Threat Roundup for October 30 to November 6

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Oct. 30 and Nov. 6. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

Deception Technology: No Longer Only A Fortune 2000 Solution

A cyber-attacker successfully breaks into your environment and begins sneaking around to find something valuable - intellectual property, bank account credentials, company plans, whatever. The attacker makes his way to a certain host on a network node to browse the directories, and suddenly, his...

Windows 10 update history

Windows 10 update history Updates for Windows 10 initial version released July 2015 Windows 10 is a service, which means it gets better through periodic software updates.The great news is you usually don’t have to do anything! If you have enabled automatic updates, new updates will automatically...

Windows 10 and Windows Server 2016 update history

Windows 10 and Windows Server 2016 update history Updates for Windows 10 version 1607 and Windows Server 2016 Windows 10 is a service, which means it gets better through periodic software updates.The great news is you usually don’t have to do anything! If you have enabled automatic updates, new...

Satellite: Local user impersonation by Single sign-on (SSO) user leads to account takeover

Red Hat Satellite's external authentication component is vulnerable to a full account takeover flaw. This flaw allows an attacker with an authenticated account on Single sign-on SSO to gain elevated privileges of existing local users. This issue only affects users who have configured Satellite to...

OS Command Injection

lookatme is vulnerable to OS command injection. The vulnerability exists through the rendering of untrusted markdown when the built-in terminal and fileloader extensions are automatically loaded...

CVE-2020-15271

In lookatme python/pypi package versions prior to 2.3.0, the package automatically loaded the built-in "terminal" and "fileloader" extensions. Users that use lookatme to render untrusted markdown may have malicious shell commands automatically run on their system. This is fixed in version 2.3.0. ...

Command execution vulnerability in the backend of more than 100 systems shipped

Shipping 100 is a virtual goods automatic shipping system / article pay to read system, without human guards, customers can buy online to automatically complete the transaction. A command execution vulnerability exists in the backend of several Shipment 100 systems. Attackers can use the...

Threat Roundup for October 9 to October 16

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Oct. 9 and Oct. 16. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

Wormable Apple iCloud Bug Allows Automatic Photo Theft

A group of ethical hackers cracked open Apple’s infrastructure and systems and, over the course of three months, discovered 55 vulnerabilities, a number of which would have given attackers complete control over customer and employee applications. Of note, a critical, wormable iCloud account...

UBUNTU-CVE-2020-15646

If an attacker intercepts Thunderbird's initial attempt to perform automatic account setup using the Microsoft Exchange autodiscovery mechanism, and the attacker sends a crafted response, then Thunderbird sends username and password over https to a server controlled by the attacker. This...

CVE-2020-15646

If an attacker intercepts Thunderbird's initial attempt to perform automatic account setup using the Microsoft Exchange autodiscovery mechanism, and the attacker sends a crafted response, then Thunderbird sends username and password over https to a server controlled by the attacker. This...

Threat Roundup for September 18 to September 25

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Sept. 18 and Sept. 25. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral...

CVE-2020-3560

A vulnerability in Cisco Aironet Access Points APs could allow an unauthenticated, remote attacker to cause a denial of service DoS on an affected device. The vulnerability is due to improper resource management while processing specific packets. An attacker could exploit this vulnerability by...

CVE-2020-3527

A vulnerability in the Polaris kernel of Cisco Catalyst 9200 Series Switches could allow an unauthenticated, remote attacker to crash the device. The vulnerability is due to insufficient packet size validation. An attacker could exploit this vulnerability by sending jumbo frames or frames larger...

Design/Logic Flaw

A vulnerability in the Polaris kernel of Cisco Catalyst 9200 Series Switches could allow an unauthenticated, remote attacker to crash the device. The vulnerability is due to insufficient packet size validation. An attacker could exploit this vulnerability by sending jumbo frames or frames larger...

CVE-2020-3527

CVE-2020-3527 affects Cisco Catalyst 9200 Series Switches (Polaris kernel). The vulnerability arises from insufficient packet-size validation, allowing an unauthenticated, remote attacker to crash the device by sending jumbo frames or frames larger than the configured MTU to the management interf...

CVE-2020-3560 Cisco Aironet Access Points UDP Flooding Denial of Service Vulnerability

A vulnerability in Cisco Aironet Access Points APs could allow an unauthenticated, remote attacker to cause a denial of service DoS on an affected device. The vulnerability is due to improper resource management while processing specific packets. An attacker could exploit this vulnerability by...

CVE-2019-16000

A vulnerability in the automatic update process of Cisco Umbrella Roaming Client for Windows could allow an authenticated, local attacker to install arbitrary, unapproved applications on a targeted device. The vulnerability is due to insufficient verification of the Windows Installer. An attacker...

Design/Logic Flaw

A vulnerability in the automatic update process of Cisco Umbrella Roaming Client for Windows could allow an authenticated, local attacker to install arbitrary, unapproved applications on a targeted device. The vulnerability is due to insufficient verification of the Windows Installer. An attacker...