Security
Headlines
HeadlinesLatestCVEs

Source

TALOS

Vulnerability Spotlight: Use-after-free vulnerability in Microsoft Excel could lead to code execution

Marcin “Icewall” Noga of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.  Cisco Talos recently discovered a use-after-free vulnerability in the ConditionalFormatting functionality of Microsoft Office Excel 2019 that could allow an attacker to execute arbitrary code on the... [[ This is only the beginning! Please visit the blog for the complete entry ]]

TALOS
#CVE#Microsoft Patch Tuesday#SecureX#vulnerabilities
Microsoft Patch Tuesday for Oct. 2021 — Snort rules and prominent vulnerabilities

By Jon Munshaw, with contributions from Asheer Malhotra.  Microsoft released its monthly security update Tuesday, disclosing 78 vulnerabilities in the company’s various software, hardware and firmware offerings.   This month’s release is particularly notable because there are only... [[ This is only the beginning! Please visit the blog for the complete entry ]]

Vulnerability Spotlight: Vulnerabilities in Anker Eufy Homebase could lead to code execution, buffer overflows

Lilith >_> of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.  Cisco Talos recently discovered two vulnerabilities in the Anker Eufy Homebase.  The Eufy Homebase 2 is the video storage and networking gateway that works with Anker’s Eufy Smarthome ecosystem. All Eufy... [[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Roundup for October 1 to October 8

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Oct. 1 and Oct. 8. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,... [[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Advisory: Apache HTTP Server zero-day vulnerability opens door for attackers

A recently discovered vulnerability in Apache HTTP Server (CVE-2021-41733) is being actively exploited in the wild. This vulnerability is a path traversal and file disclosure vulnerability that could allow an attacker to map URLs outside of the document root. It could also result in the exposure... [[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Advisory: Apache HTTP Server zero-day vulnerability opens door for attackers

A recently discovered vulnerability in Apache HTTP Server (CVE-2021-41733) is being actively exploited in the wild. This vulnerability is a path traversal and file disclosure vulnerability that could allow an attacker to map URLs outside of the document root. It could also result in the exposure... [[ This is only the beginning! Please visit the blog for the complete entry ]]

Talos Takes Ep. #71 (NCSAM edition): Reflecting on ransomware in 2021

By Jon Munshaw. The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. We are from the first (or last) people to say this, but 2021 is the year of ransomware. It’s by far the biggest story... [[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Advisory: Apache HTTP Server zero-day vulnerability opens door for attackers

A recently discovered vulnerability in Apache HTTP Server (CVE-2021-41733) is being actively exploited in the wild. This vulnerability is a path traversal and file disclosure vulnerability that could allow an attacker to map URLs outside of the document root. It could also result in exposure of... [[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Source newsletter (Oct. 7, 2021)

Newsletter compiled by Jon Munshaw.Good afternoon, Talos readers.   Every day, we see mountains and mountains of data. So how do we comb through all of it to find out what's important to customers and users? Well, there are many ways, but we wanted to give readers and researchers a look... [[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat hunting in large datasets by clustering security events

By Tiago Pereira. Security tools can produce very large amounts of data that even the most sophisticated organizations may struggle to manage. Big data processing tools, such as spark, can be a powerful tool in the arsenal of security teams.This post walks through threat hunting on large datasets... [[ This is only the beginning! Please visit the blog for the complete entry ]]