Vulnerabilities

Vulnerabilities | News, how-tos, features, reviews, and videos

shadowy attacker hooded

7,500 MikroTik routers compromised, traffic forwarded to attackers

Attackers have exploited a flaw in thousands of unpatched MikroTik routers, sending traffic to unknown attacker-controlled IPs.

FinTech abstract / virtual world of dollars, pounds, euros, bitcoins, etc.

Bitfi removes unhackable claim from crypto wallet

Bitfi struck the ridiculous unhackable claim from its crypto wallet, while Bitfi backer John McAfee taunts hacker with offer of $20 million for hack.

broken window with windows logo in clouds

Microsoft Windows Task Scheduler zero-day and PoC exploit disclosed via Twitter

There’s a Windows zero-day in the wild, and CERT knows no practical solution until Microsoft patches.

congress evening

Congress pushes MITRE to fix CVE program, suggests regular reviews and stable funding

On Monday, the Energy and Commerce Committee sent letters to MITRE Corporation and the Department of Homeland Security (DHS), recommending reforms be made to the troubled CVE program. In fact, the letters state, if the "deep-seated...

1 intro security executive thinking woman face binary

12 things every IT security professional should know

Fighting the good fight takes specialized knowledge. Here's the baseline of what all security pros should know.

fortnite

Google discloses man-in-the-disk attack flaw in Fortnite Android app

Epic Games hit back after Google publicly disclosed the security vulnerability in the Fortnite Android app installer earlier than the 90-day request.

bucket with holes breach security vulnerability

Reevaluate "low-risk" PHP unserialization vulnerabilities, researcher says

Over nearly a decade, PHP unserialization vulnerabilities have become a popular route for cyber-criminals to plant remote code execution or deliver other malware into systems. But new research, introduced at Black Hat this month,...

security audit - risk assessment - network analysis

Software products aren’t cookies

Understanding the security of third-party components.

credit cards

Hack mobile point-of-sale systems? Researchers count the ways

Security researchers uncovered widespread vulnerabilities in mobile point-of-sale readers offered by Square, SumUp, PayPal and iZettle.

Bug bounty program

Bug bounties offer legal safe harbor. Right? Right?

Bug bounties are all the rage, but many programs do not offer legal safe harbor to good-faith security researchers who wish to report security issues. Caveat bug finder.

cockroach bug binary2

Do you need a vulnerability disclosure program? The feds say yes

The FTC and DOJ are pushing companies to provide a means for good-faith security researchers to report bugs and put effective processes in place to act on those reports.

danger

Hundreds of HP inkjet printer models vulnerable to critical remote code execution flaws

Hundreds of HP inkjet printer models are in desperate need of firmware patches before hackers start exploiting vulnerabilities to gain remote code execution.

patch on top of Windows logo

Patching Windows for Spectre and Meltdown: A complete guide

With newly disclosed Spectre and Meltdown variants, it’s time to review the risk they present your Windows systems and the steps needed to patch them.

Bug bounty program

$10,000 for hacking HP printers: First bug bounty program for printer security

HP invited 34 security researchers to participate in its bug bounty program for printers, offering up to $10,000 per bug.

Hacker in hoodie holding up finger to be quiet secret

Rapid7 penetration tests reveal multitude of software flaws, network misconfigurations

In 268 penetration tests, Rapid7’s testers exploited software flaws 84% of the time, abused network misconfigurations 80% of the time, and captured credentials 53% of the time.

iot network

Half a billion smart devices vulnerable to decade-old DNS rebinding attacks

Researchers warned that 496 million smart devices used by enterprises are vulnerable to DNS rebinding attacks.

allscripts health care ransomware bitcoin

Samsam infected thousands of LabCorp systems via brute force RDP

LabCorp, one of the largest clinical labs in the U.S., said the Samsam ransomware attack that forced their systems offline was contained quickly and didn't result in a data breach. However, in the brief time between detection and...

windows bugs crashes

Microsoft’s Identity Bug Bounty program pays up to $100,000

Microsoft’s new Identity Bounty program offers payouts of up to $100,000 for bugs in its identity solutions, as well as bugs in select OpenID standards.

cockroach bug binary2

Microsoft-related bug reports up 121%, virtualization software bugs up 275%

The Zero Day Initiative saw a 33% increase in the number of bugs reported so far in 2018, which may shatter 2017's 'busiest year ever' record.

salted hash thumbnail final

Salted Hash Ep 34: Red Team vs. Vulnerability Assessments

This week on Salted Hash, Phil Grimes, Professional Services Lead at RedLegg, discusses why words matter, the concept of scoping for Red Teams, and shares more stories from his days in the field as we discuss tailgating and dumpster...

Load More