Security
Headlines
HeadlinesLatestCVEs

Source

TALOS

Rounding up some of the major headlines from RSA

Here’s a rundown of some things you may have missed if you weren’t able to stay on top of the things coming out of the conference.

TALOS
#vulnerability#web#ios#android#mac#apple#google#microsoft#amazon#cisco#git#rce#pdf#aws#auth#ibm#zero_day
Talos releases new macOS open-source fuzzer

Compared to fuzzing for software vulnerabilities on Linux, where most of the code is open-source, targeting anything on macOS presents a few difficulties.

Talos joins CISA to counter cyber threats against non-profits, activists and other at-risk communities

Commercial spyware tools can threaten democratic values by enabling governments to conduct covert surveillance on citizens, undermining privacy rights and freedom of expression.

A new alert system from CISA seems to be effective — now we just need companies to sign up

Under a pilot program, CISA has sent out more than 2,000 alerts to registered organizations regarding the existence of any unpatched vulnerabilities in CISA’s KEV catalog.

Talos discloses multiple zero-day vulnerabilities, two of which could lead to code execution

Two vulnerabilities in this group — one in the Tinyroxy HTTP proxy daemon and another in the stb_vorbis.c file library — could lead to arbitrary code execution, earning both issues a CVSS score of 9.8 out of 10.

What can we learn from the passwords used in brute-force attacks?

There are some classics on this list — the ever-present “Password” password, Passw0rd (with a zero, not an “O”) and “123456.”

Vulnerabilities in employee management system could lead to remote code execution, login credential theft

Talos also recently helped to responsibly disclose and patch other vulnerabilities in the Foxit PDF Reader and two open-source libraries that support the processing and handling of DICOM files.

Cisco Talos at RSAC 2024

With RSAC just a week away, Cisco Talos is gearing up for another year of heading to San Francisco to share in some of the latest major cybersecurity announcements, research and news.

James Nutland studies what makes threat actors tick, growing our understanding of the current APT landscape

Nutland says he goes into every engagement or new project with a completely open mind and a blank slate — using his background investigating terror operations to find out as much as he can about a particular adversary’s operation.