Vulnerabilities | News, how-tos, features, reviews, and videos

skull and crossbones in binary code
siren emergency

A firmware message appears on a circuit board.

Researchers show techniques for malware persistence on F5 and Citrix load balancers

Tests show that deploying malware in a persistent manner on load balancer firmware is within reach of less sophisticated attackers.

Patch + update options  >  Pixelized tools + refresh symbol with branching paths

OpenSSL project patches two vulnerabilities but downgrades severity

The two vulnerabilities in OpenSSL 3.0 are now rated as high rather than critical severity after further testing.

Microsoft Windows 10X logo, with an abstract wave of technology in the background.

Microsoft Event Log vulnerabilities threaten some Windows operating systems

Two newly discovered vulnerabilities have been found to impact an Internet Explorer-specific Event Log present on operating systems prior to Windows 11.

vulnerable breach cyberattack hacker

High, medium severity vulnerabilities impacting Zimbra Collaboration Suite

Unpatched organizations are urged to assume compromise and hunt for malicious activity.

skull and crossbones in binary code

Supply chain attacks increased over 600% this year and companies are falling behind

Most companies believe they are using no open-source software libraries with known vulnerabilities, but new research finds them in 68% of selected enterprise applications.

4 industrial iot robotics automation manufacturing code

Researchers extract master encryption key from Siemens PLCs

Global encryption keys were hardcoded on some programmable logic controller product lines. Siemens recommends upgrading all affected devices.

Eyeglasses rest on a binary field / code review / threat assessment / check vulnerabilities

North Korea’s Lazarus group uses vulnerable Dell driver to blind security solutions

This first known exploit of the Dell vulnerability might inspire other malware developers who want to avoid detection of their code.

Microsoft  >  RDP | Remote Desktop Protocol vulnerabilities  >  caution / danger / admin login

Microsoft mitigation for new Exchange Server zero-day exploits can be bypassed

No permanent fix for the Exchange Server vulnerabilities is yet available, but other steps can mitigate the risk.

Digital bugs amid binary code. [security threats / malware / breach / hack / attack]

11 old software bugs that took way too long to squash

As these examples show, vulnerabilities can lurk within production code for years or decades—and attacks can come at any time.

backdoor / abstract security circuits, locks and data blocks

Cyberespionage group developed backdoors tailored for VMware ESXi hypervisors

A possibly new threat actor packaged and deployed backdoors as vSphere Installation Bundles, gaining remote code execution and persistence capabilities.

security audit - risk assessment - network analysis

Zoho ManageEngine flaw is actively exploited, CISA warns

Threat actors are exploiting unpatched ManageEngine instances. CISA adds the vulnerability to its catalog and Zoho urges customers to check their deployments.

SAP sign

Most common SAP vulnerabilities attackers try to exploit

Unpatched systems, misconfigurations and vulnerable custom code are making SAP environments a top target for cyberattacks.

man holding pen drawing a heartbeat and red heart

The Heartbleed bug: How a flaw in OpenSSL caused a security crisis

Heartbleed is a vulnerability in OpenSSL that came to light in April of 2014; it can be traced to a single line of code.

CSO > IoT / Internet of Things, unencrypted/unsecured/vulnerable

Up to 35% more CVEs published so far this year compared to 2021

A new report shows that significantly more CVEs will be published this year, and that some organizations are still vulnerable from older, unpatched CVEs.

Patch + update options  >  Pixelized tools + refresh symbol with branching paths

Why patching quality, vendor info on vulnerabilities are declining

It's getting harder to assess the impact of patching or not patching, and too many patches don't fully fix the problem. It's time to pressure vendors.

adding processor to circuit board computer hardware

New exploits can bypass Secure Boot and modern UEFI security protections

Two research groups demonstrate PC firmware vulnerabilities that are difficult to mitigate and likely to be exploited in the wild.

orange monitors with lock icon network security cyber threat

37 hardware and firmware vulnerabilities: A guide to the threats

Meltdown and Spectre raised the alarm over vulnerabilities that attackers can exploit in popular hardware and its firmware. This list, though not comprehensive, presents the most significant threats.

security system vulnerabilities - a grid of locks with several unlocked

CISA releases IOCs for attacks exploiting Log4Shell in VMware Horizon and UAG

The investigation by the federal agency shows not only the indicators of compromise but also the reasons why the Log4j vulnerability will persist indefinitely.

Load More