Zero-day vulnerability
Zero-day vulnerability | News, how-tos, features, reviews, and videos
Microsoft mitigation for new Exchange Server zero-day exploits can be bypassed
No permanent fix for the Exchange Server vulnerabilities is yet available, but other steps can mitigate the risk.
Zero-day flaw in Atlassian Confluence exploited in the wild since May
Atlassian has issued emergency patches for the vulnerability, which could allow attackers to perform remote code execution.
Why more zero-day vulnerabilities are being found in the wild
With the number of zero-days spiking in the last 18 months, organizations need to increase their patching efforts. Software vendors can be more transparent, too.
The Apache Log4j vulnerabilities: A timeline
The Apache Log4j vulnerability has impacted organizations around the globe. Here is a timeline of the key events surrounding the Log4j exploit as they have unfolded.
How to detect Log4Shell exposure and exploitation
Software dependencies and third-party products make detecting Log4j exploits tough, but this advice and some specialized tools can help.
Second Log4j vulnerability carries denial-of-service threat, new patch available
The fallout from the Apache Log4j vulnerability continues as researchers discover a second exploit that could lead to denial-of-service attacks. A patch is available to fix the issue.
4 ways to properly mitigate the Log4j vulnerabilities (and 4 to skip)
A sure-fire way to prevent exploitation of Log4j vulnerabilities has yet to appear, but these actions are your best bet for reducing risk.
Apache Log4j vulnerability actively exploited, impacting millions of Java-based apps
The vulnerability affects not only Java-based applications and services that use the library directly, but also many other popular Java components and development frameworks that rely on it.
Chinese APT group IronHusky exploits zero-day Windows Server privilege escalation
The attackers used the exploit to deploy a new remote shell Trojan called MysterySnail.
Microsoft Exchange Emergency Mitigation: What admins need to know
The Emergency Mitigation service adds protections to Exchange Server in the wake of recent zero-day compromises.
How to mitigate the Microsoft Office zero-day attack
Follow this advice to block malicious Office files from doing harm to your network even if you've implemented Microsoft's recommended actions.
Spy groups hack into companies using zero-day flaw in Pulse Secure VPN
Known and unknown groups are using VPN vulnerabilities to circumvent authentication and establish backdoors.
Tech Primer
What it takes to become an information assurance analyst
This in-demand role calls for a rare combination of superior communication skills and security chops. Learn how one information assurance analyst landed his current job, the skills and training that helped him get there, and where his...
Tech Primer
Fraud prevention: Improving internal controls
Internal fraud controls aren't fire-and-forget. Smart collaboration and ongoing improvement will help keep fraud in check. Here are the basics.
Tech Primer
How to write an information security policy
Learn the critical first step, why consensus is key, what to cover and how make your information security policy — and program — effective.
Tech Primer
Red team versus blue team: How to run an effective simulation
Playing the role of an attacker can make your team better at defense. Learn how in our step-by-step guide to war gaming your security infrastructure — from involving the right people to weighing a hypothetical vs. live event.
Tech Primer
How to survive (and thrive) in the CISO hot seat
The CISO role is more varied and more pressure-filled than ever. CSO Online looks at how you can be successful in a post where security incidents and management feuds can cost you your job.
eBook