Security
Headlines
HeadlinesLatestCVEs

Tag

#cisco

Sophisticated DarkTortilla Malware Serves Imposter Cisco, Grammarly Pages

Sites spoofing Grammarly and a Cisco webpage are spreading the DarkTortilla threat, which is filled with follow-on malware attacks.

DARKReading
#vulnerability#web#mac#microsoft#cisco#git#intel#c++#rce
Bugcrowd Launches Bug Bounty Program for Australian-Based Navitas

Leading global education provider engages with Bugcrowd Security Researchers to identify threats.

CVE-2022-41992: TALOS-2022-1644 || Cisco Talos Intelligence Group

A memory corruption vulnerability exists in the VHD File Format parsing CXSPARSE record functionality of PowerISO PowerISO 8.3. A specially-crafted file can lead to an out-of-bounds write. A victim needs to open a malicious file to trigger this vulnerability.

Talos Takes Ep. 122: Year in Review & Ukraine Activities

In this episode of Talos Takes we are joined by Kendall McKay to discuss the recently released year in review report and dig deep on our activities in Ukraine. The year in review covers a vast amount of data and intel sources to identify some of the key trends we observed in 2022.

Threat Source newsletter (Dec. 15, 2022): Talos Year in Review is here

The inaugural 2022 Talos Year in Review is here! And it’s taking over the final Threat Source newsletter of the year.

BSides SF 2023 Call For Papers

BSidesSF is soliciting presentations, workshops, and villages for the 2023 annual BSidesSF conference. It will be located at City View at the Metreon in downtown San Francisco April 22nd through the 23rd, 2023.

CVE-2022-32763: TALOS-2022-1541 || Cisco Talos Intelligence Group

A cross-site scripting (xss) sanitization vulnerability bypass exists in the SanitizeHtml functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger this vulnerability.

CVE-2022-27498: TALOS-2022-1531 || Cisco Talos Intelligence Group

A directory traversal vulnerability exists in the TicketTemplateActions.aspx GetTemplateAttachment functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger this vulnerability.

CVE-2022-29517: TALOS-2022-1529 || Cisco Talos Intelligence Group

A directory traversal vulnerability exists in the HelpdeskActions.aspx edittemplate functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary file upload. An attacker can send an HTTP request to trigger this vulnerability.

CVE-2022-29511: TALOS-2022-1530 || Cisco Talos Intelligence Group

A directory traversal vulnerability exists in the KnowledgebasePageActions.aspx ImportArticles functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger this vulnerability.