Vulnerabilities
Vulnerabilities | News, how-tos, features, reviews, and videos
Bug bounties offer legal safe harbor. Right? Right?
Bug bounties are all the rage, but many programs do not offer legal safe harbor to good-faith security researchers who wish to report security issues. Caveat bug finder.
Do you need a vulnerability disclosure program? The feds say yes
The FTC and DOJ are pushing companies to provide a means for good-faith security researchers to report bugs and put effective processes in place to act on those reports.
Hundreds of HP inkjet printer models vulnerable to critical remote code execution flaws
Hundreds of HP inkjet printer models are in desperate need of firmware patches before hackers start exploiting vulnerabilities to gain remote code execution.
Patching Windows for Spectre and Meltdown: A complete guide
With newly disclosed Spectre and Meltdown variants, it’s time to review the risk they present your Windows systems and the steps needed to patch them.
$10,000 for hacking HP printers: First bug bounty program for printer security
HP invited 34 security researchers to participate in its bug bounty program for printers, offering up to $10,000 per bug.
Rapid7 penetration tests reveal multitude of software flaws, network misconfigurations
In 268 penetration tests, Rapid7’s testers exploited software flaws 84% of the time, abused network misconfigurations 80% of the time, and captured credentials 53% of the time.
video
Don't ignore application security | Salted Hash Ep 35
In this episode, Michael Feiertag, CEO and co-founder of tCell, joins host Steve Ragan to talk about why application security is more critical than ever and why it's just now getting more attention from security teams.
Half a billion smart devices vulnerable to decade-old DNS rebinding attacks
Researchers warned that 496 million smart devices used by enterprises are vulnerable to DNS rebinding attacks.
Samsam infected thousands of LabCorp systems via brute force RDP
LabCorp, one of the largest clinical labs in the U.S., said the Samsam ransomware attack that forced their systems offline was contained quickly and didn't result in a data breach. However, in the brief time between detection and...
Microsoft’s Identity Bug Bounty program pays up to $100,000
Microsoft’s new Identity Bounty program offers payouts of up to $100,000 for bugs in its identity solutions, as well as bugs in select OpenID standards.
Microsoft-related bug reports up 121%, virtualization software bugs up 275%
The Zero Day Initiative saw a 33% increase in the number of bugs reported so far in 2018, which may shatter 2017's 'busiest year ever' record.
Kenna Security takes a data-driven approach to risk analysis
Risk from security threats is relative to each company. Kenna Security leverages company and public data to pinpoint the real risk for each customer.
Salted Hash Ep 34: Red Team vs. Vulnerability Assessments
This week on Salted Hash, Phil Grimes, Professional Services Lead at RedLegg, discusses why words matter, the concept of scoping for Red Teams, and shares more stories from his days in the field as we discuss tailgating and dumpster...
What is a zero-day exploit? A powerful but fragile weapon
A zero-day is a security flaw that has not yet been patched by the vendor and can be exploited. These vulnerabilities fetch high prices on the black market
Decade-old attack can pwn Google Home, Chromecast, Sonos and Roku
Several IoT devices are vulnerable to DNS rebinding attacks that could allow attackers to get your geographic location, gather recon for future attacks, or remotely control the devices.
Researchers disclose 7 flaws in 390 Axis IP cameras, remote attacker could take control
If an attacker were to chain three of the flaws in the Axis IP cameras, they could remotely execute shell commands with root privileges. Update your firmware now.
Crestron console service has critical vulnerability
Rapid7 disclosed Crestron flaw that can be used to gain root-level access and give attackers the ability to control commands being executed on the system.
Another baby monitor camera hacked
The latest baby monitor hacking incident involves a $34 FREDI wireless baby camera monitor. The hacked device was used to spy on a mother and her baby.
-
eGuide
Sponsored -
White Paper
-
White Paper
-
White Paper
-
White Paper
Sponsored Links
- dtSearch® instantly searches terabytes of files, emails, databases, web data. See site for hundreds of reviews; enterprise & developer evaluations
- Strong data analytics is a digital business imperative — and it all begins with smart data governance practices.
- As a CSP, the benefits of upgrading your data center go straight to the bottom line – much more so than your average enterprise.