Vulnerabilities news, information, and how-to advice

Oracle headquarters
01 intro prediction

information security threat primary4

6 ways security pros unwittingly compromise enterprise security

Overwhelmed and eager to please, security professionals sometimes cut corners and take risks, unwittingly compromising enterprise security.

windows defender primary

Microsoft plugs another critical hole in Windows Defender

Microsoft patched a critical RCE vulnerability in its Malware Protection Engine that could have been exploited without any user interaction.

Outside IT, few aware of projected skills gap to impact security by 2019

Teaching computer science is a first step toward building the next cybersecurity workforce

linux penguin security

5 things you need to know about Stack Clash to secure your shared Linux environment

Qualys shows that attackers can locally exploit the privilege escalation vulnerability to gain root access over Linux, Solaris and BSD machines. This is bad news for Unix-based servers, and even more so for multi-tenant environments.

Cell phone spoofing: Security risk or just annoying?

Phone calls and text messages from unknown callers—cell phone spoofing is becoming more prevalent and raises security concerns.

windows xp pc

It's time to update XP, Windows Server 2003 despite Microsoft's emergency patch

Windows XP and Windows Server 2003 are supposed to be dead, but Microsoft's emergency update to address serious vulnerabilities gives organizations another excuse to hang on to these legacy operating systems a little longer.


Malicious subtitles in popular media players could lead to remote compromise

Researchers at Check Point have discovered a flaw affecting several popular media players, which stems from how they process subtitles. If exploited, an attacker could gain remote access to the victim's system. It's estimated that...


How to check for the Intel exploit that lets hackers take over your PC

Although most consumers PCs are safe from Intel's Active Management vulnerability, some may actually have the hardware that's vulnerable. Here's how to check.

security code big data cyberespionage DDoS

Network management vulnerability exposes cable modems to hacking

Hundreds of thousands of internet gateway devices from around the world, primarily cable modems, are vulnerable to hacking because of a serious weakness in their implementation of the Simple Network Management Protocol.


Contrast Security responds to OWASP Top 10 controversy

Contrast Security has addressed the recent backlash over section A7 of the OWASP Top 10 list for 2017. The company issued a statement on the matter after industry professionals suggested the A7 addition was an example of a vendor...

Richard Bussiere, technical director APAC, Tenable Network Security

Periodic vulnerability assessment is recipe for disaster

CSO India spoke to Richard Bussiere, Technical Director APAC at Tenable Network Security on current trends like DevOps and containers, IoT, mobile security and why vulnerability assessment is now mandatory for CISOs.

Hacker in silouhette at laptop

Cybercrime diaries: All the hacks and data breaches in one place

The cybercrime diaries are a series of blogs that provide CIOs, CSOs, CISOs and IT security teams with bulleted datelines and high-level summary commentary on the most noteworthy cybercriminal activity in a quarterly period.

weaponized word

Email-based attacks exploit unpatched vulnerability in Microsoft Word

Attackers have been exploiting an unpatched vulnerability in Microsoft Word for the past few months to compromise computers and infect them with malware.

robot vacuum

Robots: Lots of features, not much security

Robotics is one of the fastest-growing components of the IoT. It can also be one of the more dangerous, if taken over by hackers. And given the level of vulnerabilities in them, that is a clear and present risk.

goal keeper prevention

Prevent or detect? What to do about vulnerabilities

A good security program includes prevention, detection, and response, so security practitioners need to focus on the vulnerabilities that matter.

internet of things

Missing the mark on IoT security

Focusing on securing Internet of Things (IoT) devices is all the rage right now, but companies that are fixated on this specific issue are overlooking the more obvious solutions to their problems.

manometer measure pressure

What makes a good application pen test? Metrics

Research from application security crowd testing and bug bounty program provider Cobalt attempts to define what enterprises could measure to improve results

the complete android n developer course

Android version of iOS malware used in targeted attacks discovered

Researchers at Lookout and Google have identified an Android variant of custom malware originally detected in targeted attacks against iOS last year. Called Pegasus, the malware is used against dissidents in multiple countries, and...

Load More