Vulnerabilities
Vulnerabilities | News, how-tos, features, reviews, and videos
Critical flaw in AI testing framework MLflow can lead to server and data compromise
The now-patched vulnerability in the popular MLflow platform could expose AI and machine-learning models stored in the cloud and allow for lateral movement.
New vulnerabilities found in industrial control systems of major vendors
The US Cybersecurity and Infrastructure Security has revealed new vulnerabilities in the industrial systems from leading vendors including Siemens, Delta Electronics, Hitachi and Rockwell.
55 zero-day flaws exploited last year show the importance of security risk management
Cybercriminals are now exploiting zero-day vulnerabilities for higher profits, which might require a reassessment of your risk.
Average enterprise storage/backup device has 14 vulnerabilities, three high or critical risks
State of Storage and Backup Security Report 2023 reveals significant gap in the state of enterprise storage and backup security compared to other layers of IT and network security.
As critical Microsoft vulnerabilities drop, attackers may adopt new techniques
As critical Microsoft software vulnerabilities decline, attackers will need to chain together less severe exploits to achieve code execution, elevate system privilege levels, and move around victim networks.
9 attack surface discovery and management tools
The main goal of cyber asset attack surface management tools is to protect information about a company’s security measures from attackers. Here are 9 tools to consider when deciding what is best for the business.
CISA kicks off ransomware vulnerability pilot to help spot ransomware-exploitable flaws
The CISA pilot program will notify organizations of vulnerabilities that can lead to ransomware attacks, with small organizations the primary beneficiaries.
Two Patch Tuesday flaws you should fix right now
Vulnerabilities affecting both Outlook for Windows and Microsoft SmartScreen were patched recently — both could have wide-ranging impact.
Attacks on SonicWall appliances linked to Chinese campaign: Mandiant
The technique used in the attack on SonicWall devices are consistent with earlier attacks from a Chinese campaign.
Lazarus group infiltrated South Korean finance firm twice last year
North Korea-linked Lazarus group had infiltrated the affected company in May 2022 and again in October through the same software’s zero-day vulnerability.
Hard-coded secrets up 67% as secrets sprawl threatens software supply chain
2022 was a particularly leaky year in relation to secrets, GitGuardian’s latest State of Secrets Sprawl report finds.
Booking.com account takeover flaw shows possible pitfalls in OAuth implementations
Avoid these simple mistakes when setting up OAuth for third-party authentication to block unauthorized account access.
Unpatched old vulnerabilities continue to be exploited: Report
The top five exploited vulnerabilities in 2022 include several high-severity flaws in Microsoft Exchange, Zoho ManageEngine products, and virtual private network solutions from Fortinet, Citrix and Pulse Secure.
Microsoft tells Exchange admins to revert previously recommended antivirus exclusions
The antivirus exclusion might cause Exchange Server failures or prevent the detection of backdoors planted by attackers.
Companies urged to patch critical vulnerability in Fortinet FortiNAC
The high-severity vulnerability allows unauthorized users to write arbitrary files to the system, and it is being exploited.
At least one open source vulnerability found in 84% of code bases: Report
Almost all applications contain at least some open source code, and 48% of all code bases examined by Synopsys researchers contained high-risk vulnerabilities.
PLC vulnerabilities can enable deep lateral movement inside OT networks
Researchers demonstrate how attackers can target PLCs to bypass authentication and perform remote code execution on industrial networks.
Flaws in industrial wireless IoT solutions can give attackers deep access into OT networks
Greater use of industrial cellular gateways and routers expose IIoT devices to attackers and increase the attack surface of OT networks.