Tag
#cisco
A heap-based buffer overflow vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. A specially-crafted GIF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
An improper password check exists in the login functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. An attacker that owns a users' password hash will be able to use it to directly login into the account, leading to increased privileges.
Threat intel has changed over the years and that’s changed how customers use it, says Matt Olney, director of Talos threat intelligence and interdiction at Cisco.
Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels.
What happens when businesses' smart devices break? CSOs have things to fix beyond security holes.
By Jon Munshaw. Welcome to this week’s edition of the Threat Source newsletter. As the data privacy landscape gets increasingly murky, app developers and device manufacturers are finding new ways to sure up users’ personal information. Of course, all users have to do is go out of their way to opt-in. Apple recently announced a new Lockdown Mode for the iOS operating system that powers the company’s iPhones. When enabled, it turns off many of the features that attackers will exploit when targeting a mobile device with spyware. Spyware is a growing concern across the world, especially the NSO Group’s Pegasus tool. With Lockdown Mode enabled, a hypothetical attacker would not have access to certain functions on the phone, and it blocks access to important APIs such as speech and facial recognition, which research has shown are relatively easy to bypass. In a review of Lockdown Mode, Zack Whittaker of TechCrunch said, “...we didn’t find using our iPhone in Lockdown Mode t...
By Owais Sultan Over the last decade, cybersecurity has been a key pain point for organizations. According to the State of… This is a post from HackRead.com Read the original post: Cybersecurity | How to Become a Cybersecurity Expert
How critical is that vulnerability? University researchers are improving predictions of which software flaws will end up with an exploit, a boon for prioritizing patches and estimating risk.
Hosts next OpenSSF Day in Dublin.
By Joe Marshall. The war in Ukraine has had far-reaching global implications and one of the most immediate effects felt will be on the global supply chain for food. This war-induced fragility has exposed the weaknesses of how we feed ourselves globally. Ransomware cartels and other adversaries are well aware of this and are actively exploiting that fragility. For the past six years, Cisco Talos has been actively involved in assisting public and private institutions in Ukraine to defend themselves against state-sponsored actors. Our involvement stretches the gamut from commercial to critical infrastructure, to election security. Our presence has afforded us unique opportunities and observations about cybersecurity in a macro and micro way. Ukraine has been a frequent victim of state-sponsored cyber attacks aimed at critical infrastructures like power and transportation. Talos is proud to stand with our partners in Ukraine and help defend their critical networks and help users there ma...