Vulnerabilities
Vulnerabilities | News, how-tos, features, reviews, and videos
What are blockchain’s smart contracts? And how to secure them
Smart contracts are moving into the enterprise, but they aren’t bulletproof. These are the vulnerabilities and best practices for securing them.
Microsoft patch for JET flaw zero-day is ‘incomplete,’ Windows still vulnerable
Microsoft's fix for the zero-day JET flaw only limits the vulnerability, doesn't eliminate it. Meanwhile, a Pentagon breach affects 30,000 workers, and a vigilante hacker is patching vulnerable MikroTik routers.
Pentagon's new weapon systems are easy to hack, GAO report finds
A recent GAO report revealed that some US Department of Defense weapon systems use default passwords and that a port scan can cause weapon systems to fail.
Facebook security and privacy issues revealed
Last week saw Facebook dealing with security and privacy issues, while the Port of San Diego got hit with a ransomware attack and researchers discovered two Linux kernel bugs.
7,500 MikroTik routers compromised, traffic forwarded to attackers
Attackers have exploited a flaw in thousands of unpatched MikroTik routers, sending traffic to unknown attacker-controlled IPs.
Bitfi removes unhackable claim from crypto wallet
Bitfi struck the ridiculous unhackable claim from its crypto wallet, while Bitfi backer John McAfee taunts hacker with offer of $20 million for hack.
Microsoft Windows Task Scheduler zero-day and PoC exploit disclosed via Twitter
There’s a Windows zero-day in the wild, and CERT knows no practical solution until Microsoft patches.
Congress pushes MITRE to fix CVE program, suggests regular reviews and stable funding
On Monday, the Energy and Commerce Committee sent letters to MITRE Corporation and the Department of Homeland Security (DHS), recommending reforms be made to the troubled CVE program. In fact, the letters state, if the "deep-seated...
12 things every IT security professional should know
Fighting the good fight takes specialized knowledge. Here's the baseline of what all security pros should know.
Google discloses man-in-the-disk attack flaw in Fortnite Android app
Epic Games hit back after Google publicly disclosed the security vulnerability in the Fortnite Android app installer earlier than the 90-day request.
Reevaluate "low-risk" PHP unserialization vulnerabilities, researcher says
Over nearly a decade, PHP unserialization vulnerabilities have become a popular route for cyber-criminals to plant remote code execution or deliver other malware into systems. But new research, introduced at Black Hat this month,...
Software products aren’t cookies
Understanding the security of third-party components.
Hack mobile point-of-sale systems? Researchers count the ways
Security researchers uncovered widespread vulnerabilities in mobile point-of-sale readers offered by Square, SumUp, PayPal and iZettle.
Bug bounties offer legal safe harbor. Right? Right?
Bug bounties are all the rage, but many programs do not offer legal safe harbor to good-faith security researchers who wish to report security issues. Caveat bug finder.
Do you need a vulnerability disclosure program? The feds say yes
The FTC and DOJ are pushing companies to provide a means for good-faith security researchers to report bugs and put effective processes in place to act on those reports.
Hundreds of HP inkjet printer models vulnerable to critical remote code execution flaws
Hundreds of HP inkjet printer models are in desperate need of firmware patches before hackers start exploiting vulnerabilities to gain remote code execution.
Patching Windows for Spectre and Meltdown: A complete guide
With newly disclosed Spectre and Meltdown variants, it’s time to review the risk they present your Windows systems and the steps needed to patch them.
$10,000 for hacking HP printers: First bug bounty program for printer security
HP invited 34 security researchers to participate in its bug bounty program for printers, offering up to $10,000 per bug.
-
White Paper
-
White Paper
-
White Paper
-
White Paper
-
White Paper
Sponsored Links