Vulnerabilities

Vulnerabilities | News, how-tos, features, reviews, and videos

access control / authentication / privileges / security / key
Glowing blue montage of hand keying in password at ATM

iot security

Critical flaws in embedded TCP/IP library impact millions of IoT devices across industries

The memory corruption flaws exist in a wide range of commercial and consumer devices, and can allow full takeover of them.

SAP

Install latest SAP Adaptive Server Enterprise patches, experts urge

If left unpatched, these SAP ASE vulnerabilities could give attackers full control of databases and servers.

A rusty old lock hangs open amid the flow of binary code.

Skipped patch from 2012 makes old Microsoft Office systems a favored target

Some organizations have still not implemented an Office patch from 2012. Attackers know this and are exploiting the vulnerability.

CSO  >  Antivirus symbol on binary background

PrintDemon vulnerability explained: Its risks and how to mitigate

Microsoft has finally patched the decades-old Windows PrintDemon vulnerability, but exploitable devices might still be on your network.

Aerial view of the United States as a nationwide grid.

Executive order boots “foreign adversaries” from US electric grid over security concerns

White House action implies that China is "creating and exploiting" vulnerabilities in the US power grid. Experts say hardware backdoors have the potential for doing significant damage.

intro security vulnerability

Cisco and Palo Alto Networks appliances impacted by Kerberos authentication bypass

The shared vulnerability could enable man-in-the-middle attacks, and it could exist on other devices. Patch now.

COVID-19 contact tracing app

4 critical issues surrounding contact-tracing apps

As countries rush to release contact-tracing apps, experts fear a lack of security and privacy controls.

Microsoft  >  RDP | Remote Desktop Protocol vulnerabilities  >  caution / danger / admin login

Attacks against internet-exposed RDP servers surging during COVID-19 pandemic

Two new reports show a dramatic increase in cyber attacks that target open RDP ports as more people work remotely.

orange monitors with lock icon network security cyber threat

32 hardware and firmware vulnerabilities: A guide to the threats

Meltdown and Spectre raised the alarm over vulnerabilities that attackers can exploit in popular hardware and its firmware. Here's a roundup of the ones that present the most significant threats.

Blazing, fiery cloud raining binary code.

Cloud servers hacked via critical SaltStack vulnerabilities

Attackers were quick to exploit recently announced vulnerabilities to deploy cryptominers. Patch Salt now.

Zoom video conferencing  >  One user connected via laptop showing a grid of remote participants.

7 ways to make your Zoom meetings safer

Learn to use the tools Zoom gives you to secure online conferences.

Scanning for vulnerabilities.

New platform AttackerKB gives defenders more context on vulnerabilities

Real-world input from pen testers and other members of the security community aims to help defenders make better assessments of vulnerability risks.

Scanning for vulnerabilities.

What are vulnerability scanners and how do they work?

Vulnerability scanners are automated tools that allow organizations to check if their networks, systems and applications have security weaknesses that could expose them to attacks.

A white speech bubble with an email icon indicating a new unread message against a viral background.

Beware malware-laden emails offering COVID-19 information, US Secret Service warns

Many of the emails take advantage of an unpatched, decades-old Microsoft Office vulnerability to deliver malware. Advice: Patch now.

Zoom video conferencing  >  One user connected via laptop showing a grid of remote participants.

Weakness in Zoom for macOS allows local attackers to hijack camera and microphone

Zoom's use of insecure system APIs allow attackers to elevate privileges as well.

Intel CPU  >  security

New CPU attack technique can leak secrets from Intel SGX enclaves

The Load Value Injection attack can bypass security boundaries and mitigations put in place for other CPU vulnerabilities such as Spectre and Meltdown.

Intel CPU  >  security

Intel CSME flaw is unpatchable, researchers warn

Researchers reveal that a previously known Intel flaw is unpatchable and could allow attackers to compromise the cryptographic chain of trust in Intel systems.

target threat hunting program sitting duck duck shooting gallery by roz woodward getty 2400x1600

How Target evolved its threat hunting program: 3 key steps

Target decided to re-evaluate its successful threat hunting program and found it could do better. This is what they did.

Load More
You Might Also Like