Vulnerabilities
Vulnerabilities | News, how-tos, features, reviews, and videos
The Windows Bad Neighbor vulnerability explained — and how to protect your network
Attackers could use the Windows Bad Neighbor vulnerability to perform remote code execution or create buffer overflows. Patches and workarounds are available.
![QR code on mobile phone [CC0 image by Gerd Altmann via Pexels]](https://images.idgesg.net/images/article/2017/10/qr_code_mobile_phone_cc0_via_pexels-100739345-small.3x2.jpg)
How attackers exploit QR codes and how to mitigate the risk
Attackers are taking advantage of the increased use of QR codes to steal sensitive information or conduct phishing campaigns. Here's what security teams and employees need to know.
Half of all virtual appliances have outdated software and serious vulnerabilities
New study shows that even security vendors can use outdated and vulnerable virtual appliances. Top advice: Make sure your vulnerability management processes include virtual appliances.
6 top vulnerability management tools and how they help prioritize threats
Organizations handle vulnerability management in various ways, from training and best-practice implementations to filtering out all but the most dangerous threats. Here's a look at some of today's more innovative solutions.
SAP ASE leaves sensitive credentials in installation logs
Two vulnerabilities in SAP ASE's Cockpit component leaves some sensitive information available to anyone on the network and other data susceptible to brute-force attacks.
Microsoft's Zerologon vulnerability fix: What admins need to know
Microsoft patched its Netlogon Remote Protocol to prevent Zerologon exploits, but a second update is coming in February. Here's what you need to do now to prepare.
Zerologon explained: Why you should patch this critical Windows Server flaw now
Attackers have learned how to exploit the Zerologon vulnerability in Windows Server, potentially gaining domain admin control.
8 top open source intelligence tools
OSINT (open source intelligence) is the practice of collecting information from published or otherwise publicly available sources. These tools will help you find sensitive public info before bad guys do.
Windows code-signing attacks explained (and how to defend against them)
Learn how code-signing attacks work and how to defend against them. It starts with patching.
4 top vulnerabilities ransomware attackers exploited in 2020
As more employees work from home, attackers have more endpoints to target. These unpatched vulnerabilities in remote access tools and Windows makes their job easier.
18 (new) ways attackers can compromise email
Researchers have discovered eighteen new vulnerabilities in how email systems authenticate senders, making it even easier for criminals to fool users.
Linux GRUB2 bootloader flaw breaks Secure Boot on most computers and servers
The vulnerability can also affect Windows systems. A patch is available, but will require manual testing and deployment.
11 top DEF CON and Black Hat talks of all time
Hacker summer camp is almost upon us again. Here are some of the best talks of all time. Will this year's virtual talks measure up to these legends?
Wormable DNS flaw endangers all Windows servers
The SIGRed vulnerability can spread malware across a network without user interaction. Microsoft has issued an urgent patch.
Critical flaw allows hackers to breach SAP systems with ease
SAP NetWeaver Application Server Java vulnerability can be exploited without authentication and lead to complete system takeover. Patch now.
Privilege escalation explained: Why these flaws are so valuable to hackers
Attackers use privilege escalation flaws to gain access to systems and applications. Patching and monitoring are the most important ways to stop them.
Vulnerable drivers can enable crippling attacks against ATMs and POS systems
Newly discovered vulnerabilities could allow more persistent and destructive attacks on popular models of ATM and POS devices.
