Vulnerabilities
Vulnerabilities | News, how-tos, features, reviews, and videos
New Intel firmware boot verification bypass enables low-level backdoors
By replacing a PC's SPI flash chip with one that contains rogue code, an attacker can can gain full, persistent access.
Researchers warn of unpatched vulnerability in Oracle WebLogic Server
Detected scans suggest attacker are seeking vulnerable servers to target for attacks.
GandCrab attackers exploit recently patched Confluence vulnerability
If your company uses Confluence, make sure you have the latest available patches for this vulnerability.
Critical Magento SQL injection flaw could be targeted by hackers soon
Popular e-commerce platform Magento has released security patches to fix the flaw. Researchers say update now.
Vulnerability management woes continue, but there is hope
Prioritizing fixes, workflows, and timely patching are just some of the challenges organizations face, but advanced data analytics may help with vulnerability management.
What is AI fuzzing? And why it may be the next big cybersecurity threat
Pairing artificial intelligence or machine learning with traditional fuzzing techniques creates a powerful tool to find application or system vulnerabilities — for both researchers and cyber criminals.
What is Metasploit? And how to use this popular hacking tool
Metasploit is a widely used penetration testing tool that makes hacking way easier than it used to be. It has become an indispensable tool for both red team and blue team.
SoftNAS Cloud 0day found: Upgrade ASAP
SoftNAS Cloud users should upgrade immediately following a report by Digital Defense that the virtual cloud appliance is vulnerable to a session management security issue.
Elasticsearch clusters face attacks from multiple hacker groups
If you are running an older version of Elasticsearch, make sure you've patched its known vulnerabilities or consider upgrading.
Password managers remain an important security tool despite new vulnerability report
Experts downplay discovery of a vulnerability that can expose passwords in a computer's memory. Hackers likely to take easier paths to stealing passwords.
Meet the man-in-the-room attack: Hackers can invisibly eavesdrop on Bigscreen VR users
Flaws in Bigscreen could allow 'invisible Peeping Tom' hackers to eavesdrop on Bigscreen VR users, to discreetly deliver malware payloads, to completely control victims' computers and even to start a worm infection spreading through...
Are zero-day exploits the new norm?
Research from Microsoft's Matt Miller shows that every actively exploited Windows vulnerability in 2017 was first done using a zero-day attack. Other research shows this trend extends across the IT landscape.
North Korean hackers target Russian-based companies
The North Korean Lazarus APT group is going after the Russians. Russian hackers, however, needed less than 20 minutes in 2018 to completely pwn an organization.
10 essential steps to improve your security posture
A strong security posture takes more than having the right defenses in place, you also need to establish solid plans to ensure you react to any breach in the right way.
Disastrous cyber attack on email provider wipes US servers and backups
A cyber attack on email provider VFEmail caused “catastrophic destruction,” with hackers wiping the servers and backups.
Popular electric scooters can be remotely hacked
Researchers warned that Xiaomi M365 scooters can be remotely hacked from 100 meters away to slam on the brakes or to accelerate.
Android phones can be hacked remotely by viewing malicious PNG image
Android users are being told to patch their Android OS Nougat (7.0), Oreo (8.0) and Pie (9.0) as soon as updates are available after a bug related to PNG images was found.
Vendor allegedly assaults security researcher who disclosed massive vulnerability
A security researcher alleges the COO of Atrient assaulted and threatened him after disclosing a massive vulnerability in an Atrient product.
Sponsored Links