SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
Title: Microsoft issues security update fixing vulnerabilities in Azure Sphere
Description: Cisco Talos researchers recently discovered multiple vulnerabilities in Microsoft's Azure Sphere, a cloud-connected and custom SoC platform designed specifically with IoT application security in mind. Internally, the SoC is made up of a set of several ARM cores that have different roles (e.g. running different types of applications, enforcing security, and managing encryption), and externally the Azure Sphere platform is supported by Microsoft's Azure Sphere cloud, which handles secure updates, app deployment, and periodically verifying the device integrity to determine whether or not it should be allowed cloud access. Talos discovered four vulnerabilities in Azure Sphere, two of which could lead to unsigned code execution, and the two others for privilege escalation.
Snort SIDs: 54645, 54646, 54729, 54730
Title: Cross-site scripting bug affects open-source CMS, used by many WordPress sites
Description: TinyMCE recently disclosed a vulnerability that could have allowed attackers to completely take over some websites. The open-source content management system and text editor fixed a high-severity cross-site scripting vulnerability. An attacker could input specific HTML code into a forum on an affected website to exploit this vulnerability, allowing them to take control of the websites. Security researchers suggest thousands of sites could be affected.
Snort SIDs: 54815, 54816