44 matches found
TP-Link, Photoshop, OpenVPN, Norton VPN vulnerabilities
Cisco Talos' Vulnerability Discovery & Research team recently disclosed eight vulnerabilities in TP-Link, and one each in Adobe Photoshop, OpenVPN, and Gen Digital's Norton VPN. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, in adherence to Cisco 's...
New in Snort3: Enhanced rule grouping for greater flexibility and control
Today, Cisco Talos is introducing new capabilities for Snort3 users within Cisco Secure Firewall. These enhancements are designed to give you greater flexibility in how you manage, organize, and prioritize detection rules. They also make it easier to align SNORT® rules with your organization's...
Suricata IDPE 8.0.1
Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and...
November Patch Tuesday release contains three critical remote code execution vulnerabilities
The Patch Tuesday for November of 2024 includes 89 vulnerabilities, including four that Microsoft marked as "critical." The remaining vulnerabilities listed are classified as "important." Microsoft assessed that exploitation of the four "critical" vulnerabilities is "less likely." CVE-2024-43639 ...
Ryan Pentney reflects on 10 years of Talos and his many roles from the Sourcefire days
As the adage goes: "You dont know what you dont know." For Ryan Pentney and his team, they know what they dont know. And they wake up every morning trying to figure out how they can answer those questions about emerging threats and some of the largest state-sponsored actors in the world. Pentney ...
Only one critical vulnerability included in May’s Microsoft Patch Tuesday; One other zero-day in DWN Core
After a relatively hefty Microsoft Patch Tuesday in April, this months security update from the company only included one critical vulnerability across its massive suite of products and services. In all, Mays slate of vulnerabilities disclosed by Microsoft included 59 total CVEs, most of which ar...
April’s Patch Tuesday includes 150 vulnerabilities, 60 which could lead to remote code execution
In one of the largest Patch Tuesdays in years, Microsoft disclosed 150 vulnerabilities across its software and product portfolio this week, including more than 60 that could lead to remote code execution. Though Aprils monthly security update from Microsoft is the largest since at least the start...
Another Patch Tuesday with no zero-days, only two critical vulnerabilities disclosed by Microsoft
For the second month in 2024, there are no actively exploited vulnerabilities included in this months security update from Microsoft. Marchs Patch Tuesday is relatively light, containing 60 vulnerabilities -- only two labeled "critical." Last months Patch Tuesday included more than 70 security...
Microsoft releases lightest Patch Tuesday in three years, no zero-days disclosed
Microsofts monthly security update released Tuesday is the companys lightest in four years, including only 33 vulnerabilities. Perhaps more notable is that there are no zero-day vulnerabilities included in Decembers Patch Tuesday, a rarity for Microsoft this year. The companys regular set of...
Microsoft discloses only three critical vulnerabilities in November’s Patch Tuesday update, three other zero-days
Microsofts monthly security update released Tuesday only includes three critical vulnerabilities, an unusually small number based on previous months Patch Tuesdays. In all, this set of vulnerabilities Microsoft patched includes 57 vulnerabilities, 54 of which are considered "important." This is t...
Vulnerability Spotlight: Vulnerability in ManageEngine OpManager could lead to XXE attack
Marcin "Icewall" Noga of Cisco Talos discovered this vulnerability. Cisco Talos recently discovered a vulnerability in ManageEngine OpManager that could lead to an XML external entity XXE attack. OpManager is network monitoring software that allows users to track and manage the performance of...
Vulnerability Spotlight: Specially crafted files could lead to denial of service, information disclosure in OpenImageIO parser
Lilith of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered three vulnerabilities in the OpenImageIO image-parsing library that many popular pieces of 3-D rendering software use. OpenImageIO is a library that converts, compares and processes various image files. Blende...
Vulnerability Spotlight: SNIProxy contains remote code execution vulnerability
Keane OKelley of Cisco ASIG discovered this vulnerability. Cisco ASIG recently discovered a remote code execution vulnerability in the SNIProxy open-source tool that occurs when the user utilizes wildcard backend hosts. SNIProxy proxies incoming HTTP and TLS connections based on the hostname...
Vulnerability Spotlight: WellinTech ICS platform vulnerable to information disclosure, buffer overflow vulnerabilities
Carl Hurd of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered two vulnerabilities in WellinTechs KingHistorian industrial control systems data manager. KingHistorian is a time-series database that allows users to ingest and process large amounts of data from ICS,...
Vulnerability Spotlight: Denial-of-service vulnerability discovered in VMWare vCenter
Marcin Icewall Noga of Cisco Talos discovered this vulnerability. Cisco Talos recently discovered a denial-of-service vulnerability in VMWare vCenter Server. VMware vCenter Server is a platform that enables centralized control and monitoring over all virtual machines and EXSi hypervisors included...
CVE-2022-20767
A vulnerability in the Snort rule evaluation function of Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper handling of the DNS reputation enforcement...
CVE-2022-20767 Cisco Firepower Threat Defense Software DNS Enforcement Denial of Service Vulnerability
A vulnerability in the Snort rule evaluation function of Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper handling of the DNS reputation enforcement...
CVE-2022-20767 Cisco Firepower Threat Defense Software DNS Enforcement Denial of Service Vulnerability
A vulnerability in the Snort rule evaluation function of Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper handling of the DNS reputation enforcement...
Cisco Firepower Threat Defense Software DNS Enforcement Denial of Service Vulnerability
A vulnerability in the Snort rule evaluation function of Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper handling of the DNS reputation enforcement...
Multiple Cisco Products Server Name Identification Data Exfiltration Vulnerability
A vulnerability in the web filtering features of multiple Cisco products could allow an unauthenticated, remote attacker to bypass web reputation filters and threat detection mechanisms on an affected device and exfiltrate data from a compromised host to a blocked external server. This...