Vulnerabilities

Vulnerabilities | News, how-tos, features, reviews, and videos

Windows security and protection [Windows logo/locks]
CSO > IoT / Internet of Things, unencrypted/unsecured/vulnerable

many office desk phones

Popular Avaya enterprise VoIP phones are vulnerable to hacking

Attackers can use the vulnerability to gain complete control of the phone. It underscores the risks of using old open-source code in IoT devices.

compromised data / security breach / vulnerability

New Spectre-like CPU vulnerability bypasses existing defenses

The SWAPGS vulnerability can allow attackers to access contents of kernel memory addresses. Microsoft and Intel have coordinated on a mitigation.

zeroday software bug skull and crossbones security flaw exploited danger vulnerabilities by gwengoa

What is a zero day? A powerful but fragile weapon

A zero day is a security flaw that has not yet been patched by the vendor and can be exploited. These vulnerabilities fetch high prices on the black market

binary code matrix broken / breached / failed / hacked / security risk / threat / vulnerability

Critical VxWorks flaws expose millions of devices to hacking

Researchers have found 11 serious vulnerabilities in VxWorks, the world's most popular real-time operating system (RTOS) that powers over 2 billion devices including enterprise network firewalls and routers, industrial controllers and...

black hat / hacker entering a binary room through a keyhole

11 top DEF CON and Black Hat talks of all time

Hacker summer camp in Vegas is almost upon us again. Here are some of the best talks of all time. Will this year's talks measure up to these legends?

rambleed ram memory card hardware hack breach binary by 13threephotography getty

OpenSSH to protect keys in memory against side-channel attacks

The new OpenSSH patch makes it harder to execute attacks such as Spectre, Meltdown, Rowhammer and Rambleed.

rambleed ram memory card hardware hack breach binary by 13threephotography getty

Rowhammer variant RAMBleed allows attackers to steal secrets from RAM

Unlike Rowhammer, which only allows for data corruption, the newly discovered RAMBleed vulnerability provides a way to grab data such as encryption keys from memory.

Broken window with band-aid patch

Microsoft urges Windows customers to patch wormable RDP flaw

A newly found vulnerability allows remote exploits using the Remote Desktop Protocol to gain full access to systems with no authentication.

Intel CPU  >  security

The second Meltdown: New Intel CPU attacks leak secrets

Intel has done some mitigations for these vulnerabilities that can leak secrets from virtual machines, secure enclaves and kernel memory. Here's how the attacks work.

adding processor to circuit board computer hardware

New Intel firmware boot verification bypass enables low-level backdoors

By replacing a PC's SPI flash chip with one that contains rogue code, an attacker can can gain full, persistent access.

intro security vulnerability

Researchers warn of unpatched vulnerability in Oracle WebLogic Server

Detected scans suggest attacker are seeking vulnerable servers to target for attacks.

skull and crossbones in binary code

GandCrab attackers exploit recently patched Confluence vulnerability

If your company uses Confluence, make sure you have the latest available patches for this vulnerability.

cloud security data breach crime accessible

SoftNAS Cloud 0day found: Upgrade ASAP

SoftNAS Cloud users should upgrade immediately following a report by Digital Defense that the virtual cloud appliance is vulnerable to a session management security issue.

skull and crossbones in binary code

Elasticsearch clusters face attacks from multiple hacker groups

If you are running an older version of Elasticsearch, make sure you've patched its known vulnerabilities or consider upgrading.

5 password best practices unique passwords authentication

Password managers remain an important security tool despite new vulnerability report

Experts downplay discovery of a vulnerability that can expose passwords in a computer's memory. Hackers likely to take easier paths to stealing passwords.

man typing on laptop search internet web browswer

What is Shodan? The search engine for everything on the internet

Defenders find this simple tool valuable for finding vulnerable devices attached to the web that need to be secured.

1 intro security executive thinking woman face binary

12 things every IT security professional should know

Fighting the good fight takes specialized knowledge. Here's the baseline of what all security pros should know.

bucket with holes breach security vulnerability

Reevaluate "low-risk" PHP unserialization vulnerabilities, researcher says

Over nearly a decade, PHP unserialization vulnerabilities have become a popular route for cyber-criminals to plant remote code execution or deliver other malware into systems. But new research, introduced at Black Hat this month,...

Load More