Vulnerabilities
Vulnerabilities | News, how-tos, features, reviews, and videos
Unpatched Exchange Servers an overlooked risk
Attackers are targeting older, unpatched Microsoft Exchange Servers with much success because organizations don't properly assess the risk.
Cosmos DB users advised to regenerate their keys following serious vulnerability
The Azure vulnerability, which affects only those using the Jupyter Notebook feature, gives attackers access to data in databases.
BlackBerry faces bad PR by failing to go public with BadAlloc vulnerability
Although the company informed its OEM customers of the vulnerability, users of IoT devices running its QNX OS were potentially kept in the dark.
Amazon Sidewalk highlights network security visibility risks consumer services pose
Research warns consumer-grade services can undermine risk assessment of corporate networks amid remote working as Houdini malware spoofs devices to exfiltrate data.
6 vulnerabilities Microsoft hasn't patched (or can't)
Your IT and security admins need to be aware of these unpatched Microsoft vulnerabilities so that they can mitigate them in other ways.
NSA, CISA release Kubernetes hardening guidance following Colonial Pipeline, other attacks
The guidance seeks to educate IT administrators about cloud security risks and best practices for implementing and maintaining Kubernetes.
Serious flaws in widespread embedded TCP/IP stack endanger industrial control devices
Critical vulnerabilities potentially affect millions of devices, but finding and patching them will be difficult.
Basic flaws put pneumatic tube transport systems in hospitals at risk
Multiple vulnerabilities could allow persistent take-over and ransom demands by attackers.
Authentication bypass allows complete takeover of Modicon PLCs used across industries
The vulnerability could allow attackers to insert malicious code and easily avoid detection.
PrintNightmare vulnerability explained: Exploits, patches, and workarounds
Public exploits are available for a remote code execution vulnerability in the Windows Print Spooler that could allow attackers to take full control of systems. The vulnerability affects all editions of Windows and organizations are...
15 top open-source intelligence tools
OSINT (open-source intelligence) is the practice of collecting information from published or otherwise publicly available sources. These tools will help you find sensitive public info before bad guys do.
Flaws in Dell's over-the-air device recovery and update impacts millions of devices
As many as 40 million Dell devices are vulnerable to targeted man-in-the-middle attacks. Dell advises BIOS/UEFI updates.
![Digital bugs amid binary code. [security threats / malware / breach / hack / attack]](https://images.idgesg.net/images/article/2020/09/digital_bugs_amid_binary_code_security_threats_malware_breach_hack_attack_by_whatawin_gettyimages-1188254819_2400x1600-100858616-small.3x2.jpg?auto=webp)
10 old software bugs that took way too long to squash
As these examples show, vulnerabilities can lurk within production code for years or decades—and attacks can come at any time.
Thousands of publicly accessible VMware vCenter Servers vulnerable to critical flaws
With proofs of concept public, attackers are likely exploiting this vulnerability weeks after patches were released.
5 questions to answer before jumping on the bug bounty bandwagon
Bug bounty programs can bolster your vulnerability management capabilities, but are you ready?
Defining linchpins: An industry perspective on remediating Sunburst
The concept of linchpin software can be useful in assessing risk and focusing security efforts, but it comes with challenges.
Spy groups hack into companies using zero-day flaw in Pulse Secure VPN
Known and unknown groups are using VPN vulnerabilities to circumvent authentication and establish backdoors.
