Bulletins d'actualité : Différence entre versions

Version du 1 mars 2018 à 12:19

Classification

Publication de l'Agence National de la Sécurité des Systèmes d'Information

Les avis sont des documents faisant état de vulnérabilités et des moyens de s'en prémunir

Beyond IOCs: AI-enabled threat intelligence

In this week’s newsletter, Martin considers how AI will help threat intelligence by creating an easily queryable data source of intelligence reports.

Introduction to COM usage by Windows threats

Component Object Model (COM) is a fundamental Windows technology used by legitimate applications for object activation, inter-process communication, automation and language-independent component reuse. Those same qualities make it useful to threat actors.

Close Encounters of the Human Kind

In the latest Threat Source, Hazel channels her inner Spielberg to explore why humans are delightfully irrational, reminding us that while security best practices are simple in theory, they’re a lot harder to pull off when you’re busy dealing with real life.

Scripting the disassembler: Local agentic reverse engineering through vbdec’s live COM object model

Cisco Talos detailed a new approach to reverse engineering that pairs local AI agents with traditional analysis tools like the VB6 disassembler vbdec. Instead of awkwardly bolting AI onto the software, vbdec exposes its parsed data through a live COM interface.

A tale of two eras

In this week’s newsletter, Amy reminisces on the tech toys of their childhood, inspired by a hilarious lesson about why your digital privacy shouldn't be left on an open channel.

Microsoft Patch Tuesday for June 2026 — Snort rules and prominent vulnerabilities

Microsoft Patch Tuesday details for June 2026.

Reporting from Vegas: Networking, AI, and good boys

Joe’s on-the-ground report from Cisco Live U.S. is here, complete with therapy dog pictures and tips on handling conference overstimulation.

Winning the cyber marathon with Tony Giandomenico

Tony Giandomenico, Senior Director of Product Management, joins Amy to discuss the Talos Threat Hunting launch what he's excited about for the future of cybersecurity, and, of course, his Ironman triathlons.

Hypotheses, telemetry, and human judgment: Inside Cisco Talos Threat Hunting

Learn how Cisco Talos Threat Hunting uses hypothesis-driven methods and multi-domain telemetry correlation to find stealthy threats operating below automated detection thresholds.

Less panic patching, more precision

In this newsletter, Thor breaks down why you should stop relying solely on CVSS and start using EPSS and GCVE to focus your patching efforts on the threats that actually matter.

DICOM, Pydicom, GDCM, and Orthanc: A technical tour of what really happens in the heap

This white paper presents a concrete case study demonstrating the creation of a heap overflow vulnerability through the exploitation of the DICOM file format.

MediaArea heap-based buffer overflow vulnerabilities

Talos researchers find 4 heap-based buffer overflow vulnerabilities in MediaArea's MediaInfoLib.

Introducing EvidenceForge: Synthetic security logs that don’t look (as) fake

EvidenceForge generates high-quality, realistic, and consistent datasets across multiple log formats, enabling teams to effectively train personnel and validate detection models without the need for complex manual simulations.

The art of being ungovernable

In this edition of the Threat Source newsletter, William explores the value of being "ungovernable" in a professional setting, sharing how challenging the status quo and seeking out the smartest people in the room can lead to a more fulfilling and successful career.

TP-Link, Photoshop, OpenVPN, Norton VPN vulnerabilities

Cisco Talos’ Vulnerability Discovery & Research team recently disclosed eight vulnerabilities in TP-Link, and one each in Adobe Photoshop, OpenVPN, and Gen Digital's Norton VPN.