Vulnerabilities

Vulnerabilities | News, how-tos, features, reviews, and videos

binary code matrix broken / breached / failed / hacked / security risk / threat / vulnerability

What is Metasploit? And how to use this popular hacking tool

Metasploit is a widely used penetration testing tool that makes hacking way easier than it used to be. It has become an indispensable tool for both red team and blue team.

cloud security data breach crime accessible

SoftNAS Cloud 0day found: Upgrade ASAP

SoftNAS Cloud users should upgrade immediately following a report by Digital Defense that the virtual cloud appliance is vulnerable to a session management security issue.

skull and crossbones in binary code

Elasticsearch clusters face attacks from multiple hacker groups

If you are running an older version of Elasticsearch, make sure you've patched its known vulnerabilities or consider upgrading.

5 password best practices unique passwords authentication

Password managers remain an important security tool despite new vulnerability report

Experts downplay discovery of a vulnerability that can expose passwords in a computer's memory. Hackers likely to take easier paths to stealing passwords.

alone at night along a dimly lit path / security / suspicious / threat / hacker

Meet the man-in-the-room attack: Hackers can invisibly eavesdrop on Bigscreen VR users

Flaws in Bigscreen could allow 'invisible Peeping Tom' hackers to eavesdrop on Bigscreen VR users, to discreetly deliver malware payloads, to completely control victims' computers and even to start a worm infection spreading through...

a hooded figure targets a coding vulnerability

Are zero-day exploits the new norm?

Research from Microsoft's Matt Miller shows that every actively exploited Windows vulnerability in 2017 was first done using a zero-day attack. Other research shows this trend extends across the IT landscape.

A hooded man in a halloween mask raises a finger to his lips to encourage silence.

North Korean hackers target Russian-based companies

The North Korean Lazarus APT group is going after the Russians. Russian hackers, however, needed less than 20 minutes in 2018 to completely pwn an organization.

step four bullseye target process path direction arrow

10 essential steps to improve your security posture

A strong security posture takes more than having the right defenses in place, you also need to establish solid plans to ensure you react to any breach in the right way.

man sitting on chair on dirt road tornado overwhelmed overworked stressed disruption disaster recov

Disastrous cyber attack on email provider wipes US servers and backups

A cyber attack on email provider VFEmail caused “catastrophic destruction,” with hackers wiping the servers and backups.

xiaomi m365 scooter

Popular electric scooters can be remotely hacked

Researchers warned that Xiaomi M365 scooters can be remotely hacked from 100 meters away to slam on the brakes or to accelerate.

Android robot and gears emerging from isometric mobile phone screen

Android phones can be hacked remotely by viewing malicious PNG image

Android users are being told to patch their Android OS Nougat (7.0), Oreo (8.0) and Pie (9.0) as soon as updates are available after a bug related to PNG images was found.

fight shadow

Vendor allegedly assaults security researcher who disclosed massive vulnerability

A security researcher alleges the COO of Atrient assaulted and threatened him after disclosing a massive vulnerability in an Atrient product.

Security flaws in baby cam monitors

Hijacked Nest devices highlight the insecurity of the IoT

Internet of Things (IoT) devices, such as Nest cameras and thermostats, continue to be hacked. To prevent that, follow smart password practices and turn on 2FA.

mojave group facetime

Apple disables Group FaceTime after eavesdropping bug discovered

A bug in Apple's Group FaceTime made eavesdropping easy. A patch is expected this week.

data privacy ts

Privacy groups blast Google, IAB over data leak via ad auctions

New evidence to an ongoing GDPR complaint shows how ad categories used by Google and the Internet Advertising Bureau (IAB) profile you and apply potentially sensitive labels to you.

data breach leak security binary code network

Millions of financial records leaked from server not protected by password

Another day, another massive leak blamed on failing to password-protect a server. This time it's sensitive financial data in an Elasticsearch database.

ermergency reponse siren

Data from smartwatch provided ‘key evidence’ against hitman

Police used data from a Garmin GPS watch to help get a man convicted for killing a crime boss known as Mr. Big.

facial recognition - biometric security identification

Police can't force you to unlock your phone with face, finger or any biometrics

A judge in California ruled that law enforcement officials can’t force people to unlock their smartphones with a finger or thumbprint, facial recognition, or even an iris.

location

Wireless carriers still selling Americans’ real-time location data

Wireless carriers didn't keep their promises, as American's real-time location data is still being sold by third parties and shady folks.

01 underattack

Ethereum Classic cryptocurrency suspended after attackers steal nearly $1.1M

Coinbase de-listed Ethereum Classic (ETC) cryptocurrency after double spends of nearly $1.1 million were detected.

Load More