Vulnerabilities
Vulnerabilities | News, how-tos, features, reviews, and videos
Allscripts: Ransomware, recovery, and frustrated customers
The actors behind SamSam launched an attack against Allscripts in January 2018, leaving the company’s customers without access to the services needed to run their medical practices — some for more than a week.
Hackers abused Cisco flaw to warn Iran and Russia: 'Don't mess with our elections'
Hackers exploited a flaw in Cisco Smart Install Client in a cyber attack against Iran and Russia, enabling them to leave the US flag and 'Don't mess with our elections' on screens.
Open source software security challenges persist
Using open source components saves developers time and companies money. In other words, it's here to stay. Here's a look at what it will take to improve open source security.
How a vulnerability disclosure policy lets hackers help you
Does your company have a vulnerability disclosure policy (VPD)? And if not, what might it mean for your security?
SamSam ransomware attacks have earned nearly $850,000
First emerging in late 2015, the group believed to be responsible for the SamSam ransomware family has targeted small and large businesses, healthcare, governments, and education. To date, the group has made nearly $850,000 USD
Researchers find 13 critical flaws in AMD's Ryzen and Epyc chips
Researchers accused of ignoring responsible disclosure claim AMD chips are riddled with critical flaws and backdoors; AMD says it is investigating.
Ransomware: Coming to a robot near you soon?
A a proof-of-concept hack at the Kaspersky Security Analyst Summit showed how robots could be infected with ransomware.
Homeland Security's IT security continues to fall short
Another year, another audit, another set of failings when it comes to the Department of Homeland Security’s IT systems.
Insecure by design: What you need to know about defending critical infrastructure
Patching is useless most of the time, industrial control systems (ICS) security expert tells Senate committee.
Has responsible disclosure won the debate?
The debate in the security community about disclosure shows no signs of abating. This article explores both sides of the argument and puts forward suggestions for organizations looking to improve their transparency and responsiveness...
Hackers exploit Jenkins servers, make $3 million by mining Monero
Hackers exploiting Jenkins servers made $3 million in one of the biggest malicious cryptocurrency mining operations ever.
North Korea hacking group is expanding operations, researchers say
A group of hackers from North Korea (DPRK), recently connected to the usage of an Adobe Flash zero-day vulnerability (CVE-2018-4878), has expanded its operations in both scope and sophistication, FireEye says.
The victim notification conundrum
Now is the time for the security ecosystem to take stronger action to identify and address compromised computers – sharing lists of known compromises and simply observing the problem is not enough
4 reasons forensics will remain a pillar of cybersecurity
When protection fails, forensics can still prevail.
The future: it ain’t what it used to be
The problem with the future—as baseball legend Yogi Berra, the founders of the internet and any CISO or CTO can assure you—is that, increasingly, it ain’t what it used to be.
Becoming vulnerability agnostic
Don't let the constant barrage of vulnerability announcements play with your emotions and drive up your stress levels.
3 leaked NSA exploits work on all Windows versions since Windows 2000
The EternalSynergy, EternalRomance, and EternalChampion exploits have been reworked to work on all vulnerable Windows versions: Windows 2000 -- Server 2016.
Cisco VPN remote code execution flaw rated 10 out of 10 for severity
Cisco devices running Adaptive Security Appliance software have a remote code execution and denial of service bug. And it's as bad as it gets -- rated 10 out of 10 for severity.
Hackers could have exploited flaw in all Blizzard games
Blizzard stopped talking with the Google security researcher who discovered the flaw and bungled the silently deployed patch to stop hackers from hijacking millions of PCs.
Anatomy of a well-run red-team exercise
Red team exercises – and particularly “assume compromise” or “assume breach” exercises – generally provide the most insight into your blue-team’s readiness to face an attack.
Sponsored Links
- What are you doing to accelerate IT agility? Learn about the IT model that serves as a catalyst for digital transformation.
- dtSearch® instantly searches terabytes of files, emails, databases, web data. See site for hundreds of reviews; enterprise & developer evaluations
- Unlock the potential of your data. How well are you harnessing information to improve business outcomes? A new CIO Playbook will help.
- Learn why advanced analytics should be considered the critical workload in a hybrid cloud infrastructure for today’s business
- To remain competitive, Cloud providers must deploy next-generation technologies that deliver the performance that new enterprise workloads demand
- The powerful combination of machine vision and AI is solving some of the toughest societal and business challenges
- Intel FPGAs are the foundation for a new type of data center with the versatility and speed to handle a variety of workloads