Vulnerabilities

Vulnerabilities | News, how-tos, features, reviews, and videos

A broken link in a digital chaing / weakness / vulnerability
skull and crossbones in binary code

One lock in a series is unlocked / weakness / vulnerability

Tips to harden Active Directory against SolarWinds-type attacks

The SolarWinds attackers took advantage of Active Directory to gain a foothold. Here's what configurations and policies to check to better protect your network.

A computer monitor displays abstract data, a skill and crossbones, and 'HACKED.'

SonicWall warns customers about zero-day vulnerabilities

Attack targets SonicWall's SMA Series access management gateways and is another in a string of incidents against security vendors.

padlock / Domain Name System / DNS / ICANN / security

Flaws in widely used dnsmasq software leave millions of Linux-based devices exposed

A set of seven vulnerabilities, called DNSpooq, allows attackers to redirect users or execute malicious code. Patch dnsmasq now.

orange monitors with lock icon network security cyber threat

33 hardware and firmware vulnerabilities: A guide to the threats

Meltdown and Spectre raised the alarm over vulnerabilities that attackers can exploit in popular hardware and its firmware. Here's a roundup of the ones that present the most significant threats.

A broken link in a digital chaing / weakness / vulnerability

Russian state-sponsored hackers exploit vulnerability in VMware Workspace ONE

The exploit requires the attacker to have valid credentials, but experts advise patching regardless.

leaking binary data pouring through one's hands

Intel SGX users need CPU microcode patch to block PLATYPUS secrets-leaking attack

Attackers could use the vulnerability to access encryption keys from the Linux kernel's memory or Intel SGX enclaves.

micro segmentation security lock 2400x1600

How network segmentation mitigates unauthorized access risk

Two recent Microsoft vulnerabilities underscore the importance of segmenting your Windows network.

A broken link in a digital chaing / weakness / vulnerability

The Windows Bad Neighbor vulnerability explained — and how to protect your network

Attackers could use the Windows Bad Neighbor vulnerability to perform remote code execution or create buffer overflows. Patches and workarounds are available.

QR code on mobile phone [CC0 image by Gerd Altmann via Pexels]

How attackers exploit QR codes and how to mitigate the risk

Attackers are taking advantage of the increased use of QR codes to steal sensitive information or conduct phishing campaigns. Here's what security teams and employees need to know.

One lock in a series is unlocked / weakness / vulnerability

Half of all virtual appliances have outdated software and serious vulnerabilities

New study shows that even security vendors can use outdated and vulnerable virtual appliances. Top advice: Make sure your vulnerability management processes include virtual appliances.

Unlocked circuit board / security threat

6 top vulnerability management tools and how they help prioritize threats

Organizations handle vulnerability management in various ways, from training and best-practice implementations to filtering out all but the most dangerous threats. Here's a look at some of today's more innovative solutions.

bucket with holes breach security vulnerability

SAP ASE leaves sensitive credentials in installation logs

Two vulnerabilities in SAP ASE's Cockpit component leaves some sensitive information available to anyone on the network and other data susceptible to brute-force attacks.

A broken link in a digital chaing / weakness / vulnerability

Microsoft's Zerologon vulnerability fix: What admins need to know

Microsoft patched its Netlogon Remote Protocol to prevent Zerologon exploits, but a second update is coming in February. Here's what you need to do now to prepare.

CSO  >  Searching for vulnerabilities  >  Magnifying lens in a virtual interface idnetifies weakness

Zerologon explained: Why you should patch this critical Windows Server flaw now

Attackers have learned how to exploit the Zerologon vulnerability in Windows Server, potentially gaining domain admin control.

man typing on laptop search internet web browswer

8 top open source intelligence tools

OSINT (open source intelligence) is the practice of collecting information from published or otherwise publicly available sources. These tools will help you find sensitive public info before bad guys do.

A hacker attacks from within a Windows system.

Windows code-signing attacks explained (and how to defend against them)

Learn how code-signing attacks work and how to defend against them. It starts with patching.

locked data / bitcoins

4 top vulnerabilities ransomware attackers exploited in 2020

As more employees work from home, attackers have more endpoints to target. These unpatched vulnerabilities in remote access tools and Windows makes their job easier.

incoming emails / DNS security / locked server / parked domain

18 (new) ways attackers can compromise email

Researchers have discovered eighteen new vulnerabilities in how email systems authenticate senders, making it even easier for criminals to fool users.

Load More