Threat Source newsletter for Sept. 17, 2020

Threat Source newsletter for Sept. 17, 2020

   


Newsletter compiled by Jon Munshaw.
Good afternoon, Talos readers. 
We’ve got a couple of vulnerabilities you should know about. Monday, we disclosed a bug in Google Chrome’s PDFium feature that opens the door for an adversary to execute remote code.  Our researchers also discovered several vulnerabilities in the Nitro Pro PDF Reader. The software contains vulnerabilities that could allow adversaries to exploit a victim machine in multiple ways that would eventually allow them to execute code. 

UPCOMING PUBLIC ENGAGEMENTS 


Event: Attribution: A puzzle  Location: Virtual VirusBulletin conference 2020 Date: Sept. 30 Speakers: Paul Rascagneres and Vitor Ventura Synopsis: The attribution of cyber attacks is hard. It requires collecting diverse intelligence, analyzing it and deciding who is responsible. Given this, it is interesting to examine the evidence available to us as a threat intelligence and security research group to support these conclusions. In this presentation, we will present our research in attributing WellMess. We will also describe additional elements linked to the attribution process such as false flags and code sharing by using additional use cases such as OlympicDestroyer and ACIDBox.   Event: A double-edged sword: The threat of dual-use tools Location: Cisco Webex webinar Date: Oct. 8 at 11 a.m. ET Speakers: Edmund Brumaghin Synopsis: It's difficult to read any information s ..

Support the originator by clicking the read the rest link below.