Vulnerabilities

Vulnerabilities | News, how-tos, features, reviews, and videos

Many keys, one lock > Brute-force credential stuffing.
News Analysis

APIs are becoming a major target for credential stuffing attacks

A firmware message appears on a circuit board.
News Analysis

Lack of firmware validation for computer peripherals enables highly persistent attacks

man typing on laptop search internet web browswer
Feature

8 top OSINT tools: Find sensitive public info before hackers do

Hackers use open source intelligence to find information that will help them compromise systems. Using these tools will tell you how much of that info is exposed.

teamwork / collaboration / developers / development / engineers / binary code / virtual interface
Feature

Vulnerability management requires good people and patching skills

Multinational construction materials maker LafargeHolcim focuses hard on patching to prevent potential exploits further down the line.

Bingo balls read 19, 20 and 21; no. 20 at the forefront.
Feature

2020 cybersecurity trends: 9 threats to watch

Here's how your biggest threats of 2019 will likely trend for 2020 and how you might change your defensive strategy for them.

Vintage voltmeter gauge / binary code
News

Remote hackers can modify CPU voltage to steal secrets from Intel SGX enclaves

By manipulating the voltage of Intel CPUs that use SGX, researchers can extract sensitive data, including full RSA encryption keys, from memory using the Plundervolt vulnerability.

man typing on laptop search internet web browswer
Feature

What is Shodan? The search engine for everything on the internet

Defenders find this simple tool valuable for finding vulnerable devices attached to the web that need to be secured.

Red team > Hackers coordinate an attack.
Feature

5 steps to a successful red team engagement

You want red team pen testers to find the vulnerabilities attackers are most likely to use. Here's how.

tt19 054 thumb
video

Printers: The overlooked security threat in your enterprise | TECHtalk

Printers, often a forgotten target in the enterprise, are vulnerable to all the usual cyberattacks. Watch as IDG TECH(talk) hosts Ken Mingis and Juliet Beauchamp and CSO Online’s J.M. Porup discuss the threats to these devices, plus...

Fragmented image of a Boeing 787 airplane represented in encrypted data.
News

Boeing's poor information security posture threatens passenger safety, national security, researcher says

The aircraft maker failed to perform minimum due diligence in securing its networks, then tried to cover it up, security researcher Chris Kubecka tells Aviation Cyber Security conference attendees.

Printer / printing > network / deployment / connectivity / security.
Feature

Stop ignoring printer security: It's time for CSOs to take control

Despite shipping with mature security features, most printer deployments are insecure because of misplaced financial and organizational incentives.

security risk - phishing / malware / social engineering
News

Critical remote code execution flaw fixed in popular terminal app for macOS

Users of the iTerm2 terminal app are encouraged to update as soon as possible.

android anti virus security
News

Zero-day vulnerability gives attackers full control of Android phones

Attackers are reportedly exploiting an unpatched vulnerability to take control of Android devices and potentially deliver spyware. The flaw affects phones models from multiple manufacturers including Google, Samsung, Huawei, LG and...

DDOS attack
News

Misconfigured WS-Discovery in devices enable massive DDoS amplification

Researchers were able to achieve amplification rates of up to 15,300%. Some mitigations are possible.

Hands typing on a laptop keyboard binary code and a hazard symbol on screen.
News Analysis

New NetCAT CPU side-channel vulnerability exploitable over the network

NetCAT takes advantage of Intel DDIO technology to remotely execute keystroke timing attacks.

blue mother board circuitry computer chip processor harddrive
News

Insecure virtual USB feature in Supermicro BMCs exposes servers to attack

Security researchers have found a way to attach virtual USB devices remotely to Supermicro servers, including over the internet, by abusing a feature in their baseband management controller software.

Microsoft > RDP | Remote Desktop Protocol vulnerabilities > caution / danger / admin login
How-To

How to avoid using RDP on Windows

Several new vulnerability disclosures in Windows Remote Desktop Protocol suggest it’s time to stop using it where possible. Here’s how.

Windows security and protection [Windows logo/locks]
News

More critical Remote Desktop flaws expose Windows systems to hacking

Microsoft finds and fixes multiple RDS and RDP vulnerabilities in Windows, but new research on BlueKeep patch rates suggests many machines could remain exposed.

CSO > IoT / Internet of Things, unencrypted/unsecured/vulnerable
News

ICS security: Popular building management system vulnerable to takeover

Remotely exploitable vulnerability in internet-connected devices gives attackers a means to cause disruption and damage in a wide range of industries.

many office desk phones
News

Popular Avaya enterprise VoIP phones are vulnerable to hacking

Attackers can use the vulnerability to gain complete control of the phone. It underscores the risks of using old open-source code in IoT devices.

Load More