Vulnerabilities | News, how-tos, features, reviews, and videos

a hooded figure targets a coding vulnerability
An IT technician works on laptop in data center, with other IT staff in the background.

CSO  >  Microsoft Office  >  Patches + updates

As critical Microsoft vulnerabilities drop, attackers may adopt new techniques

As critical Microsoft software vulnerabilities decline, attackers will need to chain together less severe exploits to achieve code execution, elevate system privilege levels, and move around victim networks.

1887170134 attack surface programming abstract

9 attack surface discovery and management tools

The main goal of cyber asset attack surface management tools is to protect information about a company’s security measures from attackers. Here are 9 tools to consider when deciding what is best for the business.

A magnifying lens exposes an exploit amid binary code.

CISA kicks off ransomware vulnerability pilot to help spot ransomware-exploitable flaws

The CISA pilot program will notify organizations of vulnerabilities that can lead to ransomware attacks, with small organizations the primary beneficiaries.

hand at keyboard with Windows logo

Two Patch Tuesday flaws you should fix right now

Vulnerabilities affecting both Outlook for Windows and Microsoft SmartScreen were patched recently — both could have wide-ranging impact.

'Danger' warning emblazoned across a glitched flag of China.

Attacks on SonicWall appliances linked to Chinese campaign: Mandiant

The technique used in the attack on SonicWall devices are consistent with earlier attacks from a Chinese campaign.

A hacker touches a grid of binary code with desctructive impact and a ripple effect.

Lazarus group infiltrated South Korean finance firm twice last year

North Korea-linked Lazarus group had infiltrated the affected company in May 2022 and again in October through the same software’s zero-day vulnerability.

leaky faucet by Maarten Van Damme, CC BY 2.0 via Flickr

Hard-coded secrets up 67% as secrets sprawl threatens software supply chain

2022 was a particularly leaky year in relation to secrets, GitGuardian’s latest State of Secrets Sprawl report finds.

Person holding phone near a laptop while getting two-factor authentication info account takeover flaw shows possible pitfalls in OAuth implementations

Avoid these simple mistakes when setting up OAuth for third-party authentication to block unauthorized account access.

A broken link in a digital chaing / weakness / vulnerability

Unpatched old vulnerabilities continue to be exploited: Report

The top five exploited vulnerabilities in 2022 include several high-severity flaws in Microsoft Exchange, Zoho ManageEngine products, and virtual private network solutions from Fortinet, Citrix and Pulse Secure.

cybercrime cyber crime skull symbol project darknet dark web internet safety cyberattack theft viru

Microsoft tells Exchange admins to revert previously recommended antivirus exclusions

The antivirus exclusion might cause Exchange Server failures or prevent the detection of backdoors planted by attackers.

a hooded figure targets a coding vulnerability

Companies urged to patch critical vulnerability in Fortinet FortiNAC

The high-severity vulnerability allows unauthorized users to write arbitrary files to the system, and it is being exploited.

Developers work together to review lines of code in an office workspace.

At least one open source vulnerability found in 84% of code bases: Report

Almost all applications contain at least some open source code, and 48% of all code bases examined by Synopsys researchers contained high-risk vulnerabilities.

Manufacturing 4.0

PLC vulnerabilities can enable deep lateral movement inside OT networks

Researchers demonstrate how attackers can target PLCs to bypass authentication and perform remote code execution on industrial networks.

Tech Spotlight   >   Cloud [IFW]   >   Conceptual image of IoT cloud services.

Flaws in industrial wireless IoT solutions can give attackers deep access into OT networks

Greater use of industrial cellular gateways and routers expose IIoT devices to attackers and increase the attack surface of OT networks.

Election security / vulnerabilities / United States flag overlays voting ballot and unsecured lock

Vulnerabilities and exposures to rise to 1,900 a month in 2023: Coalition

The cybersecuirty insurer predicts that the 1,900 CVEs would include 270 high-severity and 155 critical-severity vulnerabilities. The predictions are based on data collected over the last ten years.

shutterstock 1808484295 board meeting security

Critical vulnerability patched in Jira Service Management Server and Data Center

Atlassian has issued fixed versions of the software and described a workaround to the flaw that could make access tokens available to attackers.

A magnifying lens exposes an exploit amid binary code.

Remote code execution exploit chain available for VMware vRealize Log Insight

Researchers found four vulnerabilities in vRealize Log Insight that were relatively non-threatening on their own but lead to significant compromise when used together.

social engineering fraud impersonation neon face with hoodie by photo by sebastiaan stam on unsplash

Threat actors abuse Microsoft’s “verified publisher” status to exploit OAuth privileges

Proofpoint discovers threat actors targeting verified status in the Microsoft environment to abuse OAuth privileges and lure users into authorizing malicious apps.

Load More