Vulnerabilities

Vulnerabilities | News, how-tos, features, reviews, and videos

risk assessment gauge

Kenna Security takes a data-driven approach to risk analysis

Risk from security threats is relative to each company. Kenna Security leverages company and public data to pinpoint the real risk for each customer.

skull and crossbones in binary code

What is a zero-day exploit? A powerful but fragile weapon

A zero-day is a security flaw that has not yet been patched by the vendor and can be exploited. These vulnerabilities fetch high prices on the black market

google home mini

Decade-old attack can pwn Google Home, Chromecast, Sonos and Roku

Several IoT devices are vulnerable to DNS rebinding attacks that could allow attackers to get your geographic location, gather recon for future attacks, or remotely control the devices.

hacker presence on a network

Researchers disclose 7 flaws in 390 Axis IP cameras, remote attacker could take control

If an attacker were to chain three of the flaws in the Axis IP cameras, they could remotely execute shell commands with root privileges. Update your firmware now.

root lock

Crestron console service has critical vulnerability

Rapid7 disclosed Crestron flaw that can be used to gain root-level access and give attackers the ability to control commands being executed on the system.

Security flaws in baby cam monitors

Another baby monitor camera hacked

The latest baby monitor hacking incident involves a $34 FREDI wireless baby camera monitor. The hacked device was used to spy on a mother and her baby.

steamstream

Valve patches decade-old bug that made Steam users' PCs vulnerable

Valve patched a 10-year remote code execution bug that could have bitten all Steam clients and allowed attackers to remotely control gamers' computers.

man typing on laptop search internet web browswer

What is Shodan? The search engine for everything on the internet

Defenders find this simple tool valuable for finding vulnerable devices attached to the web that need to be secured.

containers port ship boat

Containers are here. What about container security?

ESG data indicates that cybersecurity pros have problems around the nuances of container technology and implementing container-centric security controls.

broken lock amid binary code and circuits

EFAIL: Critical PGP and S/MIME bugs could reveal plaintext of encrypted emails

There's currently no fix for the critical flaws in PGP and S/MIME that could reveal plaintext of encrypted email. Users are advised to disable PGP plug-ins and not to use decryption in email clients.

security bug

Katie Moussouris: It’s dangerous to conflate bug bounties and vulnerability disclosure

“There are two extremes right now: no idea where to start or do a bug bounty,” says Moussouris, who built Microsoft's vulnerability disclosure program.

email bullseye with three red arrows

Researchers warn PGP and S/MIME users of serious vulnerabilities

A professor at Münster University issued a warning on Sunday about serious vulnerabilities in PGP and S/MIME – two widely-used methods for encrypting email – which, if exploited, could reveal plain text communications. The issue also...

People walking with airplane in background

Aviation industry takes steps to mitigate insider threats

The aviation industry realizes insider threats are a reality and is working within the public-private partnership to heighten awareness of them.

hikvision cameras

Critical Hikvision flaw could be remotely exploited to hijack cameras, DVRs and accounts

Hikvision patched a critical flaw that allowed attackers to access and manipulate cameras and DVRs as well as hijack accounts.

group silhouette filled with binary code

SamSam explained: Everything you need to know about this opportunistic group of threat actors

The group behind the SamSam family of ransomware is known for recent attacks on healthcare organizations, but that's not its only target.

russian military

Russia is hacking routers in global cyber attacks, US and UK warn

In a first-of-its-kind advisory, the U.S. and U.K. warned of malicious cyber activity by state-sponsored Russian hackers who are targeting network infrastructure devices.

allscripts insider pdf primary

Allscripts: Ransomware, recovery, and frustrated customers

The actors behind SamSam launched an attack against Allscripts in January 2018, leaving the company’s customers without access to the services needed to run their medical practices — some for more than a week.

US Flag

Hackers abused Cisco flaw to warn Iran and Russia: 'Don't mess with our elections'

Hackers exploited a flaw in Cisco Smart Install Client in a cyber attack against Iran and Russia, enabling them to leave the US flag and 'Don't mess with our elections' on screens.

plastic soldiers

Open source software security challenges persist

Using open source components saves developers time and companies money. In other words, it's here to stay. Here's a look at what it will take to improve open source security.

security threats and vulnerabilities

How a vulnerability disclosure policy lets hackers help you

Does your company have a vulnerability disclosure policy (VPD)? And if not, what might it mean for your security?

Load More