TALOS

Cisco Talos recently discovered nine vulnerabilities in the Robustel R1510 industrial cellular router, several of which could allow an adversary to inject operating system code remotely.

By Jon Munshaw and Vanja Svajcer. Microsoft released its monthly security update Tuesday, disclosing 83 vulnerabilities across the company’s hardware and software line, including seven critical issues in Windows’ point-to-point tunneling protocol.  October's security update features 11 critical vulnerabilities, with the remainder being “important.”   One of the most notable vulnerabilities Microsoft fixed this month is CVE-2022-41038, a remote code execution issue in Microsoft SharePoint. There are several other SharePoint vulnerabilities included in this month’s Patch Tuesday, though this seems the most severe, as Microsoft continues it to be “more likely” to be exploited.  An attacker must be authenticated to the target site with the correct permissions to use manage lists in SharePoint to exploit this vulnerability, and eventually gain the ability to execute remote code on the SharePoint server.   CVE-2022-37968, an elevation of privilege vulnerability in Azure Arc Connect, has th...

Microsoft released its monthly security update Tuesday, disclosing 83 vulnerabilities across the company’s hardware and software line.

Microsoft released its monthly security update Tuesday, disclosing 83 vulnerabilities across the company’s hardware and software line.

Marcin “Icewall” Noga of Cisco Talos discovered this vulnerability. Cisco Talos recently discovered an exploitable data deserialization vulnerability in the VMware vCenter server platform. VMware is one of the most popular virtual machine solutions currently available, and its vCenter software allows users to manage an entire environment of

Marcin “Icewall” Noga of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.  Cisco Talos recently discovered an exploitable data deserialization vulnerability in the VMware vCenter server platform.   VMware is one of the most popular virtual machine solutions currently available, and its vCenter software allows users to manage an entire environment of VMs. The vulnerability Talos discovered is a post-authentication Java deserialization issue that could corrupt the software in a way that could allow an attacker to exploit arbitrary code on the target machine. TALOS-2022-1587 (CVE-2022-31680) is triggered if an adversary sends a specially crafted HTTP request to a targeted machine. The attacker would first have to log in with legitimate credentials to vCenter to be successful.  Cisco Talos worked with VMware to ensure that this issue is resolved and an update is available for affected customers, all in adherence to Cisco’s vulnerability disclosure policy.  Users are enc...

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Sept. 30 and Oct. 7. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is non-exhaustive and current as of the date of publication. Additionally, please keep in mind that IOC searching is only one part of threat hunting. Spotting a single IOC does not necessarily indicate maliciousness. Detection and coverage for the following threats is subject to updates, pending additional threat or vulnerability analysis. For the most current information, please refer to your Firepower Management Center, Snort.org, or ClamAV.net. For each threat described below, this blog post only lists 2...

Talos is publishing a glimpse into the most prevalent threats we've observed between Sept. 30 and Oct. 7.

Marcin “Icewall” Noga of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.  Cisco Talos recently discovered an exploitable memory corruption vulnerability in Hancom Office 2020.   Hancom Office is a popular software collection among South Korean users that offers similar products to Microsoft Office, such as word processing and spreadsheet creation and management.   TALOS-2022-1574 (CVE-2022-33896) exists in the way the Hword word processing software processes XML files. An attacker could exploit this vulnerability by tricking the user into opening a specially crafted file, triggering a memory corruption error on the software and potentially leading to remote code execution on the targeted machine.    Cisco Talos worked with Hancom to ensure that this issue is resolved and an update is available for affected customers, all in adherence to Cisco’s vulnerability disclosure policy.  Users are encouraged to update these affected products as soon as possible: Hancom Offic...

By Jon Munshaw.  Welcome to this week’s edition of the Threat Source newsletter.  As I wrote about last week, I’ve been diving a lot into apps’ privacy policies recently. And I was recently made aware of a new type of app I never knew existed — family trackers.  There are countless mobile apps for parents to track their children or other family members based on their location, phone usage, and even driving speed. As an anxious soon-to-be-parent, this sounds intriguing to me — it’d be a supped-up version of Find my Friends on Apple devices so I’d never have to ask my teenager (granted, I’m many years away from being at that stage of my life) when they were coming home or where they were.  Just as with all other types of mobile apps, there are pitfalls, though.   Life360, one of the most popular of these types of apps and even tells users what their maximum driving speed was on a given trip, was found in December 2021 to be selling precise location data on its users, potentia...