Vulnerabilities

Vulnerabilities | News, how-tos, features, reviews, and videos

security audit - risk assessment - network analysis
credit cards

Bug bounty program

Bug bounties offer legal safe harbor. Right? Right?

Bug bounties are all the rage, but many programs do not offer legal safe harbor to good-faith security researchers who wish to report security issues. Caveat bug finder.

cockroach bug binary2

Do you need a vulnerability disclosure program? The feds say yes

The FTC and DOJ are pushing companies to provide a means for good-faith security researchers to report bugs and put effective processes in place to act on those reports.

danger

Hundreds of HP inkjet printer models vulnerable to critical remote code execution flaws

Hundreds of HP inkjet printer models are in desperate need of firmware patches before hackers start exploiting vulnerabilities to gain remote code execution.

patch on top of Windows logo

Patching Windows for Spectre and Meltdown: A complete guide

With newly disclosed Spectre and Meltdown variants, it’s time to review the risk they present your Windows systems and the steps needed to patch them.

Bug bounty program

$10,000 for hacking HP printers: First bug bounty program for printer security

HP invited 34 security researchers to participate in its bug bounty program for printers, offering up to $10,000 per bug.

Hacker in hoodie holding up finger to be quiet secret

Rapid7 penetration tests reveal multitude of software flaws, network misconfigurations

In 268 penetration tests, Rapid7’s testers exploited software flaws 84% of the time, abused network misconfigurations 80% of the time, and captured credentials 53% of the time.

salted hash thumbnail multi final
video

Don't ignore application security | Salted Hash Ep 35

In this episode, Michael Feiertag, CEO and co-founder of tCell, joins host Steve Ragan to talk about why application security is more critical than ever and why it's just now getting more attention from security teams.

iot network

Half a billion smart devices vulnerable to decade-old DNS rebinding attacks

Researchers warned that 496 million smart devices used by enterprises are vulnerable to DNS rebinding attacks.

allscripts health care ransomware bitcoin

Samsam infected thousands of LabCorp systems via brute force RDP

LabCorp, one of the largest clinical labs in the U.S., said the Samsam ransomware attack that forced their systems offline was contained quickly and didn't result in a data breach. However, in the brief time between detection and...

windows bugs crashes

Microsoft’s Identity Bug Bounty program pays up to $100,000

Microsoft’s new Identity Bounty program offers payouts of up to $100,000 for bugs in its identity solutions, as well as bugs in select OpenID standards.

cockroach bug binary2

Microsoft-related bug reports up 121%, virtualization software bugs up 275%

The Zero Day Initiative saw a 33% increase in the number of bugs reported so far in 2018, which may shatter 2017's 'busiest year ever' record.

risk assessment gauge

Kenna Security takes a data-driven approach to risk analysis

Risk from security threats is relative to each company. Kenna Security leverages company and public data to pinpoint the real risk for each customer.

salted hash thumbnail final

Salted Hash Ep 34: Red Team vs. Vulnerability Assessments

This week on Salted Hash, Phil Grimes, Professional Services Lead at RedLegg, discusses why words matter, the concept of scoping for Red Teams, and shares more stories from his days in the field as we discuss tailgating and dumpster...

skull and crossbones in binary code

What is a zero-day exploit? A powerful but fragile weapon

A zero-day is a security flaw that has not yet been patched by the vendor and can be exploited. These vulnerabilities fetch high prices on the black market

google home mini

Decade-old attack can pwn Google Home, Chromecast, Sonos and Roku

Several IoT devices are vulnerable to DNS rebinding attacks that could allow attackers to get your geographic location, gather recon for future attacks, or remotely control the devices.

hacker presence on a network

Researchers disclose 7 flaws in 390 Axis IP cameras, remote attacker could take control

If an attacker were to chain three of the flaws in the Axis IP cameras, they could remotely execute shell commands with root privileges. Update your firmware now.

root lock

Crestron console service has critical vulnerability

Rapid7 disclosed Crestron flaw that can be used to gain root-level access and give attackers the ability to control commands being executed on the system.

Security flaws in baby cam monitors

Another baby monitor camera hacked

The latest baby monitor hacking incident involves a $34 FREDI wireless baby camera monitor. The hacked device was used to spy on a mother and her baby.

Load More