45935: Fixed NULL pointer...

SUSE-SU-2024:2883-1 Security update for libqt5-qtbase

This update for libqt5-qtbase fixes the following issues: - CVE-2023-45935: Fixed NULL pointer dereference in QXcbConnection::initializeAllAtoms due to anomalous behavior from the X server bsc1222120 - CVE-2024-39936: Fixed information leakage due to process HTTP2 communication before encrypted c...

CVE-2023-45935

Qt 6 through 6.6 was discovered to contain a NULL pointer dereference via the function QXcbConnection::initializeAllAtoms. NOTE: this is disputed because it is not expected that an X application should continue to run when there is arbitrary anomalous behavior from the X server...

CVE-2023-45920

Xfig v3.2.8 was discovered to contain a NULL pointer dereference when calling XGetWMHints. NOTE: this is disputed because it is not expected that an X application should continue to run when there is arbitrary anomalous behavior from the X server or window manager...

CVE-2023-45920

Xfig v3.2.8 was discovered to contain a NULL pointer dereference when calling XGetWMHints. NOTE: this is disputed because it is not expected that an X application should continue to run when there is arbitrary anomalous behavior from the X server or window manager...

CVE-2023-45935

Qt 6 through 6.6 was discovered to contain a NULL pointer dereference via the function QXcbConnection::initializeAllAtoms. NOTE: this is disputed because it is not expected that an X application should continue to run when there is arbitrary anomalous behavior from the X server...

CVE-2023-45920

Xfig v3.2.8 was discovered to contain a NULL pointer dereference when calling XGetWMHints. NOTE: this is disputed because it is not expected that an X application should continue to run when there is arbitrary anomalous behavior from the X server or window manager...

CVE-2023-45920

Xfig v3.2.8 contains a NULL pointer dereference in XGetWMHints(), CVE-2023-45920. Multiple connected advisories confirm the issue and note that its remediation has been released: Mageia (MGASA-2024-0125), SUSE (SUSE-SU-2024:1196-1), and OSV entries indicate fixes. Descriptions consistently state ...

The Future of Network Security: Predictive Analytics and ML-Driven Solutions

As the digital age evolves and continues to shape the business landscape, corporate networks have become increasingly complex and distributed. The amount of data a company collects to detect malicious behaviour constantly increases, making it challenging to detect deceptive and unknown attack...

The art and science behind Microsoft threat hunting: Part 1

At Microsoft, we define threat hunting as the practice of actively looking for cyberthreats that have covertly or not so covertly penetrated an environment. This involves looking beyond the known alerts or malicious threats to discover new potential threats and vulnerabilities. Why do incident...

Detecting and preventing privilege escalation attacks leveraging Kerberos relaying (KrbRelayUp)

On April 24, 2022, a privilege escalation hacking tool, KrbRelayUp, was publicly disclosed on GitHub by security researcher Mor Davidovich. KrbRelayUp is a wrapper that can streamline the use of some features in Rubeus, KrbRelay, SCMUACBypass, PowerMad/SharpMad, Whisker, and ADCSPwn tools in...

Security Bulletin: IBM InfoSphere Master Data Management Server is vulnerable to HTTP Parameter Override discovered in MDM User Interface (CVE-2016-9717)

Summary IBM InfoSphere Master Data Management is vulnerable to a HTTP Parameter Override which may produce an anomalous behavior in the application that can be potentially exploited . Vulnerability Details CVEID: CVE-2016-9717 DESCRIPTION: HTTP Parameter Override is identified in IBM Infosphere...

Live-Forensicator - Powershell Script To Aid Incidence Response And Live Forensics

Live Forensicator is part of the Black Widow Toolbox, its aim is to assist Forensic Investigators and Incidence responders in carrying out a quick live forensic investigation. It achieves this by gathering different system information for further review for anomalous behaviour or unexpected data...

3 Tips for Facing the Harsh Truths of Cybersecurity in 2022, Part I

Be forewarned—I’m about to lay down some harsh truths here. First, ransomware is prevalent, and there is no way to completely eliminate the threat. Second, at this point, you should operate under the assumption that hackers are already in your systems or could easily access them at any moment. It...

How Page Integrity Manager Detects Real-World Magecart Attacks

Written by Ziv Eli - Engineering Manager, Security and Maor Hod - Senior Product Manager, Security In this blog, we will take a look at and break down a recent Magecart attack detected and mitigated by Page Integrity Manager. The impacted customer operates a large international e-commerce busines...

Long Tail Analysis: A New Hope in the Cybercrime Battle

Our hyper-connected world and its ever-faster network speeds have resulted in mountains of diverse data that needs to be processed. It has also resulted in an ever-expanding attack surface, requiring cybersecurity solutions to scale like never before. These days, scale is about more than traffic...

CVE-2019-17060

The Bluetooth Low Energy BLE stack implementation on the NXP KW41Z based on the MCUXpresso SDK with Bluetooth Low Energy Driver 2.2.1 and earlier does not properly restrict the BLE Link Layer header and executes certain memory contents upon receiving a packet with a Link Layer ID LLID equal to...