#intel

An out-of-bounds write vulnerability exists in the PSD Header processing memory allocation functionality of Accusoft ImageGear 20.0. A specially-crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.

An integer overflow vulnerability exists in the way ESTsoft Alyac 2.5.8.544 parses OLE files. A specially-crafted OLE file can lead to a heap buffer overflow which can result in arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

An integer overflow vulnerability exists in the way ESTsoft Alyac 2.5.8.544 parses OLE files. A specially-crafted OLE file can lead to a heap buffer overflow, which can result in arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

The exposure of cryptographically scrambled passwords isn’t a worst-case scenario—but it isn’t great, either.

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between July 29 and Aug. 5. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is non-exhaustive and current as of the date of publication. Additionally, please keep in mind that IOC searching is only one part of threat hunting. Spotting a single IOC does not necessarily indicate maliciousness. Detection and coverage for the following threats is subject to updates, pending additional threat or vulnerability analysis. For the most current information, please refer to your Firepower Management Center, Snort.org, or ClamAV.net. For each threat described below, this blog post only lists 25...

By Waqas Cellebrite is an Israel-based smartphone hacking (or cracking) firm that previously made headlines for unlocking iPhone devices for… This is a post from HackRead.com Read the original post: Anonymous Source Leaks 4TB of Cellebrite Data After Cyberattack

For the right price, threat actors can get just about anything they want to launch a ransomware attack — even without technical skills or any previous experience.

Cisco Talos today announced the release of a new mechanism that allows Cisco Secure Email customers the option to submit Sender Domain Reputation (SDR) disputes through TalosIntelligence.com. Customers now have the option of receiving self-service support through TalosIntelligence.com or may continue engaging with TAC. This new feature improves efficiency for Secure Email customers by streamlining the SDR dispute ticket process. Users can submit email sender domains and email addresses for investigation if they believe a domain or address should be marked as malicious or has been wrongfully marked as malicious. Please provide as much data as possible to assist our investigation team.

The popular security devices are tracking (and sharing) more than you might think.

zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).