Vulnerabilities

Vulnerabilities | News, how-tos, features, reviews, and videos

zeroday software bug skull and crossbones security flaw exploited danger vulnerabilities by gwengoa
cisco logo fit

Computerworld > Microsoft OneDrive / Microsoft SharePoint

Ransomware could target OneDrive and SharePoint files by abusing versioning configurations

A proof-of-concept exploit could make Office 365 or Microsoft 365 documents stored on OneDrive or SharePoint inaccessible.

zeroday software bug skull and crossbones security flaw exploited danger vulnerabilities by gwengoa

Zero-day flaw in Atlassian Confluence exploited in the wild since May

Atlassian has issued emergency patches for the vulnerability, which could allow attackers to perform remote code execution.

Unlocked circuit board / security threat

6 top vulnerability management tools and how they help prioritize threats

Organizations handle vulnerability management in various ways, from training and best-practice implementations to filtering out all but the most dangerous threats. Here's a look at some of today's more innovative solutions.

A firmware message appears on a circuit board.

Cybercriminals look to exploit Intel ME vulnerabilities for highly persistent implants

Leaked Conti information show the ransomware gang likely completed a proof of concept to exploit Intel ME and rewrite its firmware.

A magnifying lens exposes an exploit amid binary code.

Microsoft gives mitigation advice for Follina vulnerability exploitable via Office apps

The actively exploited flaw allows attackers to use malicious Word documents to perform remote code execution through Microsoft Support Diagnostic Tool.

Microsoft logo

Microsoft security vulnerabilities drop after five-year rise

While elevated privilege attacks remain a critical security concern when using Microsoft products, a new report says that the raw number of vulnerabilities is dropping.

abstract programming code

Chris Wysopal: Open source is becoming a national security risk

The Veracode CTO explains what set the Log4j vulnerabilities apart, how it raised awareness of issues around open source security, and where he sees progress.

A magnifying lens exposes an exploit amid binary code.

CISA issues emergency warning over two new VMware vulnerabilities

The U.S. Cybersecurity and Infrastructure Agency issues emergency security directive over VMware vulnerabilities CVE-2022-22972 and CVE-2022-22973, which threat actors are likely to exploit.

intro security vulnerability

Two account compromise flaws fixed in Strapi headless CMS

The vulnerabilities allow attackers to use a low-privilege account to reset the password of a higher-privilege account.

Cloud Security

Wrongly configured Google Cloud API potentially creates dangerous functionality

Misconfiguration of the Google Cloud Platform API could create an exploitable behavior that leads to service compromise.

security system vulnerabilities - a grid of locks with several unlocked

TLS implementation flaws open Aruba and Avaya network switches to RCE attacks

The network switch vulnerabilities are considered critical and could allow attackers to break network segmentation, exfiltrate data, and escape captive portals.

CSO  >  Searching for vulnerabilities  >  Magnifying lens in a virtual interface idnetifies weakness

Researchers break Azure PostgreSQL database-as-a-service isolation with cross-tenant attack

Although the vulnerabilities were patched server-side, they allowed privilege escalation and authentication bypass.

A magnifying lens exposes an exploit amid binary code.

15 most exploited vulnerabilities of 2021

Global cybersecurity advisory highlights the 15 most targeted vulnerabilities of 2021, indicating that attackers targeted exploits both old and new last year.

risk assessment gauge

Spring4Shell: Assessing the risk

Spring4Shell does not affect most systems, so a calm, methodical approach to assessing the real threat is best.

hand at keyboard with Windows logo

Why you should patch the latest critical Windows RPC vulnerability right now

CVE-2022-26809 can allow attackers to compromise networks without user intervention, making it the most dangerous vulnerability fixed by Microsoft's April 12 Patch Tuesday update.

CSO  >  Botnet  >  Robots amid a blue binary matrix

Serious flaws allow the hijacking of autonomous logistics robots used in hospitals

The now patched JekyllBot:5 vulnerabilities in Aethon TUG robots expose three communications interfaces, two APIs, and a websocket interface.

Abstract Java code

Spring4Shell patching is going slow but risk not comparable to Log4Shell

More tools to identify vulnerable applications and options to mitigate the risk from Spring4Shell are also now available.

Eyeglasses rest on a binary field / code review / threat assessment / check vulnerabilities

Remote code execution flaws in Spring and Spring Cloud frameworks put Java apps at risk

Users are urged to update both the Spring Framework and Spring Boot tool.

Load More
You Might Also Like