Vulnerabilities

Vulnerabilities news, information, and how-to advice

vlc
dsc00505

security code big data cyberespionage DDoS

Network management vulnerability exposes cable modems to hacking

Hundreds of thousands of internet gateway devices from around the world, primarily cable modems, are vulnerable to hacking because of a serious weakness in their implementation of the Simple Network Management Protocol.

owasp

Contrast Security responds to OWASP Top 10 controversy

Contrast Security has addressed the recent backlash over section A7 of the OWASP Top 10 list for 2017. The company issued a statement on the matter after industry professionals suggested the A7 addition was an example of a vendor...

Richard Bussiere, technical director APAC, Tenable Network Security
Q&A

Periodic vulnerability assessment is recipe for disaster

CSO India spoke to Richard Bussiere, Technical Director APAC at Tenable Network Security on current trends like DevOps and containers, IoT, mobile security and why vulnerability assessment is now mandatory for CISOs.

Hacker in silouhette at laptop

Cybercrime diaries: All the hacks and data breaches in one place

The cybercrime diaries are a series of blogs that provide CIOs, CSOs, CISOs and IT security teams with bulleted datelines and high-level summary commentary on the most noteworthy cybercriminal activity in a quarterly period.

weaponized word

Email-based attacks exploit unpatched vulnerability in Microsoft Word

Attackers have been exploiting an unpatched vulnerability in Microsoft Word for the past few months to compromise computers and infect them with malware.

robot vacuum

Robots: Lots of features, not much security

Robotics is one of the fastest-growing components of the IoT. It can also be one of the more dangerous, if taken over by hackers. And given the level of vulnerabilities in them, that is a clear and present risk.

goal keeper prevention

Prevent or detect? What to do about vulnerabilities

A good security program includes prevention, detection, and response, so security practitioners need to focus on the vulnerabilities that matter.

internet of things

Missing the mark on IoT security

Focusing on securing Internet of Things (IoT) devices is all the rage right now, but companies that are fixated on this specific issue are overlooking the more obvious solutions to their problems.

manometer measure pressure

What makes a good application pen test? Metrics

Research from application security crowd testing and bug bounty program provider Cobalt attempts to define what enterprises could measure to improve results

the complete android n developer course

Android version of iOS malware used in targeted attacks discovered

Researchers at Lookout and Google have identified an Android variant of custom malware originally detected in targeted attacks against iOS last year. Called Pegasus, the malware is used against dissidents in multiple countries, and...

Digital Key encryption

LastPass is scrambling to fix another serious vulnerability

Developers of the popular LastPass password manager are working to fix a serious vulnerability that could allow malicious websites to steal user passwords or to infect computers with malware.

combat cyber crime ts

Continuous IT audits are needed to combat today's cyber threats

It's time to shift to continuous audits as cyber threats are dynamic and constantly changing, we can no longer afford to take a static snapshot of critical IT systems.

broken key

API flaws said to have left Symantec SSL certificates vulnerable to compromise

Over the weekend, Chris Byrne, an information security consultant and instructor for Cloud Harmonics, published a post to Facebook outlining a serious problem with the processes and third-party API used to deliver and manage Symantec...

code programming software bugs cybersecurity

LastPass fixes serious password leak vulnerabilities

Developers of the popular LastPass password manager rushed to push out a fix to solve a serious vulnerability that could have allowed attackers to steal users' passwords or execute malicious code on their computers.

170301 mwc 03173

Cisco to patch 300 devices against flaw found in CIA archives

After digging through the CIA archives released by WikiLeaks, Cisco says they've discovered a previously unknown flaw impacting 318 switch models. The bug, which the CIA has known about for an undetermined amount of time, can allow a...

dirty numbers playground

Microsoft keeps to Bill Gates' roots of cybersecurity

A look at the software giant's startling cybersecurity statistics.

code programming software bugs cybersecurity

Hackers exploit Apache Struts vulnerability to compromise corporate web servers

Attackers are widely exploiting a recently patched vulnerability in Apache Struts that allows them to remotely execute malicious code on web servers.

170301 mwc 03173

Cisco and Apache issue warnings over Zero-Day flaw being targeted in the wild

Cisco's Talos says they've observed active attacks against a Zero-Day vulnerability in Apache's Struts, a popular Java application framework. Cisco started investigating the vulnerability shortly after it was disclosed, and found a...

Load More