Vulnerabilities

Vulnerabilities news, information, and how-to advice

11 victims

The victim notification conundrum

Now is the time for the security ecosystem to take stronger action to identify and address compromised computers – sharing lists of known compromises and simply observing the problem is not enough

computer forensics

4 reasons forensics will remain a pillar of cybersecurity

When protection fails, forensics can still prevail.

businessman looking through binoculars future vision prediction

The future: it ain’t what it used to be

The problem with the future—as baseball legend Yogi Berra, the founders of the internet and any CISO or CTO can assure you—is that, increasingly, it ain’t what it used to be.

man asleep at desk

Becoming vulnerability agnostic

Don't let the constant barrage of vulnerability announcements play with your emotions and drive up your stress levels.

steal theft hacker crime laptop firewall

3 leaked NSA exploits work on all Windows versions since Windows 2000

The EternalSynergy, EternalRomance, and EternalChampion exploits have been reworked to work on all vulnerable Windows versions: Windows 2000 -- Server 2016.

cisco

Cisco VPN remote code execution flaw rated 10 out of 10 for severity

Cisco devices running Adaptive Security Appliance software have a remote code execution and denial of service bug. And it's as bad as it gets -- rated 10 out of 10 for severity.

Diablo III: Reaper of Souls

Hackers could have exploited flaw in all Blizzard games

Blizzard stopped talking with the Google security researcher who discovered the flaw and bungled the silently deployed patch to stop hackers from hijacking millions of PCs.

face off boxing battle man in the middle

Anatomy of a well-run red-team exercise

Red team exercises – and particularly “assume compromise” or “assume breach” exercises – generally provide the most insight into your blue-team’s readiness to face an attack.

checklist project

Rating software security Consumer Reports-style

The Cyber Independent Testing Lab (CITL) is fuzzing binaries at scale and building a checklist of compile-time security best practices.

meltdown exploit logo

Intel’s chip vulnerabilities don’t bode well for the spread of ransomware

Traditionally, ransomware security was based on matching viruses to a database of known malware. AI offers a more dynamic approach.

meltdown spectre

Herding cats: lessons learned from the chaotic disclosure of the Meltdown and Spectre vulnerabilities

A good cyber communications plan can provide a roadmap through the complexities of a multi-player disclosure.

thinkstock 500773792 cpu processor

Spectre and Meltdown explained: What they are, how they work, what's at risk

Spectre and Meltdown are the names given to a trio of variations on a vulnerability that affects nearly every computer chip manufactured in the last 20 years. The flaws are so fundamental and widespread that security researchers are...

Broken window with band-aid patch

Meltdown and Spectre patches: Where to start and what to expect

You need to apply Meltdown and Spectre patches to pretty much everything in your enterprise. And you need to start now. We help you prioritize.

Malware virus

GPS tracking vulnerabilities leave millions of products at risk

It's an IoT nightmare. One that is entirely preventable. Two researchers have disclosed problems with hundreds of vulnerable GPS services using open APIs and trivial passwords (123456), resulting in a multitude of privacy issues...

Unlocked circuit board / security threat

What’s a known vulnerability?

A vulnerability is a vulnerability, whether known or not. The key difference between the two is the likelihood of an attacker to be aware of this vulnerability, and thus try to exploit it.

red team vs. blue team

How ready are you to stop an advanced attack?

How you perform in the face of well-run red team exercises is the closest you can come to knowing how you will deal with a real-world advanced attack.

wireless network - internet of things [IoT]

Salted Hash Ep 11: Dyn Inc. DDoS anniversary, and the truth about the Reaper botnet

For this week's episode of Salted Hash, we're joined by Josh Shaul, the vice president of web security at Akamai. He shares his story about his experiences during the Dyn Inc. DDoS attacks, and offers some details about the Reaper...

4 source code

Is source code inspection a security risk? Maybe not, experts say

Some information security insiders raised a red flag when Russian requests to review security software code became known. The controversy may be a tempest in a teapot.

17.3 omen by hp keyboard detail

Keylogger found in keyboard driver of 475 HP notebook models

A researcher found a keylogger, turned off by default, in the keyboard driver for hundreds of HP laptops. HP released updates to address the security vulnerability.

istock 479801072

3 advanced prevention technologies expected to grow in 2018

New advanced protection technologies will help organizations decrease the attack surface and simplify security operations.

Load More