Vulnerabilities

Vulnerabilities news, information, and how-to advice

root lock
Security flaws in baby cam monitors

steamstream

Valve patches decade-old bug that made Steam users' PCs vulnerable

Valve patched a 10-year remote code execution bug that could have bitten all Steam clients and allowed attackers to remotely control gamers' computers.

man typing on laptop search internet web browswer

What is Shodan? The search engine for everything on the internet

Defenders find this simple tool valuable for finding vulnerable devices attached to the web that need to be secured.

containers port ship boat

Containers are here. What about container security?

ESG data indicates that cybersecurity pros have problems around the nuances of container technology and implementing container-centric security controls.

broken lock amid binary code and circuits

EFAIL: Critical PGP and S/MIME bugs could reveal plaintext of encrypted emails

There's currently no fix for the critical flaws in PGP and S/MIME that could reveal plaintext of encrypted email. Users are advised to disable PGP plug-ins and not to use decryption in email clients.

security bug

Katie Moussouris: It’s dangerous to conflate bug bounties and vulnerability disclosure

“There are two extremes right now: no idea where to start or do a bug bounty,” says Moussouris, who built Microsoft's vulnerability disclosure program.

email bullseye with three red arrows

Researchers warn PGP and S/MIME users of serious vulnerabilities

A professor at Münster University issued a warning on Sunday about serious vulnerabilities in PGP and S/MIME – two widely-used methods for encrypting email – which, if exploited, could reveal plain text communications. The issue also...

People walking with airplane in background

Aviation industry takes steps to mitigate insider threats

The aviation industry realizes insider threats are a reality and is working within the public-private partnership to heighten awareness of them.

hikvision cameras

Critical Hikvision flaw could be remotely exploited to hijack cameras, DVRs and accounts

Hikvision patched a critical flaw that allowed attackers to access and manipulate cameras and DVRs as well as hijack accounts.

group silhouette filled with binary code

SamSam explained: Everything you need to know about this opportunistic group of threat actors

The group behind the SamSam family of ransomware is known for recent attacks on healthcare organizations, but that's not its only target.

russian military

Russia is hacking routers in global cyber attacks, US and UK warn

In a first-of-its-kind advisory, the U.S. and U.K. warned of malicious cyber activity by state-sponsored Russian hackers who are targeting network infrastructure devices.

allscripts insider pdf primary

Allscripts: Ransomware, recovery, and frustrated customers

The actors behind SamSam launched an attack against Allscripts in January 2018, leaving the company’s customers without access to the services needed to run their medical practices — some for more than a week.

US Flag

Hackers abused Cisco flaw to warn Iran and Russia: 'Don't mess with our elections'

Hackers exploited a flaw in Cisco Smart Install Client in a cyber attack against Iran and Russia, enabling them to leave the US flag and 'Don't mess with our elections' on screens.

plastic soldiers

Open source software security challenges persist

Using open source components saves developers time and companies money. In other words, it's here to stay. Here's a look at what it will take to improve open source security.

security threats and vulnerabilities

How a vulnerability disclosure policy lets hackers help you

Does your company have a vulnerability disclosure policy (VPD)? And if not, what might it mean for your security?

ransomware at your service 4

SamSam ransomware attacks have earned nearly $850,000

First emerging in late 2015, the group believed to be responsible for the SamSam ransomware family has targeted small and large businesses, healthcare, governments, and education. To date, the group has made nearly $850,000 USD

amdryzen

Researchers find 13 critical flaws in AMD's Ryzen and Epyc chips

Researchers accused of ignoring responsible disclosure claim AMD chips are riddled with critical flaws and backdoors; AMD says it is investigating.

pepper robot

Ransomware: Coming to a robot near you soon?

A a proof-of-concept hack at the Kaspersky Security Analyst Summit showed how robots could be infected with ransomware.

Dept of Homeland Security, IoT

Homeland Security's IT security continues to fall short

Another year, another audit, another set of failings when it comes to the Department of Homeland Security’s IT systems.

Load More