Vulnerabilities

Vulnerabilities | News, how-tos, features, reviews, and videos

Broken window with band-aid patch
Intel CPU  >  security

adding processor to circuit board computer hardware

New Intel firmware boot verification bypass enables low-level backdoors

By replacing a PC's SPI flash chip with one that contains rogue code, an attacker can can gain full, persistent access.

intro security vulnerability

Researchers warn of unpatched vulnerability in Oracle WebLogic Server

Detected scans suggest attacker are seeking vulnerable servers to target for attacks.

skull and crossbones in binary code

GandCrab attackers exploit recently patched Confluence vulnerability

If your company uses Confluence, make sure you have the latest available patches for this vulnerability.

cloud security data breach crime accessible

SoftNAS Cloud 0day found: Upgrade ASAP

SoftNAS Cloud users should upgrade immediately following a report by Digital Defense that the virtual cloud appliance is vulnerable to a session management security issue.

skull and crossbones in binary code

Elasticsearch clusters face attacks from multiple hacker groups

If you are running an older version of Elasticsearch, make sure you've patched its known vulnerabilities or consider upgrading.

5 password best practices unique passwords authentication

Password managers remain an important security tool despite new vulnerability report

Experts downplay discovery of a vulnerability that can expose passwords in a computer's memory. Hackers likely to take easier paths to stealing passwords.

man typing on laptop search internet web browswer

What is Shodan? The search engine for everything on the internet

Defenders find this simple tool valuable for finding vulnerable devices attached to the web that need to be secured.

1 intro security executive thinking woman face binary

12 things every IT security professional should know

Fighting the good fight takes specialized knowledge. Here's the baseline of what all security pros should know.

bucket with holes breach security vulnerability

Reevaluate "low-risk" PHP unserialization vulnerabilities, researcher says

Over nearly a decade, PHP unserialization vulnerabilities have become a popular route for cyber-criminals to plant remote code execution or deliver other malware into systems. But new research, introduced at Black Hat this month,...

credit cards

Hack mobile point-of-sale systems? Researchers count the ways

Security researchers uncovered widespread vulnerabilities in mobile point-of-sale readers offered by Square, SumUp, PayPal and iZettle.

cockroach bug binary2

Do you need a vulnerability disclosure program? The feds say yes

The FTC and DOJ are pushing companies to provide a means for good-faith security researchers to report bugs and put effective processes in place to act on those reports.

skull and crossbones in binary code

What is a zero-day exploit? A powerful but fragile weapon

A zero-day is a security flaw that has not yet been patched by the vendor and can be exploited. These vulnerabilities fetch high prices on the black market

security threats and vulnerabilities

How a vulnerability disclosure policy lets hackers help you

Does your company have a vulnerability disclosure policy (VPD)? And if not, what might it mean for your security?

thinkstock 500773792 cpu processor

Spectre and Meltdown explained: What they are, how they work, what's at risk

Spectre and Meltdown are the names given to a trio of variations on a vulnerability that affects nearly every computer chip manufactured in the last 20 years. The flaws are so fundamental and widespread that security researchers are...

Broken window with band-aid patch

Meltdown and Spectre patches: Where to start and what to expect

You need to apply Meltdown and Spectre patches to pretty much everything in your enterprise. And you need to start now. We help you prioritize.

Unlocked circuit board / security threat

What is vulnerability management? Processes and software for prioritizing threats

Organizations handle vulnerability management in various ways, from training and best-practice implementations to filtering out all but the most dangerous threats. Here's a look at some of today's more innovative solutions.

binary monitor tech digital moody hacker threat

How NSS Labs' CAWS finds and fixes network threats

The public instance of the CAWS Continuous Security Validation Platform from NSS Labs is a valuable tool for alerting IT teams about real threats with the ability to breach their defenses. But for networks with high security needs,...

22 heartbleed

What is the Heartbleed bug, how does it work and how was it fixed?

The mistake that caused the Heartbleed vulnerability can be traced to a single line of code in OpenSSL, an open source code library. Here's how Heartbleed works and how to fix it if you have an unpatched server.

Load More
Recommended for You