Security
Headlines
HeadlinesLatestCVEs

Tag

#cisco

Vulnerability Spotlight: Authentication bypass and enumeration vulnerabilities in Ghost CMS

Dave McDaniel and other members of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered two vulnerabilities in Ghost CMS, one authentication bypass vulnerability and one enumeration vulnerability. Ghost is a content management system with tools to build a website, publish content and send newsletters. Ghost offers paid subscriptions to

TALOS
#vulnerability#web#cisco#auth
Iran’s Internet Blackouts Are Sabotaging Its Own Economy

A new US State Department assessment highlights the stark economic toll of Tehran’s recent shutdowns and platform control.

CVE-2022-38060: TALOS-2022-1589 || Cisco Talos Intelligence Group

A privilege escalation vulnerability exists in the sudo functionality of OpenStack Kolla git master 05194e7618. A misconfiguration in /etc/sudoers within a container can lead to increased privileges.

CVE-2022-38065: TALOS-2022-1599 || Cisco Talos Intelligence Group

A privilege escalation vulnerability exists in the oslo.privsep functionality of OpenStack git master 05194e7618 and prior. Overly permissive functionality within tools leveraging this library within a container can lead increased privileges.

Threat Spotlight: XLLing in Excel - threat actors using malicious add-ins

As more and more users adopt new versions of Microsoft Office, it is likely that threat actors will turn away from VBA-based malicious documents to other formats such as XLLs or rely on exploiting newly discovered vulnerabilities to launch malicious code.

Sophisticated DarkTortilla Malware Serves Imposter Cisco, Grammarly Pages

Sites spoofing Grammarly and a Cisco webpage are spreading the DarkTortilla threat, which is filled with follow-on malware attacks.

Bugcrowd Launches Bug Bounty Program for Australian-Based Navitas

Leading global education provider engages with Bugcrowd Security Researchers to identify threats.

CVE-2022-41992: TALOS-2022-1644 || Cisco Talos Intelligence Group

A memory corruption vulnerability exists in the VHD File Format parsing CXSPARSE record functionality of PowerISO PowerISO 8.3. A specially-crafted file can lead to an out-of-bounds write. A victim needs to open a malicious file to trigger this vulnerability.

Talos Takes Ep. 122: Year in Review & Ukraine Activities

In this episode of Talos Takes we are joined by Kendall McKay to discuss the recently released year in review report and dig deep on our activities in Ukraine. The year in review covers a vast amount of data and intel sources to identify some of the key trends we observed in 2022.

Threat Source newsletter (Dec. 15, 2022): Talos Year in Review is here

The inaugural 2022 Talos Year in Review is here! And it’s taking over the final Threat Source newsletter of the year.