Vulnerabilities

Vulnerabilities | News, how-tos, features, reviews, and videos

man typing on laptop search internet web browswer
Red team  >  Hackers coordinate an attack.

tt19 054 thumb
video

Printers: The overlooked security threat in your enterprise | TECHtalk

Printers, often a forgotten target in the enterprise, are vulnerable to all the usual cyberattacks. Watch as IDG TECH(talk) hosts Ken Mingis and Juliet Beauchamp and CSO Online’s J.M. Porup discuss the threats to these devices, plus...

Fragmented image of a Boeing 787 airplane represented in encrypted data.

Boeing's poor information security posture threatens passenger safety, national security, researcher says

The aircraft maker failed to perform minimum due diligence in securing its networks, then tried to cover it up, security researcher Chris Kubecka tells Aviation Cyber Security conference attendees.

Printer / printing  >  network / deployment / connectivity / security.

Stop ignoring printer security: It's time for CSOs to take control

Despite shipping with mature security features, most printer deployments are insecure because of misplaced financial and organizational incentives.

man typing on laptop search internet web browswer

6 top OSINT tools: Find sensitive public info before hackers do

Hackers use open source intelligence to find information that will help them compromise systems. Using these tools will tell you how much of that info is exposed.

security risk - phishing / malware / social engineering

Critical remote code execution flaw fixed in popular terminal app for macOS

Users of the iTerm2 terminal app are encouraged to update as soon as possible.

android anti virus security

Zero-day vulnerability gives attackers full control of Android phones

Attackers are reportedly exploiting an unpatched vulnerability to take control of Android devices and potentially deliver spyware. The flaw affects phones models from multiple manufacturers including Google, Samsung, Huawei, LG and...

DDOS attack

Misconfigured WS-Discovery in devices enable massive DDoS amplification

Researchers were able to achieve amplification rates of up to 15,300%. Some mitigations are possible.

Hands typing on a laptop keyboard binary code and a hazard symbol on screen.

New NetCAT CPU side-channel vulnerability exploitable over the network

NetCAT takes advantage of Intel DDIO technology to remotely execute keystroke timing attacks.

blue mother board circuitry computer chip processor harddrive

Insecure virtual USB feature in Supermicro BMCs exposes servers to attack

Security researchers have found a way to attach virtual USB devices remotely to Supermicro servers, including over the internet, by abusing a feature in their baseband management controller software.

Microsoft  >  RDP | Remote Desktop Protocol vulnerabilities  >  caution / danger / admin login

How to avoid using RDP on Windows

Several new vulnerability disclosures in Windows Remote Desktop Protocol suggest it’s time to stop using it where possible. Here’s how.

Windows security and protection [Windows logo/locks]

More critical Remote Desktop flaws expose Windows systems to hacking

Microsoft finds and fixes multiple RDS and RDP vulnerabilities in Windows, but new research on BlueKeep patch rates suggests many machines could remain exposed.

CSO > IoT / Internet of Things, unencrypted/unsecured/vulnerable

ICS security: Popular building management system vulnerable to takeover

Remotely exploitable vulnerability in internet-connected devices gives attackers a means to cause disruption and damage in a wide range of industries.

many office desk phones

Popular Avaya enterprise VoIP phones are vulnerable to hacking

Attackers can use the vulnerability to gain complete control of the phone. It underscores the risks of using old open-source code in IoT devices.

compromised data / security breach / vulnerability

New Spectre-like CPU vulnerability bypasses existing defenses

The SWAPGS vulnerability can allow attackers to access contents of kernel memory addresses. Microsoft and Intel have coordinated on a mitigation.

zeroday software bug skull and crossbones security flaw exploited danger vulnerabilities by gwengoa

What is a zero day? A powerful but fragile weapon

A zero day is a security flaw that has not yet been patched by the vendor and can be exploited. These vulnerabilities fetch high prices on the black market

binary code matrix broken / breached / failed / hacked / security risk / threat / vulnerability

Critical VxWorks flaws expose millions of devices to hacking

Researchers have found 11 serious vulnerabilities in VxWorks, the world's most popular real-time operating system (RTOS) that powers over 2 billion devices including enterprise network firewalls and routers, industrial controllers and...

black hat / hacker entering a binary room through a keyhole

11 top DEF CON and Black Hat talks of all time

Hacker summer camp in Vegas is almost upon us again. Here are some of the best talks of all time. Will this year's talks measure up to these legends?

orange monitors with lock icon network security cyber threat

31 hardware and firmware vulnerabilities: A guide to the threats

Meltdown and Spectre raised the alarm over vulnerabilities that attackers can exploit in popular hardware and its firmware. Here's a roundup of the ones that present the most significant threats.

Load More