Vulnerabilities
Vulnerabilities | News, how-tos, features, reviews, and videos
PrintDemon vulnerability explained: Its risks and how to mitigate
Microsoft has finally patched the decades-old Windows PrintDemon vulnerability, but exploitable devices might still be on your network.
Executive order boots “foreign adversaries” from US electric grid over security concerns
White House action implies that China is "creating and exploiting" vulnerabilities in the US power grid. Experts say hardware backdoors have the potential for doing significant damage.
Cisco and Palo Alto Networks appliances impacted by Kerberos authentication bypass
The shared vulnerability could enable man-in-the-middle attacks, and it could exist on other devices. Patch now.
4 critical issues surrounding contact-tracing apps
As countries rush to release contact-tracing apps, experts fear a lack of security and privacy controls.
Attacks against internet-exposed RDP servers surging during COVID-19 pandemic
Two new reports show a dramatic increase in cyber attacks that target open RDP ports as more people work remotely.
32 hardware and firmware vulnerabilities: A guide to the threats
Meltdown and Spectre raised the alarm over vulnerabilities that attackers can exploit in popular hardware and its firmware. Here's a roundup of the ones that present the most significant threats.
Cloud servers hacked via critical SaltStack vulnerabilities
Attackers were quick to exploit recently announced vulnerabilities to deploy cryptominers. Patch Salt now.
7 ways to make your Zoom meetings safer
Learn to use the tools Zoom gives you to secure online conferences.
New platform AttackerKB gives defenders more context on vulnerabilities
Real-world input from pen testers and other members of the security community aims to help defenders make better assessments of vulnerability risks.
What are vulnerability scanners and how do they work?
Vulnerability scanners are automated tools that allow organizations to check if their networks, systems and applications have security weaknesses that could expose them to attacks.
Beware malware-laden emails offering COVID-19 information, US Secret Service warns
Many of the emails take advantage of an unpatched, decades-old Microsoft Office vulnerability to deliver malware. Advice: Patch now.
Weakness in Zoom for macOS allows local attackers to hijack camera and microphone
Zoom's use of insecure system APIs allow attackers to elevate privileges as well.
New CPU attack technique can leak secrets from Intel SGX enclaves
The Load Value Injection attack can bypass security boundaries and mitigations put in place for other CPU vulnerabilities such as Spectre and Meltdown.
Intel CSME flaw is unpatchable, researchers warn
Researchers reveal that a previously known Intel flaw is unpatchable and could allow attackers to compromise the cryptographic chain of trust in Intel systems.
How Target evolved its threat hunting program: 3 key steps
Target decided to re-evaluate its successful threat hunting program and found it could do better. This is what they did.
APIs are becoming a major target for credential stuffing attacks
New research shows that attackers use APIs to automate credential stuffing attacks. The financial sector is particularly vulnerable.
Lack of firmware validation for computer peripherals enables highly persistent attacks
Vulnerabilities in unvalidated peripheral firmware such as WiFi adapters, cameras, and network interface controllers give attackers control over systems.
Vulnerability management requires good people and patching skills
Multinational construction materials maker LafargeHolcim focuses hard on patching to prevent potential exploits further down the line.
2020 cybersecurity trends: 9 threats to watch
Here's how your biggest threats of 2019 will likely trend for 2020 and how you might change your defensive strategy for them.
