Vulnerabilities

Vulnerabilities | News, how-tos, features, reviews, and videos

man typing on laptop search internet web browswer
Feature

6 top OSINT tools: Find sensitive public info before hackers do

security risk - phishing / malware / social engineering
News

Critical remote code execution flaw fixed in popular terminal app for macOS

android anti virus security
News

Zero-day vulnerability gives attackers full control of Android phones

Attackers are reportedly exploiting an unpatched vulnerability to take control of Android devices and potentially deliver spyware. The flaw affects phones models from multiple manufacturers including Google, Samsung, Huawei, LG and...

DDOS attack
News

Misconfigured WS-Discovery in devices enable massive DDoS amplification

Researchers were able to achieve amplification rates of up to 15,300%. Some mitigations are possible.

Hands typing on a laptop keyboard binary code and a hazard symbol on screen.
News Analysis

New NetCAT CPU side-channel vulnerability exploitable over the network

NetCAT takes advantage of Intel DDIO technology to remotely execute keystroke timing attacks.

blue mother board circuitry computer chip processor harddrive
News

Insecure virtual USB feature in Supermicro BMCs exposes servers to attack

Security researchers have found a way to attach virtual USB devices remotely to Supermicro servers, including over the internet, by abusing a feature in their baseband management controller software.

Microsoft > RDP | Remote Desktop Protocol vulnerabilities > caution / danger / admin login
How-To

How to avoid using RDP on Windows

Several new vulnerability disclosures in Windows Remote Desktop Protocol suggest it’s time to stop using it where possible. Here’s how.

Windows security and protection [Windows logo/locks]
News

More critical Remote Desktop flaws expose Windows systems to hacking

Microsoft finds and fixes multiple RDS and RDP vulnerabilities in Windows, but new research on BlueKeep patch rates suggests many machines could remain exposed.

CSO > IoT / Internet of Things, unencrypted/unsecured/vulnerable
News

ICS security: Popular building management system vulnerable to takeover

Remotely exploitable vulnerability in internet-connected devices gives attackers a means to cause disruption and damage in a wide range of industries.

many office desk phones
News

Popular Avaya enterprise VoIP phones are vulnerable to hacking

Attackers can use the vulnerability to gain complete control of the phone. It underscores the risks of using old open-source code in IoT devices.

compromised data / security breach / vulnerability
News

New Spectre-like CPU vulnerability bypasses existing defenses

The SWAPGS vulnerability can allow attackers to access contents of kernel memory addresses. Microsoft and Intel have coordinated on a mitigation.

zeroday software bug skull and crossbones security flaw exploited danger vulnerabilities by gwengoa
Feature

What is a zero day? A powerful but fragile weapon

A zero day is a security flaw that has not yet been patched by the vendor and can be exploited. These vulnerabilities fetch high prices on the black market

binary code matrix broken / breached / failed / hacked / security risk / threat / vulnerability
News

Critical VxWorks flaws expose millions of devices to hacking

Researchers have found 11 serious vulnerabilities in VxWorks, the world's most popular real-time operating system (RTOS) that powers over 2 billion devices including enterprise network firewalls and routers, industrial controllers and...

black hat / hacker entering a binary room through a keyhole
Feature

11 top DEF CON and Black Hat talks of all time

Hacker summer camp in Vegas is almost upon us again. Here are some of the best talks of all time. Will this year's talks measure up to these legends?

orange monitors with lock icon network security cyber threat
Feature

31 hardware and firmware vulnerabilities: A guide to the threats

Meltdown and Spectre raised the alarm over vulnerabilities that attackers can exploit in popular hardware and its firmware. Here's a roundup of the ones that present the most significant threats.

rambleed ram memory card hardware hack breach binary by 13threephotography getty
News

OpenSSH to protect keys in memory against side-channel attacks

The new OpenSSH patch makes it harder to execute attacks such as Spectre, Meltdown, Rowhammer and Rambleed.

rambleed ram memory card hardware hack breach binary by 13threephotography getty
News

Rowhammer variant RAMBleed allows attackers to steal secrets from RAM

Unlike Rowhammer, which only allows for data corruption, the newly discovered RAMBleed vulnerability provides a way to grab data such as encryption keys from memory.

CSO > malware / security threat / skull and crossbones on a user's screens
InfoSec at Your ServiceBy

4 tips for getting the most from threat intelligence

It’s easy to gather data on potential threats, but you have to know what to do with that intelligence if you want to improve your security stance.

Meltdown / Spectre / security vulnerabilities
How-To

How to update your Spectre, Meltdown mitigations for the Retpoline mitigation

Intel recently released a new mitigation for Spectre and Meltdown and some of their variants. Called Retpoline, it might not be enabled with the Windows 10 1809 update. Here's how to find out and implement.

Broken window with band-aid patch
News

Microsoft urges Windows customers to patch wormable RDP flaw

A newly found vulnerability allows remote exploits using the Remote Desktop Protocol to gain full access to systems with no authentication.

Load More