UNITED STATES

Welcome! Here are the latest Insider stories.

More Insider Sign Out

Vulnerabilities

Vulnerabilities | News, how-tos, features, reviews, and videos

broken lock amid binary code and circuits

News Analysis

Critical flaw allows hackers to breach SAP systems with ease

SAP NetWeaver Application Server Java vulnerability can be exploited without authentication and lead to complete system takeover. Patch now.

access control / authentication / privileges / security / key

Feature

Privilege escalation explained: Why these flaws are so valuable to hackers

Attackers use privilege escalation flaws to gain access to systems and applications. Patching and monitoring are the most important ways to stop them.

Glowing blue montage of hand keying in password at ATM

News Analysis

Vulnerable drivers can enable crippling attacks against ATMs and POS systems

Newly discovered vulnerabilities could allow more persistent and destructive attacks on popular models of ATM and POS devices.

iot security

News Analysis

Critical flaws in embedded TCP/IP library impact millions of IoT devices across industries

The memory corruption flaws exist in a wide range of commercial and consumer devices, and can allow full takeover of them.

SAP

News Analysis

Install latest SAP Adaptive Server Enterprise patches, experts urge

If left unpatched, these SAP ASE vulnerabilities could give attackers full control of databases and servers.

A rusty old lock hangs open amid the flow of binary code.

Feature

Skipped patch from 2012 makes old Microsoft Office systems a favored target

Some organizations have still not implemented an Office patch from 2012. Attackers know this and are exploiting the vulnerability.

CSO > Antivirus symbol on binary background

Feature

PrintDemon vulnerability explained: Its risks and how to mitigate

Microsoft has finally patched the decades-old Windows PrintDemon vulnerability, but exploitable devices might still be on your network.

Aerial view of the United States as a nationwide grid.

News Analysis

Executive order boots “foreign adversaries” from US electric grid over security concerns

White House action implies that China is "creating and exploiting" vulnerabilities in the US power grid. Experts say hardware backdoors have the potential for doing significant damage.

intro security vulnerability

News Analysis

Cisco and Palo Alto Networks appliances impacted by Kerberos authentication bypass

The shared vulnerability could enable man-in-the-middle attacks, and it could exist on other devices. Patch now.

COVID-19 contact tracing app

News Analysis

4 critical issues surrounding contact-tracing apps

As countries rush to release contact-tracing apps, experts fear a lack of security and privacy controls.

Microsoft > RDP | Remote Desktop Protocol vulnerabilities > caution / danger / admin login

News Analysis

Attacks against internet-exposed RDP servers surging during COVID-19 pandemic

Two new reports show a dramatic increase in cyber attacks that target open RDP ports as more people work remotely.

Blazing, fiery cloud raining binary code.

News Analysis

Cloud servers hacked via critical SaltStack vulnerabilities

Attackers were quick to exploit recently announced vulnerabilities to deploy cryptominers. Patch Salt now.

Zoom video conferencing > One user connected via laptop showing a grid of remote participants.

Feature

7 ways to make your Zoom meetings safer

Learn to use the tools Zoom gives you to secure online conferences.

Scanning for vulnerabilities.

News Analysis

New platform AttackerKB gives defenders more context on vulnerabilities

Real-world input from pen testers and other members of the security community aims to help defenders make better assessments of vulnerability risks.

Scanning for vulnerabilities.

Feature

What are vulnerability scanners and how do they work?

Vulnerability scanners are automated tools that allow organizations to check if their networks, systems and applications have security weaknesses that could expose them to attacks.

A white speech bubble with an email icon indicating a new unread message against a viral background.

News Analysis

Beware malware-laden emails offering COVID-19 information, US Secret Service warns

Many of the emails take advantage of an unpatched, decades-old Microsoft Office vulnerability to deliver malware. Advice: Patch now.

Zoom video conferencing > One user connected via laptop showing a grid of remote participants.

News Analysis

Weakness in Zoom for macOS allows local attackers to hijack camera and microphone

Zoom's use of insecure system APIs allow attackers to elevate privileges as well.

Intel CPU > security

News Analysis

New CPU attack technique can leak secrets from Intel SGX enclaves

The Load Value Injection attack can bypass security boundaries and mitigations put in place for other CPU vulnerabilities such as Spectre and Meltdown.

Intel CPU > security

News Analysis

Intel CSME flaw is unpatchable, researchers warn

Researchers reveal that a previously known Intel flaw is unpatchable and could allow attackers to compromise the cryptographic chain of trust in Intel systems.

target threat hunting program sitting duck duck shooting gallery by roz woodward getty 2400x1600

Feature

How Target evolved its threat hunting program: 3 key steps

Target decided to re-evaluate its successful threat hunting program and found it could do better. This is what they did.

Load More

Popular Resources

White Paper

IoT Tech: The Platform for Smart Buildings
White Paper

10 Problems Slowing Your Development (And How to Fix Them)
White Paper

A Buyer’s Guide to Optimizing Remote Employees’ Extended Network
Video/Webcast
Sponsored

Dear Future, It’s Me, Fraud: How to Identify and Combat Evolving Fraudulent Activity
Video/Webcast
Sponsored

Gain control and secure your employees productivity in Office 365 with OpenText Solutions for Microsoft

See All

Most Popular