A blog from the world class Intelligence Group, Talos, Cisco's Intelligence Group

A post summarizing how prevalent encrypted web traffic interception is and how it negatively affects online security according to a study published at NDSS.

Why Flash Security still matters? Flash is still an active threat. In 2017, I reported Flash vulnerabilities to Facebook, Youtube, Wordpress, Yahoo, Paypal and Stripe. Over the last 3 years, I reporte

II. XSF via appLoader In Part 1, I introduced an information leakage vulnerability in Youtube. In this part I will disclose a more severe vulnerability that allows arbitrary Flash code execution in yo

III. XSF via loaderinfo.url redefinition Let's have a look at how the Main App loads the Modules : The url of the module is dynamically generated by the main app by using it's own url (2) an

IV. Flash based XSSes on Youtube iframe api I'm happy that people found my previous posts on Youtube Flash vulnerabilities interesting, and I will keep posting new write-ups. This time I will dis

Desde hace unos años Apple tiene la indomable necesidad de ser siempre el primero en todo, desde desarrollar productos hasta ser el primer...

El sistema de reconocimiento facial de Apple es polémico, pero no es el primero ni el único: Android lo usa desde 2012 y el nuevo Galaxy S8 también lo incorporaEl problema es el mismo en todos los casos: puedes cambiar de nombre y de casa pero no de cara…

Agosto ha sido un gran mes para los ciberdelincuentes. Numerosos ataques, aumento de software malicioso y otros métodos. España no se ha librado.

The seventh entry on the most recent OWASP Top 10 release (from 2013, due to the 2017 release candidate being rejected!) is "Missing Function Level Access Control", which is essentially what leads to Privilege Escalation issues. This common vulnerability…

Reported to Google. Good XSS:) Türk güvenlik araştırmacıları iyi ve zekidir.

Learn more about Linux Container Security from Twistlock. Dev-to-Production Docker and container security for enterprises.

Protect your software supply chain with policy-based container security solutions.

From runtime to development, gain real-time visibility into your cloud with Sysdig. Prioritize critical risks, detect threats instantly, and respond with confidence.

Dagda is an open source tool, coded in Python to perform static analysis of known vulnerabilities in Docker images/containers.