Security
Headlines
HeadlinesLatestCVEs

Tag

#cisco

Your item has sold! Avoiding scams targeting online sellers

There are many risks associated with selling items on online marketplaces that individuals and organizations should be aware of when conducting business on these platforms.

TALOS
Open in Source
#web#cisco#git#intel#perl#auth
GHSA-5pmw-9j92-3c4c: OpenH264 Rust API Openh264 Decoding Functions Heap Overflow Vulnerability

OpenH264 recently reported a [heap overflow](https://github.com/cisco/openh264/security/advisories/GHSA-m99q-5j7x-7m9x) that was fixed in upstream [63db555](https://github.com/cisco/openh264/commit/63db555e30986e3a5f07871368dc90ae78c27449) and [integrated into](https://github.com/ralfbiedert/openh264-rs/commit/3a822fff0b4c9a984622ca2b179fe8898ac54b14) our 0.6.6 release. For users relying on Cisco's pre-compiled DLL, we also published 0.8.0, which is compatible with their latest fixed DLL version 2.6.0. In other words: - if you rely on our `source` feature only, >=0.6.6 should be safe, - if you rely on `libloading`, you must upgrade to 0.8.0 _and_ use their latest DLL >=2.6.0. Users handling untrusted video files should update immediately.

The US Is Considering a TP-Link Router Ban—Should You Worry?

Several government departments are investigating TP-Link routers over Chinese cyberattack fears, but the company denies links.

Cisco Confirms Salt Typhoon Exploited CVE-2018-0171 to Target U.S. Telecom Networks

Cisco has confirmed that a Chinese threat actor known as Salt Typhoon gained access by likely abusing a known security flaw tracked as CVE-2018-0171, and by obtaining legitimate victim login credentials as part of a targeted campaign aimed at major U.S. telecommunications companies. "The threat actor then demonstrated their ability to persist in target environments across equipment from multiple

Efficiency? Security? When the quest for one grants neither.

William discusses what happens when security is an afterthought rather than baked into processes and highlights the latest of Talos' security research.

Weathering the storm: In the midst of a Typhoon

Cisco Talos has been closely monitoring reports of widespread intrusion activity against several major U.S. telecommunications companies, by a threat actor dubbed Salt Typhoon. This blog highlights our observations on this campaign and identifies recommendations for detection and prevention.

How One AI Startup Founder Cornered Microsoft Into Finally Taking Down Explicit Videos of Her

Breeze Liu has been a prominent advocate for victims. But even she struggled to scrub nonconsensual intimate images and videos of herself from the web.

Patch Now: CISA Warns of Palo Alto Flaw Exploited in the Wild

The authentication bypass vulnerability in the OS for the company's firewall devices is under increasing attack and being chained with other bugs, making it imperative for organizations to mitigate the issue ASAP.

$10 Infostealers Are Breaching Critical US Security: Military and Even the FBI Hit

A new report reveals how cheap Infostealer malware is exposing US military and defense data, putting national security at risk. Hackers exploit human error to gain access.

Microsoft: New Variant of macOS Threat XCSSET Spotted in the Wild

Microsoft is warning the modular and potentially wormable Apple-focused infostealer boasts new capabilities for obfuscation, persistence, and infection, and could lead to a supply chain attack.