Vulnerabilities

Vulnerabilities | News, how-tos, features, reviews, and videos

orange monitors with lock icon network security cyber threat
Feature

31 hardware and firmware vulnerabilities: A guide to the threats

Meltdown and Spectre raised the alarm over vulnerabilities that attackers can exploit in popular hardware and its firmware. Here's a roundup of the ones that present the most significant threats.

rambleed ram memory card hardware hack breach binary by 13threephotography getty
News

OpenSSH to protect keys in memory against side-channel attacks

The new OpenSSH patch makes it harder to execute attacks such as Spectre, Meltdown, Rowhammer and Rambleed.

rambleed ram memory card hardware hack breach binary by 13threephotography getty
News

Rowhammer variant RAMBleed allows attackers to steal secrets from RAM

Unlike Rowhammer, which only allows for data corruption, the newly discovered RAMBleed vulnerability provides a way to grab data such as encryption keys from memory.

CSO > malware / security threat / skull and crossbones on a user's screens
InfoSec at Your ServiceBy

4 tips for getting the most from threat intelligence

It’s easy to gather data on potential threats, but you have to know what to do with that intelligence if you want to improve your security stance.

Meltdown / Spectre / security vulnerabilities
How-To

How to update your Spectre, Meltdown mitigations for the Retpoline mitigation

Intel recently released a new mitigation for Spectre and Meltdown and some of their variants. Called Retpoline, it might not be enabled with the Windows 10 1809 update. Here's how to find out and implement.

Broken window with band-aid patch
News

Microsoft urges Windows customers to patch wormable RDP flaw

A newly found vulnerability allows remote exploits using the Remote Desktop Protocol to gain full access to systems with no authentication.

Intel CPU > security
News

The second Meltdown: New Intel CPU attacks leak secrets

Intel has done some mitigations for these vulnerabilities that can leak secrets from virtual machines, secure enclaves and kernel memory. Here's how the attacks work.

adding processor to circuit board computer hardware
News

New Intel firmware boot verification bypass enables low-level backdoors

By replacing a PC's SPI flash chip with one that contains rogue code, an attacker can can gain full, persistent access.

intro security vulnerability
News

Researchers warn of unpatched vulnerability in Oracle WebLogic Server

Detected scans suggest attacker are seeking vulnerable servers to target for attacks.

skull and crossbones in binary code
News

GandCrab attackers exploit recently patched Confluence vulnerability

If your company uses Confluence, make sure you have the latest available patches for this vulnerability.

Broken window with band-aid patch
News

Critical Magento SQL injection flaw could be targeted by hackers soon

Popular e-commerce platform Magento has released security patches to fix the flaw. Researchers say update now.

security protection / defenses / protocols
Cybersecurity SnippetsBy

Vulnerability management woes continue, but there is hope

Prioritizing fixes, workflows, and timely patching are just some of the challenges organizations face, but advanced data analytics may help with vulnerability management.

a hooded figure targets a coding vulnerability
Feature

What is AI fuzzing? And why it may be the next big cybersecurity threat

Pairing artificial intelligence or machine learning with traditional fuzzing techniques creates a powerful tool to find application or system vulnerabilities — for both researchers and cyber criminals.

binary code matrix broken / breached / failed / hacked / security risk / threat / vulnerability
Feature

What is Metasploit? And how to use this popular hacking tool

Metasploit is a widely used penetration testing tool that makes hacking way easier than it used to be. It has become an indispensable tool for both red team and blue team.

cloud security data breach crime accessible
News

SoftNAS Cloud 0day found: Upgrade ASAP

SoftNAS Cloud users should upgrade immediately following a report by Digital Defense that the virtual cloud appliance is vulnerable to a session management security issue.

skull and crossbones in binary code
News

Elasticsearch clusters face attacks from multiple hacker groups

If you are running an older version of Elasticsearch, make sure you've patched its known vulnerabilities or consider upgrading.

passwords / authentication
News Analysis

Password managers remain an important security tool despite new vulnerability report

Experts downplay discovery of a vulnerability that can expose passwords in a computer's memory. Hackers likely to take easier paths to stealing passwords.

alone at night along a dimly lit path / security / suspicious / threat / hacker
Privacy and Security FanaticBy

Meet the man-in-the-room attack: Hackers can invisibly eavesdrop on Bigscreen VR users

Flaws in Bigscreen could allow 'invisible Peeping Tom' hackers to eavesdrop on Bigscreen VR users, to discreetly deliver malware payloads, to completely control victims' computers and even to start a worm infection spreading through...

a hooded figure targets a coding vulnerability
News Analysis

Are zero-day exploits the new norm?

Research from Microsoft's Matt Miller shows that every actively exploited Windows vulnerability in 2017 was first done using a zero-day attack. Other research shows this trend extends across the IT landscape.

A hooded man in a halloween mask raises a finger to his lips to encourage silence.
Privacy and Security FanaticBy

North Korean hackers target Russian-based companies

The North Korean Lazarus APT group is going after the Russians. Russian hackers, however, needed less than 20 minutes in 2018 to completely pwn an organization.

Load More