Tag
#cisco
Dave McDaniel and other members of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered two vulnerabilities in Ghost CMS, one authentication bypass vulnerability and one enumeration vulnerability. Ghost is a content management system with tools to build a website, publish content and send newsletters. Ghost offers paid subscriptions to
A new US State Department assessment highlights the stark economic toll of Tehran’s recent shutdowns and platform control.
A privilege escalation vulnerability exists in the sudo functionality of OpenStack Kolla git master 05194e7618. A misconfiguration in /etc/sudoers within a container can lead to increased privileges.
A privilege escalation vulnerability exists in the oslo.privsep functionality of OpenStack git master 05194e7618 and prior. Overly permissive functionality within tools leveraging this library within a container can lead increased privileges.
As more and more users adopt new versions of Microsoft Office, it is likely that threat actors will turn away from VBA-based malicious documents to other formats such as XLLs or rely on exploiting newly discovered vulnerabilities to launch malicious code.
Sites spoofing Grammarly and a Cisco webpage are spreading the DarkTortilla threat, which is filled with follow-on malware attacks.
Leading global education provider engages with Bugcrowd Security Researchers to identify threats.
A memory corruption vulnerability exists in the VHD File Format parsing CXSPARSE record functionality of PowerISO PowerISO 8.3. A specially-crafted file can lead to an out-of-bounds write. A victim needs to open a malicious file to trigger this vulnerability.
In this episode of Talos Takes we are joined by Kendall McKay to discuss the recently released year in review report and dig deep on our activities in Ukraine. The year in review covers a vast amount of data and intel sources to identify some of the key trends we observed in 2022.
The inaugural 2022 Talos Year in Review is here! And it’s taking over the final Threat Source newsletter of the year.