Vulnerabilities

Vulnerabilities | News, how-tos, features, reviews, and videos

security threats and vulnerabilities
News Analysis

Spy groups hack into companies using zero-day flaw in Pulse Secure VPN

zeroday software bug skull and crossbones security flaw exploited danger vulnerabilities by gwengoa
Feature

Zero days explained: How unknown vulnerabilities become gateways for attackers

Security system alert, warning of a cyberattack.
Feature

The SolarWinds Senate hearing: 5 key takeaways for security admins

Testimony by key security executives in the US Senate reveal how unprepared most organizations are for supply chain attacks. Here are the lessons security admins should learn from it.

binary cyberattack cybersecurity hacked protected
News Analysis

Why the Microsoft Exchange Server attack isn’t going away soon

For some victims, patching and proper forensics will be difficult, plus new threat actors are now exploiting the same Exchange Server vulnerabilities.

zeroday software bug skull and crossbones security flaw exploited danger vulnerabilities by gwengoa
How-To

How to patch Exchange Server for the Hafnium zero-day attack

Admins in many businesses report indicators of compromise from an Exchange zero-day vulnerability. Don't assume you're not a target. Investigate for signs of the attack and patch now.

A broken link in a digital chaing / weakness / vulnerability
News Analysis

Chinese cyberespionage group hacks US organizations with Exchange zero-day flaws

Microsoft believes Chinese APT group Hafnium is using a set of previously unknown Exchange Server vulnerabilities to access mailbox contents and perform remote code execution.

skull and crossbones in binary code
Feature

What you need to know about changes to Microsoft's Security Update Guide

The Security Update Guide now aligns more closely with the CVSS, but sometimes lacks information needed to properly respond to a vulnerability report.

One lock in a series is unlocked / weakness / vulnerability
Feature

Tips to harden Active Directory against SolarWinds-type attacks

The SolarWinds attackers took advantage of Active Directory to gain a foothold. Here's what configurations and policies to check to better protect your network.

A computer monitor displays abstract data, a skill and crossbones, and 'HACKED.'
News Analysis

SonicWall warns customers about zero-day vulnerabilities

Attack targets SonicWall's SMA Series access management gateways and is another in a string of incidents against security vendors.

padlock / Domain Name System / DNS / ICANN / security
News Analysis

Flaws in widely used dnsmasq software leave millions of Linux-based devices exposed

A set of seven vulnerabilities, called DNSpooq, allows attackers to redirect users or execute malicious code. Patch dnsmasq now.

orange monitors with lock icon network security cyber threat
Feature

33 hardware and firmware vulnerabilities: A guide to the threats

Meltdown and Spectre raised the alarm over vulnerabilities that attackers can exploit in popular hardware and its firmware. Here's a roundup of the ones that present the most significant threats.

A broken link in a digital chaing / weakness / vulnerability
News Analysis

Russian state-sponsored hackers exploit vulnerability in VMware Workspace ONE

The exploit requires the attacker to have valid credentials, but experts advise patching regardless.

leaking binary data pouring through one's hands
News Analysis

Intel SGX users need CPU microcode patch to block PLATYPUS secrets-leaking attack

Attackers could use the vulnerability to access encryption keys from the Linux kernel's memory or Intel SGX enclaves.

micro segmentation security lock 2400x1600
Feature

How network segmentation mitigates unauthorized access risk

Two recent Microsoft vulnerabilities underscore the importance of segmenting your Windows network.

A broken link in a digital chaing / weakness / vulnerability
Feature

The Windows Bad Neighbor vulnerability explained — and how to protect your network

Attackers could use the Windows Bad Neighbor vulnerability to perform remote code execution or create buffer overflows. Patches and workarounds are available.

QR code on mobile phone [CC0 image by Gerd Altmann via Pexels]
Feature

How attackers exploit QR codes and how to mitigate the risk

Attackers are taking advantage of the increased use of QR codes to steal sensitive information or conduct phishing campaigns. Here's what security teams and employees need to know.

One lock in a series is unlocked / weakness / vulnerability
News Analysis

Half of all virtual appliances have outdated software and serious vulnerabilities

New study shows that even security vendors can use outdated and vulnerable virtual appliances. Top advice: Make sure your vulnerability management processes include virtual appliances.

Unlocked circuit board / security threat
Feature

6 top vulnerability management tools and how they help prioritize threats

Organizations handle vulnerability management in various ways, from training and best-practice implementations to filtering out all but the most dangerous threats. Here's a look at some of today's more innovative solutions.

bucket with holes breach security vulnerability
News Analysis

SAP ASE leaves sensitive credentials in installation logs

Two vulnerabilities in SAP ASE's Cockpit component leaves some sensitive information available to anyone on the network and other data susceptible to brute-force attacks.

A broken link in a digital chaing / weakness / vulnerability
How-To

Microsoft's Zerologon vulnerability fix: What admins need to know

Microsoft patched its Netlogon Remote Protocol to prevent Zerologon exploits, but a second update is coming in February. Here's what you need to do now to prepare.

Load More
You Might Also Like
Popular Resources
See All
Most Popular