Vulnerabilities
Vulnerabilities | News, how-tos, features, reviews, and videos
Ransomware could target OneDrive and SharePoint files by abusing versioning configurations
A proof-of-concept exploit could make Office 365 or Microsoft 365 documents stored on OneDrive or SharePoint inaccessible.
Zero-day flaw in Atlassian Confluence exploited in the wild since May
Atlassian has issued emergency patches for the vulnerability, which could allow attackers to perform remote code execution.
6 top vulnerability management tools and how they help prioritize threats
Organizations handle vulnerability management in various ways, from training and best-practice implementations to filtering out all but the most dangerous threats. Here's a look at some of today's more innovative solutions.
Cybercriminals look to exploit Intel ME vulnerabilities for highly persistent implants
Leaked Conti information show the ransomware gang likely completed a proof of concept to exploit Intel ME and rewrite its firmware.
Microsoft gives mitigation advice for Follina vulnerability exploitable via Office apps
The actively exploited flaw allows attackers to use malicious Word documents to perform remote code execution through Microsoft Support Diagnostic Tool.
Microsoft security vulnerabilities drop after five-year rise
While elevated privilege attacks remain a critical security concern when using Microsoft products, a new report says that the raw number of vulnerabilities is dropping.
Chris Wysopal: Open source is becoming a national security risk
The Veracode CTO explains what set the Log4j vulnerabilities apart, how it raised awareness of issues around open source security, and where he sees progress.
CISA issues emergency warning over two new VMware vulnerabilities
The U.S. Cybersecurity and Infrastructure Agency issues emergency security directive over VMware vulnerabilities CVE-2022-22972 and CVE-2022-22973, which threat actors are likely to exploit.
Two account compromise flaws fixed in Strapi headless CMS
The vulnerabilities allow attackers to use a low-privilege account to reset the password of a higher-privilege account.
Wrongly configured Google Cloud API potentially creates dangerous functionality
Misconfiguration of the Google Cloud Platform API could create an exploitable behavior that leads to service compromise.
TLS implementation flaws open Aruba and Avaya network switches to RCE attacks
The network switch vulnerabilities are considered critical and could allow attackers to break network segmentation, exfiltrate data, and escape captive portals.
Researchers break Azure PostgreSQL database-as-a-service isolation with cross-tenant attack
Although the vulnerabilities were patched server-side, they allowed privilege escalation and authentication bypass.
15 most exploited vulnerabilities of 2021
Global cybersecurity advisory highlights the 15 most targeted vulnerabilities of 2021, indicating that attackers targeted exploits both old and new last year.
Spring4Shell: Assessing the risk
Spring4Shell does not affect most systems, so a calm, methodical approach to assessing the real threat is best.
Why you should patch the latest critical Windows RPC vulnerability right now
CVE-2022-26809 can allow attackers to compromise networks without user intervention, making it the most dangerous vulnerability fixed by Microsoft's April 12 Patch Tuesday update.
Serious flaws allow the hijacking of autonomous logistics robots used in hospitals
The now patched JekyllBot:5 vulnerabilities in Aethon TUG robots expose three communications interfaces, two APIs, and a websocket interface.
Spring4Shell patching is going slow but risk not comparable to Log4Shell
More tools to identify vulnerable applications and options to mitigate the risk from Spring4Shell are also now available.
Remote code execution flaws in Spring and Spring Cloud frameworks put Java apps at risk
Users are urged to update both the Spring Framework and Spring Boot tool.