Vulnerabilities

Vulnerabilities | News, how-tos, features, reviews, and videos

Security threat [illustration] > A hacker with black hat, mask, and crowbar breaks into a laptop.
News Analysis

Critical flaw in WooCommerce can be used to compromise WordPress websites

cybersecurity eye with binary face recognition abstract eye
News

Cyberpion rebrands as Ionix, offering new EASM visibility improvements

configuring virtual machine laptop
News Analysis

Critical flaw in AI testing framework MLflow can lead to server and data compromise

The now-patched vulnerability in the popular MLflow platform could expose AI and machine-learning models stored in the cloud and allow for lateral movement.

Industrial plant
News

New vulnerabilities found in industrial control systems of major vendors

The US Cybersecurity and Infrastructure Security has revealed new vulnerabilities in the industrial systems from leading vendors including Siemens, Delta Electronics, Hitachi and Rockwell.

a hooded figure targets a coding vulnerability
News Analysis

55 zero-day flaws exploited last year show the importance of security risk management

Cybercriminals are now exploiting zero-day vulnerabilities for higher profits, which might require a reassessment of your risk.

An IT technician works on laptop in data center, with other IT staff in the background.
News

Average enterprise storage/backup device has 14 vulnerabilities, three high or critical risks

State of Storage and Backup Security Report 2023 reveals significant gap in the state of enterprise storage and backup security compared to other layers of IT and network security.

CSO > Microsoft Office > Patches + updates
News

As critical Microsoft vulnerabilities drop, attackers may adopt new techniques

As critical Microsoft software vulnerabilities decline, attackers will need to chain together less severe exploits to achieve code execution, elevate system privilege levels, and move around victim networks.

1887170134 attack surface programming abstract
Feature

9 attack surface discovery and management tools

The main goal of cyber asset attack surface management tools is to protect information about a company’s security measures from attackers. Here are 9 tools to consider when deciding what is best for the business.

A magnifying lens exposes an exploit amid binary code.
News Analysis

CISA kicks off ransomware vulnerability pilot to help spot ransomware-exploitable flaws

The CISA pilot program will notify organizations of vulnerabilities that can lead to ransomware attacks, with small organizations the primary beneficiaries.

hand at keyboard with Windows logo
News Analysis

Two Patch Tuesday flaws you should fix right now

Vulnerabilities affecting both Outlook for Windows and Microsoft SmartScreen were patched recently — both could have wide-ranging impact.

'Danger' warning emblazoned across a glitched flag of China.
News

Attacks on SonicWall appliances linked to Chinese campaign: Mandiant

The technique used in the attack on SonicWall devices are consistent with earlier attacks from a Chinese campaign.

A hacker touches a grid of binary code with desctructive impact and a ripple effect.
News

Lazarus group infiltrated South Korean finance firm twice last year

North Korea-linked Lazarus group had infiltrated the affected company in May 2022 and again in October through the same software’s zero-day vulnerability.

leaky faucet by Maarten Van Damme, CC BY 2.0 via Flickr
News Analysis

Hard-coded secrets up 67% as secrets sprawl threatens software supply chain

2022 was a particularly leaky year in relation to secrets, GitGuardian’s latest State of Secrets Sprawl report finds.

Person holding phone near a laptop while getting two-factor authentication info
News Analysis

Booking.com account takeover flaw shows possible pitfalls in OAuth implementations

Avoid these simple mistakes when setting up OAuth for third-party authentication to block unauthorized account access.

A broken link in a digital chaing / weakness / vulnerability
News

Unpatched old vulnerabilities continue to be exploited: Report

The top five exploited vulnerabilities in 2022 include several high-severity flaws in Microsoft Exchange, Zoho ManageEngine products, and virtual private network solutions from Fortinet, Citrix and Pulse Secure.

cybercrime cyber crime skull symbol project darknet dark web internet safety cyberattack theft viru
News Analysis

Microsoft tells Exchange admins to revert previously recommended antivirus exclusions

The antivirus exclusion might cause Exchange Server failures or prevent the detection of backdoors planted by attackers.

a hooded figure targets a coding vulnerability
News Analysis

Companies urged to patch critical vulnerability in Fortinet FortiNAC

The high-severity vulnerability allows unauthorized users to write arbitrary files to the system, and it is being exploited.

Developers work together to review lines of code in an office workspace.
News

At least one open source vulnerability found in 84% of code bases: Report

Almost all applications contain at least some open source code, and 48% of all code bases examined by Synopsys researchers contained high-risk vulnerabilities.

Manufacturing 4.0
News Analysis

PLC vulnerabilities can enable deep lateral movement inside OT networks

Researchers demonstrate how attackers can target PLCs to bypass authentication and perform remote code execution on industrial networks.

Tech Spotlight > Cloud [IFW] > Conceptual image of IoT cloud services.
News Analysis

Flaws in industrial wireless IoT solutions can give attackers deep access into OT networks

Greater use of industrial cellular gateways and routers expose IIoT devices to attackers and increase the attack surface of OT networks.

Load More