Vulnerabilities
Vulnerabilities | News, how-tos, features, reviews, and videos
How Target evolved its threat hunting program: 3 key steps
Target decided to re-evaluate its successful threat hunting program and found it could do better. This is what they did.
APIs are becoming a major target for credential stuffing attacks
New research shows that attackers use APIs to automate credential stuffing attacks. The financial sector is particularly vulnerable.
Lack of firmware validation for computer peripherals enables highly persistent attacks
Vulnerabilities in unvalidated peripheral firmware such as WiFi adapters, cameras, and network interface controllers give attackers control over systems.
8 top OSINT tools: Find sensitive public info before hackers do
Hackers use open source intelligence to find information that will help them compromise systems. Using these tools will tell you how much of that info is exposed.
Vulnerability management requires good people and patching skills
Multinational construction materials maker LafargeHolcim focuses hard on patching to prevent potential exploits further down the line.
2020 cybersecurity trends: 9 threats to watch
Here's how your biggest threats of 2019 will likely trend for 2020 and how you might change your defensive strategy for them.
Remote hackers can modify CPU voltage to steal secrets from Intel SGX enclaves
By manipulating the voltage of Intel CPUs that use SGX, researchers can extract sensitive data, including full RSA encryption keys, from memory using the Plundervolt vulnerability.
What is Shodan? The search engine for everything on the internet
Defenders find this simple tool valuable for finding vulnerable devices attached to the web that need to be secured.
5 steps to a successful red team engagement
You want red team pen testers to find the vulnerabilities attackers are most likely to use. Here's how.
video
Printers: The overlooked security threat in your enterprise | TECHtalk
Printers, often a forgotten target in the enterprise, are vulnerable to all the usual cyberattacks. Watch as IDG TECH(talk) hosts Ken Mingis and Juliet Beauchamp and CSO Online’s J.M. Porup discuss the threats to these devices, plus...
Boeing's poor information security posture threatens passenger safety, national security, researcher says
The aircraft maker failed to perform minimum due diligence in securing its networks, then tried to cover it up, security researcher Chris Kubecka tells Aviation Cyber Security conference attendees.
Stop ignoring printer security: It's time for CSOs to take control
Despite shipping with mature security features, most printer deployments are insecure because of misplaced financial and organizational incentives.
Critical remote code execution flaw fixed in popular terminal app for macOS
Users of the iTerm2 terminal app are encouraged to update as soon as possible.
Zero-day vulnerability gives attackers full control of Android phones
Attackers are reportedly exploiting an unpatched vulnerability to take control of Android devices and potentially deliver spyware. The flaw affects phones models from multiple manufacturers including Google, Samsung, Huawei, LG and...
Misconfigured WS-Discovery in devices enable massive DDoS amplification
Researchers were able to achieve amplification rates of up to 15,300%. Some mitigations are possible.
New NetCAT CPU side-channel vulnerability exploitable over the network
NetCAT takes advantage of Intel DDIO technology to remotely execute keystroke timing attacks.
Insecure virtual USB feature in Supermicro BMCs exposes servers to attack
Security researchers have found a way to attach virtual USB devices remotely to Supermicro servers, including over the internet, by abusing a feature in their baseband management controller software.
