Vulnerabilities

Vulnerabilities news, information, and how-to advice

combat cyber crime ts
broken key

code programming software bugs cybersecurity

LastPass fixes serious password leak vulnerabilities

Developers of the popular LastPass password manager rushed to push out a fix to solve a serious vulnerability that could have allowed attackers to steal users' passwords or execute malicious code on their computers.

170301 mwc 03173

Cisco to patch 300 devices against flaw found in CIA archives

After digging through the CIA archives released by WikiLeaks, Cisco says they've discovered a previously unknown flaw impacting 318 switch models. The bug, which the CIA has known about for an undetermined amount of time, can allow a...

dirty numbers playground

Microsoft keeps to Bill Gates' roots of cybersecurity

A look at the software giant's startling cybersecurity statistics.

code programming software bugs cybersecurity

Hackers exploit Apache Struts vulnerability to compromise corporate web servers

Attackers are widely exploiting a recently patched vulnerability in Apache Struts that allows them to remotely execute malicious code on web servers.

170301 mwc 03173

Cisco and Apache issue warnings over Zero-Day flaw being targeted in the wild

Cisco's Talos says they've observed active attacks against a Zero-Day vulnerability in Apache's Struts, a popular Java application framework. Cisco started investigating the vulnerability shortly after it was disclosed, and found a...

clock and calendar montage

February 2017: The month in hacks and breaches

An unsecured MongoDB database, sluggishness about disclosing and patching vulnerabilities, and “I was just curious” were among the contributing factors to the month’s incidents.

terminator action figure

Five Terminator movies have taught us nothing

In a new study of leading robot manufacturers, most had serious security vulnerabilities which could allow hackers to take over and reprogram the robots to spy on their owners, cause property damage, or even attack humans.

microsoft stock campus building

Google discloses unpatched IE vulnerability after Patch Tuesday delay

Google's Project Zero team has disclosed a potential arbitrary code execution vulnerability in Internet Explorer because Microsoft has not acted within Google's 90-day disclosure deadline.

Security online

Eleven-year-old root flaw found and patched in the Linux kernel

Linux system administrators should watch for kernel updates for their distributions and apply them as soon as possible because they fix a local privilege escalation flaw that could lead to a full system compromise.

connected cars 10

Are you afraid your car will be taken over?

A consortium was recently created to make sure that your car stays on the road and in your control.

connected nodes network

Understanding the attack surface to better allocate funds

How CISOs can be better informed and get ahead of attacks

Fraud gang targeted large European companies

Recent malware attacks on Polish banks tied to wider hacking campaign

Malware attacks that recently put the Polish banking sector on alert were part of a larger campaign that targeted financial organizations from over 30 countries.

wordpress

Recent WordPress vulnerability used to deface 1.5 million pages

Up to 20 attackers or groups of attackers are defacing WordPress websites that haven't yet applied a recent patch for a critical vulnerability.

BSOD

Zero-day Windows file-sharing flaw can crash systems, maybe worse

The implementation of the SMB network file sharing protocol in Windows has a serious vulnerability that could allow hackers to, at the very least, remotely crash systems.

Netgear R8500

Dozens of Netgear products vulnerable to authentication bypass flaws

Simon Kenin, a security researcher at Trustwave, was – by his own admission – being lazy the day he discovered an authentication vulnerability in his Netgear router. Instead of getting up out of bed to address a connection problem, he...

ethernet cables internet networking

Rsync errors lead to data breach at Canadian ISP, KWIC Internet

Misconfigured Rsync instances across multiple servers has led to a data breach at a Canadian ISP, exposing sensitive information and affecting all of their customers. The ISP, KWIC Internet in Simcoe, Ontario, fixed the problems after...

man leaning on box of office belongings after being fired or laid off

How to get fired in 2017: Have a security breach

There are many reasons why IT professionals can be fired, but six out of the top nine are related to security. Fireable offenses included failing to modernize a security program, data breaches with unknown causes, data breaches that...

backlit keyboard

How to handle security vulnerability reports

There are people out there willing to help with your company’s security issues. Isn’t it time your company had its own ‘see something, say something’ policy?

Load More