Vulnerabilities

Vulnerabilities | News, how-tos, features, reviews, and videos

intro data breach circuit board technology security
man typing on laptop search internet web browswer

hand holding magnifying glass over contract

What are blockchain’s smart contracts? And how to secure them

Smart contracts are moving into the enterprise, but they aren’t bulletproof. These are the vulnerabilities and best practices for securing them.

windows bug

Microsoft patch for JET flaw zero-day is ‘incomplete,’ Windows still vulnerable

Microsoft's fix for the zero-day JET flaw only limits the vulnerability, doesn't eliminate it. Meanwhile, a Pentagon breach affects 30,000 workers, and a vigilante hacker is patching vulnerable MikroTik routers.

missiles

Pentagon's new weapon systems are easy to hack, GAO report finds

A recent GAO report revealed that some US Department of Defense weapon systems use default passwords and that a port scan can cause weapon systems to fail.

phishing hacker binary keyboard privacy security breach

Facebook security and privacy issues revealed

Last week saw Facebook dealing with security and privacy issues, while the Port of San Diego got hit with a ransomware attack and researchers discovered two Linux kernel bugs.

shadowy attacker hooded

7,500 MikroTik routers compromised, traffic forwarded to attackers

Attackers have exploited a flaw in thousands of unpatched MikroTik routers, sending traffic to unknown attacker-controlled IPs.

FinTech abstract / virtual world of dollars, pounds, euros, bitcoins, etc.

Bitfi removes unhackable claim from crypto wallet

Bitfi struck the ridiculous unhackable claim from its crypto wallet, while Bitfi backer John McAfee taunts hacker with offer of $20 million for hack.

broken window with windows logo in clouds

Microsoft Windows Task Scheduler zero-day and PoC exploit disclosed via Twitter

There’s a Windows zero-day in the wild, and CERT knows no practical solution until Microsoft patches.

congress evening

Congress pushes MITRE to fix CVE program, suggests regular reviews and stable funding

On Monday, the Energy and Commerce Committee sent letters to MITRE Corporation and the Department of Homeland Security (DHS), recommending reforms be made to the troubled CVE program. In fact, the letters state, if the "deep-seated...

1 intro security executive thinking woman face binary

12 things every IT security professional should know

Fighting the good fight takes specialized knowledge. Here's the baseline of what all security pros should know.

fortnite

Google discloses man-in-the-disk attack flaw in Fortnite Android app

Epic Games hit back after Google publicly disclosed the security vulnerability in the Fortnite Android app installer earlier than the 90-day request.

bucket with holes breach security vulnerability

Reevaluate "low-risk" PHP unserialization vulnerabilities, researcher says

Over nearly a decade, PHP unserialization vulnerabilities have become a popular route for cyber-criminals to plant remote code execution or deliver other malware into systems. But new research, introduced at Black Hat this month,...

security audit - risk assessment - network analysis

Software products aren’t cookies

Understanding the security of third-party components.

credit cards

Hack mobile point-of-sale systems? Researchers count the ways

Security researchers uncovered widespread vulnerabilities in mobile point-of-sale readers offered by Square, SumUp, PayPal and iZettle.

Bug bounty program

Bug bounties offer legal safe harbor. Right? Right?

Bug bounties are all the rage, but many programs do not offer legal safe harbor to good-faith security researchers who wish to report security issues. Caveat bug finder.

cockroach bug binary2

Do you need a vulnerability disclosure program? The feds say yes

The FTC and DOJ are pushing companies to provide a means for good-faith security researchers to report bugs and put effective processes in place to act on those reports.

danger

Hundreds of HP inkjet printer models vulnerable to critical remote code execution flaws

Hundreds of HP inkjet printer models are in desperate need of firmware patches before hackers start exploiting vulnerabilities to gain remote code execution.

patch on top of Windows logo

Patching Windows for Spectre and Meltdown: A complete guide

With newly disclosed Spectre and Meltdown variants, it’s time to review the risk they present your Windows systems and the steps needed to patch them.

Bug bounty program

$10,000 for hacking HP printers: First bug bounty program for printer security

HP invited 34 security researchers to participate in its bug bounty program for printers, offering up to $10,000 per bug.

Load More