Vulnerabilities
Vulnerabilities | News, how-tos, features, reviews, and videos
Critical flaws in embedded TCP/IP library impact millions of IoT devices across industries
The memory corruption flaws exist in a wide range of commercial and consumer devices, and can allow full takeover of them.
Install latest SAP Adaptive Server Enterprise patches, experts urge
If left unpatched, these SAP ASE vulnerabilities could give attackers full control of databases and servers.
Skipped patch from 2012 makes old Microsoft Office systems a favored target
Some organizations have still not implemented an Office patch from 2012. Attackers know this and are exploiting the vulnerability.
PrintDemon vulnerability explained: Its risks and how to mitigate
Microsoft has finally patched the decades-old Windows PrintDemon vulnerability, but exploitable devices might still be on your network.
Executive order boots “foreign adversaries” from US electric grid over security concerns
White House action implies that China is "creating and exploiting" vulnerabilities in the US power grid. Experts say hardware backdoors have the potential for doing significant damage.
Cisco and Palo Alto Networks appliances impacted by Kerberos authentication bypass
The shared vulnerability could enable man-in-the-middle attacks, and it could exist on other devices. Patch now.
4 critical issues surrounding contact-tracing apps
As countries rush to release contact-tracing apps, experts fear a lack of security and privacy controls.
Attacks against internet-exposed RDP servers surging during COVID-19 pandemic
Two new reports show a dramatic increase in cyber attacks that target open RDP ports as more people work remotely.
32 hardware and firmware vulnerabilities: A guide to the threats
Meltdown and Spectre raised the alarm over vulnerabilities that attackers can exploit in popular hardware and its firmware. Here's a roundup of the ones that present the most significant threats.
Cloud servers hacked via critical SaltStack vulnerabilities
Attackers were quick to exploit recently announced vulnerabilities to deploy cryptominers. Patch Salt now.
7 ways to make your Zoom meetings safer
Learn to use the tools Zoom gives you to secure online conferences.
New platform AttackerKB gives defenders more context on vulnerabilities
Real-world input from pen testers and other members of the security community aims to help defenders make better assessments of vulnerability risks.
What are vulnerability scanners and how do they work?
Vulnerability scanners are automated tools that allow organizations to check if their networks, systems and applications have security weaknesses that could expose them to attacks.
Beware malware-laden emails offering COVID-19 information, US Secret Service warns
Many of the emails take advantage of an unpatched, decades-old Microsoft Office vulnerability to deliver malware. Advice: Patch now.
Weakness in Zoom for macOS allows local attackers to hijack camera and microphone
Zoom's use of insecure system APIs allow attackers to elevate privileges as well.
New CPU attack technique can leak secrets from Intel SGX enclaves
The Load Value Injection attack can bypass security boundaries and mitigations put in place for other CPU vulnerabilities such as Spectre and Meltdown.
Intel CSME flaw is unpatchable, researchers warn
Researchers reveal that a previously known Intel flaw is unpatchable and could allow attackers to compromise the cryptographic chain of trust in Intel systems.
