#cisco

New CAPE platform delivers patented intelligent automation and enforcement of consumer data privacy mandates at lowest total cost of ownership.

Emmanuel Tacheau of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.  Cisco Talos recently discovered a use-after-free vulnerability in Accusoft ImageGear's PSD header processing function.  The ImageGear library is a document-imaging developer toolkit that allows users to create, edit, annotate and convert various images. It supports more than 100 file formats such as DICOM, PDF and Microsoft Office.  This vulnerability, TALOS-2022-1526 (CVE-2022-29465) could allow an attacker to cause a use-after-free condition by tricking the targeted user into opening a malformed .psd file in the application. The vulnerability leads to out-of-bounds heap writes, which causes memory corruption and, possibly, code execution. In adherence to Cisco’s vulnerability disclosure policy, Accusoft patched this issue and released an update for ImageGear. Talos tested and confirmed Accusoft ImageGear, version 19.10, is affected by this vulnerability.  The following Snort rules will detect ...

We take a look at reports of organised review bombing, leading to extortion threats to get the negative ratings removed. The post Extortionists target restaurants, demand money to take down bad reviews appeared first on Malwarebytes Labs.

Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Cisco Talos and Cisco Secure have the latest edition of the Talos EMEAR Threat Update series out now, which you can watch above or over at this link, where Martin Lee and Hazel Burton talk about the cybersecurity skills gap that currently exists and how we can better train the next generation... [[ This is only the beginning! Please visit the blog for the complete entry ]]

Offensive security leader continues to defy market and economic trends with record growth and recognized innovation.

Piotr Bania of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.  Cisco Talos recently discovered an exploitable use-after-free vulnerability in Google Chrome’s WebGPU standard.   Google Chrome is a cross-platform web browser — and Chromium is the open-source version of... [[ This is only the beginning! Please visit the blog for the complete entry ]]

The advanced persistent threat (APT) group known as Transparent Tribe has been attributed to a new ongoing phishing campaign targeting students at various educational institutions in India at least since December 2021. "This new campaign also suggests that the APT is actively expanding its network of victims to include civilian users," Cisco Talos said in a report shared with The Hacker News.

Cisco Talos has been tracking a new malicious campaign operated by the Transparent Tribe APT group.This campaign involves the targeting of educational institutions and students in the Indian subcontinent, a deviation from the adversary's typical focus on government entities.The attacks result in... [[ This is only the beginning! Please visit the blog for the complete entry ]]

Aleksandar Nikolic of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.  Cisco Talos recently discovered two use-after-free vulnerabilities in Adobe Acrobat Reader DC that could allow an attacker to eventually gain the ability to execute arbitrary code.   Acrobat is... [[ This is only the beginning! Please visit the blog for the complete entry ]]