Vulnerabilities

Vulnerabilities | News, how-tos, features, reviews, and videos

leaking binary data pouring through one's hands
micro segmentation security lock 2400x1600

A broken link in a digital chaing / weakness / vulnerability

The Windows Bad Neighbor vulnerability explained — and how to protect your network

Attackers could use the Windows Bad Neighbor vulnerability to perform remote code execution or create buffer overflows. Patches and workarounds are available.

QR code on mobile phone [CC0 image by Gerd Altmann via Pexels]

How attackers exploit QR codes and how to mitigate the risk

Attackers are taking advantage of the increased use of QR codes to steal sensitive information or conduct phishing campaigns. Here's what security teams and employees need to know.

One lock in a series is unlocked / weakness / vulnerability

Half of all virtual appliances have outdated software and serious vulnerabilities

New study shows that even security vendors can use outdated and vulnerable virtual appliances. Top advice: Make sure your vulnerability management processes include virtual appliances.

Unlocked circuit board / security threat

6 top vulnerability management tools and how they help prioritize threats

Organizations handle vulnerability management in various ways, from training and best-practice implementations to filtering out all but the most dangerous threats. Here's a look at some of today's more innovative solutions.

bucket with holes breach security vulnerability

SAP ASE leaves sensitive credentials in installation logs

Two vulnerabilities in SAP ASE's Cockpit component leaves some sensitive information available to anyone on the network and other data susceptible to brute-force attacks.

A broken link in a digital chaing / weakness / vulnerability

Microsoft's Zerologon vulnerability fix: What admins need to know

Microsoft patched its Netlogon Remote Protocol to prevent Zerologon exploits, but a second update is coming in February. Here's what you need to do now to prepare.

CSO  >  Searching for vulnerabilities  >  Magnifying lens in a virtual interface idnetifies weakness

Zerologon explained: Why you should patch this critical Windows Server flaw now

Attackers have learned how to exploit the Zerologon vulnerability in Windows Server, potentially gaining domain admin control.

man typing on laptop search internet web browswer

8 top open source intelligence tools

OSINT (open source intelligence) is the practice of collecting information from published or otherwise publicly available sources. These tools will help you find sensitive public info before bad guys do.

A hacker attacks from within a Windows system.

Windows code-signing attacks explained (and how to defend against them)

Learn how code-signing attacks work and how to defend against them. It starts with patching.

locked data / bitcoins

4 top vulnerabilities ransomware attackers exploited in 2020

As more employees work from home, attackers have more endpoints to target. These unpatched vulnerabilities in remote access tools and Windows makes their job easier.

incoming emails / DNS security / locked server / parked domain

18 (new) ways attackers can compromise email

Researchers have discovered eighteen new vulnerabilities in how email systems authenticate senders, making it even easier for criminals to fool users.

CSO  >  Searching for vulnerabilities  >  Magnifying lens in a virtual interface idnetifies weakness

Linux GRUB2 bootloader flaw breaks Secure Boot on most computers and servers

The vulnerability can also affect Windows systems. A patch is available, but will require manual testing and deployment.

black hat / hacker entering a binary room through a keyhole

11 top DEF CON and Black Hat talks of all time

Hacker summer camp is almost upon us again. Here are some of the best talks of all time. Will this year's virtual talks measure up to these legends?

computer worm

Wormable DNS flaw endangers all Windows servers

The SIGRed vulnerability can spread malware across a network without user interaction. Microsoft has issued an urgent patch.

broken lock amid binary code and circuits

Critical flaw allows hackers to breach SAP systems with ease

SAP NetWeaver Application Server Java vulnerability can be exploited without authentication and lead to complete system takeover. Patch now.

access control / authentication / privileges / security / key

Privilege escalation explained: Why these flaws are so valuable to hackers

Attackers use privilege escalation flaws to gain access to systems and applications. Patching and monitoring are the most important ways to stop them.

Glowing blue montage of hand keying in password at ATM

Vulnerable drivers can enable crippling attacks against ATMs and POS systems

Newly discovered vulnerabilities could allow more persistent and destructive attacks on popular models of ATM and POS devices.

iot security

Critical flaws in embedded TCP/IP library impact millions of IoT devices across industries

The memory corruption flaws exist in a wide range of commercial and consumer devices, and can allow full takeover of them.

Load More
You Might Also Like