Vulnerabilities
Vulnerabilities news, information, and how-to advice
Valve patches decade-old bug that made Steam users' PCs vulnerable
Valve patched a 10-year remote code execution bug that could have bitten all Steam clients and allowed attackers to remotely control gamers' computers.
What is Shodan? The search engine for everything on the internet
Defenders find this simple tool valuable for finding vulnerable devices attached to the web that need to be secured.
Containers are here. What about container security?
ESG data indicates that cybersecurity pros have problems around the nuances of container technology and implementing container-centric security controls.
EFAIL: Critical PGP and S/MIME bugs could reveal plaintext of encrypted emails
There's currently no fix for the critical flaws in PGP and S/MIME that could reveal plaintext of encrypted email. Users are advised to disable PGP plug-ins and not to use decryption in email clients.
Katie Moussouris: It’s dangerous to conflate bug bounties and vulnerability disclosure
“There are two extremes right now: no idea where to start or do a bug bounty,” says Moussouris, who built Microsoft's vulnerability disclosure program.
Researchers warn PGP and S/MIME users of serious vulnerabilities
A professor at Münster University issued a warning on Sunday about serious vulnerabilities in PGP and S/MIME – two widely-used methods for encrypting email – which, if exploited, could reveal plain text communications. The issue also...
Aviation industry takes steps to mitigate insider threats
The aviation industry realizes insider threats are a reality and is working within the public-private partnership to heighten awareness of them.
Critical Hikvision flaw could be remotely exploited to hijack cameras, DVRs and accounts
Hikvision patched a critical flaw that allowed attackers to access and manipulate cameras and DVRs as well as hijack accounts.
SamSam explained: Everything you need to know about this opportunistic group of threat actors
The group behind the SamSam family of ransomware is known for recent attacks on healthcare organizations, but that's not its only target.
Russia is hacking routers in global cyber attacks, US and UK warn
In a first-of-its-kind advisory, the U.S. and U.K. warned of malicious cyber activity by state-sponsored Russian hackers who are targeting network infrastructure devices.
Allscripts: Ransomware, recovery, and frustrated customers
The actors behind SamSam launched an attack against Allscripts in January 2018, leaving the company’s customers without access to the services needed to run their medical practices — some for more than a week.
Hackers abused Cisco flaw to warn Iran and Russia: 'Don't mess with our elections'
Hackers exploited a flaw in Cisco Smart Install Client in a cyber attack against Iran and Russia, enabling them to leave the US flag and 'Don't mess with our elections' on screens.
Open source software security challenges persist
Using open source components saves developers time and companies money. In other words, it's here to stay. Here's a look at what it will take to improve open source security.
How a vulnerability disclosure policy lets hackers help you
Does your company have a vulnerability disclosure policy (VPD)? And if not, what might it mean for your security?
SamSam ransomware attacks have earned nearly $850,000
First emerging in late 2015, the group believed to be responsible for the SamSam ransomware family has targeted small and large businesses, healthcare, governments, and education. To date, the group has made nearly $850,000 USD
Researchers find 13 critical flaws in AMD's Ryzen and Epyc chips
Researchers accused of ignoring responsible disclosure claim AMD chips are riddled with critical flaws and backdoors; AMD says it is investigating.
Ransomware: Coming to a robot near you soon?
A a proof-of-concept hack at the Kaspersky Security Analyst Summit showed how robots could be infected with ransomware.
Homeland Security's IT security continues to fall short
Another year, another audit, another set of failings when it comes to the Department of Homeland Security’s IT systems.
-
Video/Webcast
Sponsored -
White Paper
-
White Paper
-
Video/Webcast
Sponsored -
White Paper
Most Popular
Sponsored Links