Vulnerabilities

Vulnerabilities news, information, and how-to advice

amdryzen
pepper robot

Dept of Homeland Security, IoT
By

Homeland Security's IT security continues to fall short

Another year, another audit, another set of failings when it comes to the Department of Homeland Security’s IT systems.

industrial refinery energy plant oil gas

Insecure by design: What you need to know about defending critical infrastructure

Patching is useless most of the time, industrial control systems (ICS) security expert tells Senate committee.

misunderstood contracts disagreement argue blame

Has responsible disclosure won the debate?

The debate in the security community about disclosure shows no signs of abating. This article explores both sides of the argument and puts forward suggestions for organizations looking to improve their transparency and responsiveness...

abstract FinTech image of a dollar sign referencing digital transactions and potentially blockchain
By

Hackers exploit Jenkins servers, make $3 million by mining Monero

Hackers exploiting Jenkins servers made $3 million in one of the biggest malicious cryptocurrency mining operations ever.

north korea statue pyongyang

North Korea hacking group is expanding operations, researchers say

A group of hackers from North Korea (DPRK), recently connected to the usage of an Adobe Flash zero-day vulnerability (CVE-2018-4878), has expanded its operations in both scope and sophistication, FireEye says.

11 victims

The victim notification conundrum

Now is the time for the security ecosystem to take stronger action to identify and address compromised computers – sharing lists of known compromises and simply observing the problem is not enough

computer forensics

4 reasons forensics will remain a pillar of cybersecurity

When protection fails, forensics can still prevail.

businessman looking through binoculars future vision prediction

The future: it ain’t what it used to be

The problem with the future—as baseball legend Yogi Berra, the founders of the internet and any CISO or CTO can assure you—is that, increasingly, it ain’t what it used to be.

man asleep at desk

Becoming vulnerability agnostic

Don't let the constant barrage of vulnerability announcements play with your emotions and drive up your stress levels.

steal theft hacker crime laptop firewall
By

3 leaked NSA exploits work on all Windows versions since Windows 2000

The EternalSynergy, EternalRomance, and EternalChampion exploits have been reworked to work on all vulnerable Windows versions: Windows 2000 -- Server 2016.

cisco
By

Cisco VPN remote code execution flaw rated 10 out of 10 for severity

Cisco devices running Adaptive Security Appliance software have a remote code execution and denial of service bug. And it's as bad as it gets -- rated 10 out of 10 for severity.

Diablo III: Reaper of Souls
By

Hackers could have exploited flaw in all Blizzard games

Blizzard stopped talking with the Google security researcher who discovered the flaw and bungled the silently deployed patch to stop hackers from hijacking millions of PCs.

face off boxing battle man in the middle

Anatomy of a well-run red-team exercise

Red team exercises – and particularly “assume compromise” or “assume breach” exercises – generally provide the most insight into your blue-team’s readiness to face an attack.

checklist project

Rating software security Consumer Reports-style

The Cyber Independent Testing Lab (CITL) is fuzzing binaries at scale and building a checklist of compile-time security best practices.

meltdown exploit logo

Intel’s chip vulnerabilities don’t bode well for the spread of ransomware

Traditionally, ransomware security was based on matching viruses to a database of known malware. AI offers a more dynamic approach.

meltdown spectre

Herding cats: lessons learned from the chaotic disclosure of the Meltdown and Spectre vulnerabilities

A good cyber communications plan can provide a roadmap through the complexities of a multi-player disclosure.

thinkstock 500773792 cpu processor

Spectre and Meltdown explained: What they are, how they work, what's at risk

Spectre and Meltdown are the names given to a trio of variations on a vulnerability that affects nearly every computer chip manufactured in the last 20 years. The flaws are so fundamental and widespread that security researchers are...

plastic soldiers

Open source software security challenges persist, but the risk can be managed

Using open source components saves developers time and companies money. In other words, it's here to stay. Here's a look at what it will take to improve open source security.

Load More