Vulnerabilities
Vulnerabilities | News, how-tos, features, reviews, and videos
Researchers show techniques for malware persistence on F5 and Citrix load balancers
Tests show that deploying malware in a persistent manner on load balancer firmware is within reach of less sophisticated attackers.
OpenSSL project patches two vulnerabilities but downgrades severity
The two vulnerabilities in OpenSSL 3.0 are now rated as high rather than critical severity after further testing.
Microsoft Event Log vulnerabilities threaten some Windows operating systems
Two newly discovered vulnerabilities have been found to impact an Internet Explorer-specific Event Log present on operating systems prior to Windows 11.
High, medium severity vulnerabilities impacting Zimbra Collaboration Suite
Unpatched organizations are urged to assume compromise and hunt for malicious activity.
Supply chain attacks increased over 600% this year and companies are falling behind
Most companies believe they are using no open-source software libraries with known vulnerabilities, but new research finds them in 68% of selected enterprise applications.
Researchers extract master encryption key from Siemens PLCs
Global encryption keys were hardcoded on some programmable logic controller product lines. Siemens recommends upgrading all affected devices.
North Korea’s Lazarus group uses vulnerable Dell driver to blind security solutions
This first known exploit of the Dell vulnerability might inspire other malware developers who want to avoid detection of their code.
Microsoft mitigation for new Exchange Server zero-day exploits can be bypassed
No permanent fix for the Exchange Server vulnerabilities is yet available, but other steps can mitigate the risk.
![Digital bugs amid binary code. [security threats / malware / breach / hack / attack]](https://images.idgesg.net/images/article/2020/09/digital_bugs_amid_binary_code_security_threats_malware_breach_hack_attack_by_whatawin_gettyimages-1188254819_2400x1600-100858616-small.3x2.jpg?auto=webp&quality=85,70)
11 old software bugs that took way too long to squash
As these examples show, vulnerabilities can lurk within production code for years or decades—and attacks can come at any time.
Cyberespionage group developed backdoors tailored for VMware ESXi hypervisors
A possibly new threat actor packaged and deployed backdoors as vSphere Installation Bundles, gaining remote code execution and persistence capabilities.
Zoho ManageEngine flaw is actively exploited, CISA warns
Threat actors are exploiting unpatched ManageEngine instances. CISA adds the vulnerability to its catalog and Zoho urges customers to check their deployments.
Most common SAP vulnerabilities attackers try to exploit
Unpatched systems, misconfigurations and vulnerable custom code are making SAP environments a top target for cyberattacks.
The Heartbleed bug: How a flaw in OpenSSL caused a security crisis
Heartbleed is a vulnerability in OpenSSL that came to light in April of 2014; it can be traced to a single line of code.
Up to 35% more CVEs published so far this year compared to 2021
A new report shows that significantly more CVEs will be published this year, and that some organizations are still vulnerable from older, unpatched CVEs.
Why patching quality, vendor info on vulnerabilities are declining
It's getting harder to assess the impact of patching or not patching, and too many patches don't fully fix the problem. It's time to pressure vendors.
New exploits can bypass Secure Boot and modern UEFI security protections
Two research groups demonstrate PC firmware vulnerabilities that are difficult to mitigate and likely to be exploited in the wild.
37 hardware and firmware vulnerabilities: A guide to the threats
Meltdown and Spectre raised the alarm over vulnerabilities that attackers can exploit in popular hardware and its firmware. This list, though not comprehensive, presents the most significant threats.
