Cisco Talos’ Vulnerability Discovery & Research team recently disclosed two vulnerabilities in ClearML and four vulnerabilities in Nvidia. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure…
Category: Cisco Talos Blog
Changing the narrative on pig butchering scams
Hazel discusses Interpol’s push to rename pig butchering scams as ‘romance baiting’. Plus, catch up on the latest vulnerability research from Talos, and why a recent discovery is a “rare industry win”. This article has been indexed from Cisco Talos…
Microsoft Patch Tuesday for February 2025 — Snort rules and prominent vulnerabilities
Microsoft has released its monthly security update for January of 2025 which includes 58 vulnerabilities, including 3 that Microsoft marked as “critical” and one marked as “moderate”. The remaining vulnerabilities listed are classified as “important.” This article has been indexed…
Small praise for modern compilers – A case of Ubuntu printing vulnerability that wasn’t
By Aleksandar Nikolich Earlier this year, we conducted code audits of the macOS printing subsystem, which is heavily based on the open-source CUPS package. During this investigation, IPP-USB protocol caught our attention. IPP over USB specification defines how printers that…
Changing the tide: Reflections on threat data from 2024
Thorsten examines last year’s CVE list and compares it to recent Talos Incident Response trends. Plus, get all the details on the new vulnerabilities disclosed by Talos’ Vulnerability Research Team. This article has been indexed from Cisco Talos Blog Read…
Google Cloud Platform Data Destruction via Cloud Build
A technical overview of Cisco Talos’ investigations into Google Cloud Platform Cloud Build, and the threat surface posed by the storage permission family. This article has been indexed from Cisco Talos Blog Read the original article: Google Cloud Platform Data…
Defeating Future Threats Starts Today
Martin discusses how defenders can use threat intelligence to equip themselves against AI-based threats. Plus check out his introductory course to threat intelligence. This article has been indexed from Cisco Talos Blog Read the original article: Defeating Future Threats Starts…
Talos IR trends Q4 2024: Web shell usage and exploitation of public-facing applications spike
This new report from Cisco Talos Incident Response explores how threat actors increasingly deployed web shells against vulnerable web applications, and exploited vulnerable or unpatched public-facing applications to gain initial access. This article has been indexed from Cisco Talos Blog…
Whatsup Gold, Observium and Offis vulnerabilities
Cisco Talos’ Vulnerability Research team recently disclosed three vulnerabilities in Observium, three vulnerabilities in Offis, and four vulnerabilities in Whatsup Gold. These vulnerabilities exist in Observium, a network observation and monitoring system; Offis DCMTK, a collection of libraries and applications…
New TorNet backdoor seen in widespread campaign
Cisco Talos discovered an ongoing malicious campaign operated by a financially motivated threat actor targeting users, predominantly in Poland and Germany. This article has been indexed from Cisco Talos Blog Read the original article: New TorNet backdoor seen in widespread…