Vulnerabilities

Vulnerabilities | News, how-tos, features, reviews, and videos

allscripts insider pdf primary

Allscripts: Ransomware, recovery, and frustrated customers

The actors behind SamSam launched an attack against Allscripts in January 2018, leaving the company’s customers without access to the services needed to run their medical practices — some for more than a week.

US Flag

Hackers abused Cisco flaw to warn Iran and Russia: 'Don't mess with our elections'

Hackers exploited a flaw in Cisco Smart Install Client in a cyber attack against Iran and Russia, enabling them to leave the US flag and 'Don't mess with our elections' on screens.

plastic soldiers

Open source software security challenges persist

Using open source components saves developers time and companies money. In other words, it's here to stay. Here's a look at what it will take to improve open source security.

security threats and vulnerabilities

How a vulnerability disclosure policy lets hackers help you

Does your company have a vulnerability disclosure policy (VPD)? And if not, what might it mean for your security?

ransomware at your service 4

SamSam ransomware attacks have earned nearly $850,000

First emerging in late 2015, the group believed to be responsible for the SamSam ransomware family has targeted small and large businesses, healthcare, governments, and education. To date, the group has made nearly $850,000 USD

amdryzen

Researchers find 13 critical flaws in AMD's Ryzen and Epyc chips

Researchers accused of ignoring responsible disclosure claim AMD chips are riddled with critical flaws and backdoors; AMD says it is investigating.

pepper robot

Ransomware: Coming to a robot near you soon?

A a proof-of-concept hack at the Kaspersky Security Analyst Summit showed how robots could be infected with ransomware.

Dept of Homeland Security, IoT

Homeland Security's IT security continues to fall short

Another year, another audit, another set of failings when it comes to the Department of Homeland Security’s IT systems.

industrial refinery energy plant oil gas

Insecure by design: What you need to know about defending critical infrastructure

Patching is useless most of the time, industrial control systems (ICS) security expert tells Senate committee.

misunderstood contracts disagreement argue blame

Has responsible disclosure won the debate?

The debate in the security community about disclosure shows no signs of abating. This article explores both sides of the argument and puts forward suggestions for organizations looking to improve their transparency and responsiveness...

abstract FinTech image of a dollar sign referencing digital transactions and potentially blockchain

Hackers exploit Jenkins servers, make $3 million by mining Monero

Hackers exploiting Jenkins servers made $3 million in one of the biggest malicious cryptocurrency mining operations ever.

north korea statue pyongyang

North Korea hacking group is expanding operations, researchers say

A group of hackers from North Korea (DPRK), recently connected to the usage of an Adobe Flash zero-day vulnerability (CVE-2018-4878), has expanded its operations in both scope and sophistication, FireEye says.

11 victims

The victim notification conundrum

Now is the time for the security ecosystem to take stronger action to identify and address compromised computers – sharing lists of known compromises and simply observing the problem is not enough

computer forensics

4 reasons forensics will remain a pillar of cybersecurity

When protection fails, forensics can still prevail.

businessman looking through binoculars future vision prediction

The future: it ain’t what it used to be

The problem with the future—as baseball legend Yogi Berra, the founders of the internet and any CISO or CTO can assure you—is that, increasingly, it ain’t what it used to be.

man asleep at desk

Becoming vulnerability agnostic

Don't let the constant barrage of vulnerability announcements play with your emotions and drive up your stress levels.

steal theft hacker crime laptop firewall

3 leaked NSA exploits work on all Windows versions since Windows 2000

The EternalSynergy, EternalRomance, and EternalChampion exploits have been reworked to work on all vulnerable Windows versions: Windows 2000 -- Server 2016.

cisco

Cisco VPN remote code execution flaw rated 10 out of 10 for severity

Cisco devices running Adaptive Security Appliance software have a remote code execution and denial of service bug. And it's as bad as it gets -- rated 10 out of 10 for severity.

Diablo III: Reaper of Souls

Hackers could have exploited flaw in all Blizzard games

Blizzard stopped talking with the Google security researcher who discovered the flaw and bungled the silently deployed patch to stop hackers from hijacking millions of PCs.

face off boxing battle man in the middle

Anatomy of a well-run red-team exercise

Red team exercises – and particularly “assume compromise” or “assume breach” exercises – generally provide the most insight into your blue-team’s readiness to face an attack.

Load More