Vulnerabilities
Vulnerabilities | News, how-tos, features, reviews, and videos
Kenna Security takes a data-driven approach to risk analysis
Risk from security threats is relative to each company. Kenna Security leverages company and public data to pinpoint the real risk for each customer.
What is a zero-day exploit? A powerful but fragile weapon
A zero-day is a security flaw that has not yet been patched by the vendor and can be exploited. These vulnerabilities fetch high prices on the black market
Decade-old attack can pwn Google Home, Chromecast, Sonos and Roku
Several IoT devices are vulnerable to DNS rebinding attacks that could allow attackers to get your geographic location, gather recon for future attacks, or remotely control the devices.
Researchers disclose 7 flaws in 390 Axis IP cameras, remote attacker could take control
If an attacker were to chain three of the flaws in the Axis IP cameras, they could remotely execute shell commands with root privileges. Update your firmware now.
Crestron console service has critical vulnerability
Rapid7 disclosed Crestron flaw that can be used to gain root-level access and give attackers the ability to control commands being executed on the system.
Another baby monitor camera hacked
The latest baby monitor hacking incident involves a $34 FREDI wireless baby camera monitor. The hacked device was used to spy on a mother and her baby.
Valve patches decade-old bug that made Steam users' PCs vulnerable
Valve patched a 10-year remote code execution bug that could have bitten all Steam clients and allowed attackers to remotely control gamers' computers.
What is Shodan? The search engine for everything on the internet
Defenders find this simple tool valuable for finding vulnerable devices attached to the web that need to be secured.
Containers are here. What about container security?
ESG data indicates that cybersecurity pros have problems around the nuances of container technology and implementing container-centric security controls.
EFAIL: Critical PGP and S/MIME bugs could reveal plaintext of encrypted emails
There's currently no fix for the critical flaws in PGP and S/MIME that could reveal plaintext of encrypted email. Users are advised to disable PGP plug-ins and not to use decryption in email clients.
Katie Moussouris: It’s dangerous to conflate bug bounties and vulnerability disclosure
“There are two extremes right now: no idea where to start or do a bug bounty,” says Moussouris, who built Microsoft's vulnerability disclosure program.
Researchers warn PGP and S/MIME users of serious vulnerabilities
A professor at Münster University issued a warning on Sunday about serious vulnerabilities in PGP and S/MIME – two widely-used methods for encrypting email – which, if exploited, could reveal plain text communications. The issue also...
Aviation industry takes steps to mitigate insider threats
The aviation industry realizes insider threats are a reality and is working within the public-private partnership to heighten awareness of them.
Critical Hikvision flaw could be remotely exploited to hijack cameras, DVRs and accounts
Hikvision patched a critical flaw that allowed attackers to access and manipulate cameras and DVRs as well as hijack accounts.
SamSam explained: Everything you need to know about this opportunistic group of threat actors
The group behind the SamSam family of ransomware is known for recent attacks on healthcare organizations, but that's not its only target.
Russia is hacking routers in global cyber attacks, US and UK warn
In a first-of-its-kind advisory, the U.S. and U.K. warned of malicious cyber activity by state-sponsored Russian hackers who are targeting network infrastructure devices.
Allscripts: Ransomware, recovery, and frustrated customers
The actors behind SamSam launched an attack against Allscripts in January 2018, leaving the company’s customers without access to the services needed to run their medical practices — some for more than a week.
Hackers abused Cisco flaw to warn Iran and Russia: 'Don't mess with our elections'
Hackers exploited a flaw in Cisco Smart Install Client in a cyber attack against Iran and Russia, enabling them to leave the US flag and 'Don't mess with our elections' on screens.
Open source software security challenges persist
Using open source components saves developers time and companies money. In other words, it's here to stay. Here's a look at what it will take to improve open source security.
How a vulnerability disclosure policy lets hackers help you
Does your company have a vulnerability disclosure policy (VPD)? And if not, what might it mean for your security?
Sponsored Links