Vulnerabilities

Vulnerabilities | News, how-tos, features, reviews, and videos

A conceptual security grid of locks overlays a network / datacenter / server room.
Cybersecurity  >  abstract network of circuits data and lock

a hooded figure targets a coding vulnerability

New Log4Shell-like vulnerability impacts H2 Java SQL database

Researchers warn of critical Java flaw impacting the console of the H2 Java SQL database. Users are advised to update their H2 database to mitigate remote code execution risk.

rules rulebook law compliance regulation by baloon111 getty

FTC, SEC raise legal risks surrounding the log4j flaw

The U.S. Federal Trade Commission also threatened possible legal action for companies that don't address the risk from the Log4j vulnerabilities.

Scanning for vulnerabilities.

The Apache Log4j vulnerabilities: A timeline

The Apache Log4j vulnerability has impacted organizations around the globe. Here is a timeline of the key events surrounding the Log4j exploit as they have unfolded.

keys on a keychain / key ring / password management / binary code overlay

Exploit chains explained: How and why attackers target multiple vulnerabilities

Here is what you need to know about exploit chain risks, use cases, and mitigation.

A laptop user with magnifying lens examines binary data.

How to detect Log4Shell exposure and exploitation

Software dependencies and third-party products make detecting Log4j exploits tough, but this advice and some specialized tools can help.

Skull-and-crossbones, code and the 'stop' gesture: hand held forward, palm out, fingers pointing up

Second Log4j vulnerability carries denial-of-service threat, new patch available

The fallout from the Apache Log4j vulnerability continues as researchers discover a second exploit that could lead to denial-of-service attacks. A patch is available to fix the issue.

a hooded figure targets a coding vulnerability

4 ways to properly mitigate the Log4j vulnerabilities (and 4 to skip)

A sure-fire way to prevent exploitation of Log4j vulnerabilities has yet to appear, but these actions are your best bet for reducing risk.

ipsecurity protocols network security vpn3

Log4j mitigation advice for Microsoft security and IT admins

The Log4j vulnerability affects many applications running on Microsoft networks. Use this advice to determine whether your network has been exploited and to mitigate the issue.

Abstract Java code

Apache Log4j vulnerability actively exploited, impacting millions of Java-based apps

The vulnerability affects not only Java-based applications and services that use the library directly, but also many other popular Java components and development frameworks that rely on it.

wireless security vulnerability

Researchers warn about continuous abuse of unpatched MikroTik routers

Attackers are still exploiting unaddressed vulnerabilities in an estimated 300,000 MikroTik routers. A new tool will detect compromised devices.

maze labrynth endpoint protection easy access bypass by gremlin getty

Critical flaw in ManageEngine Desktop Central MSP tool exploited in the wild

Each of two flaws allow attackers to bypass authentication, leaving customers of MSPs that use ManageEngine at risk. Patches are available.

15 troubleshoot printer

New HP MFP vulnerabilities show why you should update and isolate printers

Researchers have discovered two dangerous vulnerabilities in HP multifunction printers that use its FutureSmart firmware, including one that is exploitable remotely.

CSO  >  malware / virus / security threat / protective antivirus shield

How to prevent sideloading attacks in Windows and Office 365

A few settings in Windows or Office 365 can help stop users from installing malicious apps on their devices.

hacker access to IoT / internet of things

Flaws in the Nucleus embedded TCP/IP stack puts critical systems at risk

The NUCLEUS:13 vulnerabilities can allow remote code execution or denial of service attacks. Billions of devices could be affected.

A magnifying lens exposes an exploit amid binary code.

Update and isolate your Nagios servers now

Recently discovered vulnerabilities in Nagios servers could give attackers broad access to systems and data if exploited.

A broken link in a digital chaing / weakness / vulnerability

CISA releases directive to remediate dangerous vulnerabilities across civilian agencies

While the move is applauded, a short timeframe to address vulnerabilities will be a challenge for security resource-strapped agencies.

cyber attack alert / data breach

5 steps to security incident response planning

Most firms will experience a breach or vulnerability that exposes sensitive data. Minimizing impact on business and reputation depends on having a strong response plan before an incident happens.

Microsoft Windows security  >  Windows laptop + logo with binary lock and key

Microsoft's very bad year for security: A timeline

Microsoft has had a horrible 2021, with vulnerabilities impacting its biggest services.

Load More
You Might Also Like