Vulnerabilities

Vulnerabilities | News, how-tos, features, reviews, and videos

CSO  >  Antivirus symbol on binary background

PrintDemon vulnerability explained: Its risks and how to mitigate

Microsoft has finally patched the decades-old Windows PrintDemon vulnerability, but exploitable devices might still be on your network.

Aerial view of the United States as a nationwide grid.

Executive order boots “foreign adversaries” from US electric grid over security concerns

White House action implies that China is "creating and exploiting" vulnerabilities in the US power grid. Experts say hardware backdoors have the potential for doing significant damage.

intro security vulnerability

Cisco and Palo Alto Networks appliances impacted by Kerberos authentication bypass

The shared vulnerability could enable man-in-the-middle attacks, and it could exist on other devices. Patch now.

COVID-19 contact tracing app

4 critical issues surrounding contact-tracing apps

As countries rush to release contact-tracing apps, experts fear a lack of security and privacy controls.

Microsoft  >  RDP | Remote Desktop Protocol vulnerabilities  >  caution / danger / admin login

Attacks against internet-exposed RDP servers surging during COVID-19 pandemic

Two new reports show a dramatic increase in cyber attacks that target open RDP ports as more people work remotely.

orange monitors with lock icon network security cyber threat

32 hardware and firmware vulnerabilities: A guide to the threats

Meltdown and Spectre raised the alarm over vulnerabilities that attackers can exploit in popular hardware and its firmware. Here's a roundup of the ones that present the most significant threats.

Blazing, fiery cloud raining binary code.

Cloud servers hacked via critical SaltStack vulnerabilities

Attackers were quick to exploit recently announced vulnerabilities to deploy cryptominers. Patch Salt now.

Zoom video conferencing  >  One user connected via laptop showing a grid of remote participants.

7 ways to make your Zoom meetings safer

Learn to use the tools Zoom gives you to secure online conferences.

Scanning for vulnerabilities.

New platform AttackerKB gives defenders more context on vulnerabilities

Real-world input from pen testers and other members of the security community aims to help defenders make better assessments of vulnerability risks.

Scanning for vulnerabilities.

What are vulnerability scanners and how do they work?

Vulnerability scanners are automated tools that allow organizations to check if their networks, systems and applications have security weaknesses that could expose them to attacks.

A white speech bubble with an email icon indicating a new unread message against a viral background.

Beware malware-laden emails offering COVID-19 information, US Secret Service warns

Many of the emails take advantage of an unpatched, decades-old Microsoft Office vulnerability to deliver malware. Advice: Patch now.

Zoom video conferencing  >  One user connected via laptop showing a grid of remote participants.

Weakness in Zoom for macOS allows local attackers to hijack camera and microphone

Zoom's use of insecure system APIs allow attackers to elevate privileges as well.

Intel CPU  >  security

New CPU attack technique can leak secrets from Intel SGX enclaves

The Load Value Injection attack can bypass security boundaries and mitigations put in place for other CPU vulnerabilities such as Spectre and Meltdown.

Intel CPU  >  security

Intel CSME flaw is unpatchable, researchers warn

Researchers reveal that a previously known Intel flaw is unpatchable and could allow attackers to compromise the cryptographic chain of trust in Intel systems.

target threat hunting program sitting duck duck shooting gallery by roz woodward getty 2400x1600

How Target evolved its threat hunting program: 3 key steps

Target decided to re-evaluate its successful threat hunting program and found it could do better. This is what they did.

Many keys, one lock  >  Brute-force credential stuffing.

APIs are becoming a major target for credential stuffing attacks

New research shows that attackers use APIs to automate credential stuffing attacks. The financial sector is particularly vulnerable.

A firmware message appears on a circuit board.

Lack of firmware validation for computer peripherals enables highly persistent attacks

Vulnerabilities in unvalidated peripheral firmware such as WiFi adapters, cameras, and network interface controllers give attackers control over systems.

teamwork / collaboration / developers / development / engineers / binary code / virtual interface

Vulnerability management requires good people and patching skills

Multinational construction materials maker LafargeHolcim focuses hard on patching to prevent potential exploits further down the line.

Bingo balls read 19, 20 and 21; no. 20 at the forefront.

2020 cybersecurity trends: 9 threats to watch

Here's how your biggest threats of 2019 will likely trend for 2020 and how you might change your defensive strategy for them.

Vintage voltmeter gauge / binary code

Remote hackers can modify CPU voltage to steal secrets from Intel SGX enclaves

By manipulating the voltage of Intel CPUs that use SGX, researchers can extract sensitive data, including full RSA encryption keys, from memory using the Plundervolt vulnerability.

Load More
You Might Also Like