Newsletter compiled by Jon Munshaw.
Good afternoon, Talos readers.
In our latest entry into our election security series, we’re turning our attention to the professionals who are responsible for securing our elections. After months of research, we’ve compiled a series of recommendations for local, state and national officials to combat disinformation and secure Americans’ faith in the election system. Patch Tuesday was also this week, which as usual, brought with it a big Snort rule release and our breakdown of the important Microsoft vulnerabilities you need to know about.
UPCOMING PUBLIC ENGAGEMENTS
Location: CS3STHLM VirtualDate: Oct. 22
Speakers: Kelly Leaschner
Synopsis: As more devices are becoming cloud-connected, it is important to understand how this attack surface is different from traditional, socket-based server applications. There is no open port listening with a cloud-connected application, so there is additional work required in order to just get the application to accept attacker-controlled data. This talk will walk through the initial steps necessary to begin vulnerability research on this application. Cloud-based control of physical devices has some security benefits compared to traditional socket programming but, at the end of the day, there is an opportunity for bugs and vulnerabilities in the software responsible for handling cloud messages. This talk will describe changes in research methodology that are necessary for performing vulnerability research on a cloud-connected application. Kelly will also walk through some vulnerabilities she’s discovered — live — by impersonating the industrial vendor cloud application, resulting in root privileges. Event: A double-edged sword: The threat of dual-use tools Locat ..
Support the originator by clicking the read the rest link below.
){kind=link}