Boffins promise protection and perfect performance with new ZeRØ, No-FAT memory safety techniques
Fast, easy to implement, and knocks attacks like Spectre on the head – what's the catch?
Security23 Jun 2021 | 18
Vulnerability
Jump to articles tagged with Vulnerability.
Explore broader topics
Explore narrower topics
Articles tagged with Vulnerability
Zoll Defibrillator Dashboard would execute contents of random Excel files ordinary users could import
Medical device cybersecurity raises its head in CISA warning
Security15 Jun 2021 | 15
Intel's latest patch set plugs some serious holes in CPU, Bluetooth, server, and – ironically – security lines
Reports through Chipzilla's bug bounty scheme growing, but still in the minority
Security09 Jun 2021 | 5
What to do about open source vulnerabilities? Move fast, says Linux Foundation expert
QCon Plus The CIO does not decide how soon you need to respond. 'The person who decides is the attacker'
Security26 May 2021 | 41
NHS-backed org reacted to GitHub leak disclosure with legal threats and police call, complains IT pro
+Comment Retention of now-deleted security breach evidence sparks spat
Security14 May 2021 | 101
Compsci boffin publishes proof-of-concept code for 54-year-old zero-day in Universal Turing Machine
Patch your devi... oh, hang on a sec
Security11 May 2021 | 59
PSA: If you're still giving users admin rights, maybe try not doing that. Would've helped dampen 100+ Microsoft vulns last year – report
Limiting access is great though 'patching is the only permanent fix'
Security17 Mar 2021 | 71
This Netgear SOHO switch has 15 – count 'em! – vulns, which means you need to upgrade the firmware... now
One of them is a critical RCE bug
Security11 Mar 2021 | 23
Proof of concept code published for latest Saltstack CVE: Don't be an update laggard
Any user could become root, warns Immersive Labs researcher
Security03 Mar 2021 | 3
NurseryCam hacked, company shuts down IoT camera service
Updated Real names, usernames, and what appeared to be SHA-1 hashed passwords* exposed
Security22 Feb 2021 | 28
Just 2.6% of 2019's 18,000 tracked vulnerabilities were actively exploited in the wild
So says Kenna Security in a refreshing piece of counter-FUD analysis
Security18 Feb 2021 | 11
It's 2021 and you can hijack a Cisco SD-WAN deployment with malicious IP traffic and a buffer overflow. Patch now
And also fix up these other holes that can be exploited via HTTP requests, SQL injection, etc
Security22 Jan 2021 | 10
How good are you at scoring security vulnerabilities, really? Boffins seek infosec pros to take rating skill survey
Real-world CVSS figures are a little variable, or so these folks reckon
Security08 Jan 2021 | 10
VMware urges sysadmins to apply workarounds after critical Workspace command execution vuln found
If you've been pwned in the past, pay special attention to this one
Security24 Nov 2020 |
Why, yes, you can register an XSS attack as a UK company name. How do we know that? Someone actually did it
And the 'acceptable company name' charset is hardcoded... in legislation
Security30 Oct 2020 | 64
JavaScript-based address bar spoofing vulns patched in Safari, Yandex, Opera
Are you where you think you are, or are you where I want you to think you are?
Security24 Oct 2020 | 11
How much does Oracle love you? Thiiiis much: Latest patch bundle has 402 fixes
How many times do you want to read the CVSS rating 9.8 today?
Security21 Oct 2020 | 3
For Foxit's sake: Windows and Mac users alike urged to patch PhantomPDF over use-after-free vulns
CISA points spotlight at PDF reader 'n' creator suite
Security13 Oct 2020 | 14
Burning down the house! Consumer champ Which? probes smart plugs to find a bunch of insecure fire-risk tat
Yep, plugs. The things that pick up electrickery from the wall
Edge + IoT01 Oct 2020 | 70
It's been a vintage year for bug bounty hunters, says HackerOne as it boasts of $40m+ passing through its treasure chests
Big money, says CEO, but what would it cost not to find and fix these vulns?
Security22 Sep 2020 | 2
Shared memory vulnerability in IBM's Db2 database could let nefarious insiders wreak havoc – so get patching
Lack of protections around trace facility gives local users read and write access
Security21 Aug 2020 | 7
If you own one of these 45 Netgear devices, replace it: Kit maker won't patch vulnerable gear despite live proof-of-concept code
That's one way of speeding up the tech refresh cycle
Security30 Jul 2020 | 81
If you haven't potentially exposed 1000s of customers once again with networking vulns, step forward... Not so fast, Palo Alto Networks
Getting to be a real PAN in the OS
Security09 Jul 2020 | 6
Holy Guacamole! Researchers find Apache remote desktop software was silently pwnable for snooping on sessions
Best get updating pronto, folks
Security02 Jul 2020 | 5
Trend Micro pulls another app over security fears: This time, the Privacy Browser in the Dr Safety Android suite
Some bugs prove very persistant
Security12 Jun 2020 | 1
GitHub blasts code-scanning tool into all open-source projects
Rub-a-dub-dub, give your buggy code a scrub
Security06 May 2020 | 4
AsSalt-ed at the weekend: Miscreants roast Ghost, LineageOS totters as Salt bug bites
Ah oh, SaltStack's frightnin' (with apologies to Howlin' Wolf)
Security04 May 2020 | 2
That critical VMware vuln allowed anyone on your network to create new admin users, no creds needed
Reason behind murky CVSS 10 score revealed by Guardicore
Security17 Apr 2020 | 16
Wi-Fi of more than a billion PCs, phones, gadgets can be snooped on. But you're using HTTPS, SSH, VPNs... right?
Encryption keys forced to zero by chip-level KrØØk flaw
Security27 Feb 2020 | 50
Anatomy of OpenBSD's OpenSMTPD hijack hole: How a malicious sender address can lead to remote pwnage
Code dive Function accidentally returns OK instead of no-way
Security30 Jan 2020 | 43
As miscreants prey on thousands of vulnerable boxes, Citrix finally emits patches to fill in hijacking holes in Gateway and ADC
SD-WAN WANOP will have to wait a few days, though
Security20 Jan 2020 | 5
Hundreds of millions of Broadcom-based cable modems at risk of remote hijacking, eggheads fear
Updated It's got a name and logo so it's serious, you guys
Security10 Jan 2020 | 27
TikTok on the clock, and the hacking won't stop: SMS spoofing vuln let baddies twiddle teens' social media videos
Uploads, deletions, private-to-public switcharoos, all bad stuff
Security08 Jan 2020 | 4
New year, new critical Cisco patches to install – this time for a dirty dozen of bugs that can be exploited to sidestep auth, inject commands, etc
Data Center Network Manager bugapalooza with three must-fix flaws
Security03 Jan 2020 | 3
WhatsApp chaps rapped for crap app group chat zap: Infosec bods find a way to nuke messages, fix issued
Good news for Check Point; less so for blabbermouths with regrets
Security17 Dec 2019 | 24
Ever wonder how hackers could possibly pwn power plants? Here are 54 Siemens bugs that could explain things
Arbitrary code execution in a controller, what could go wrong?
Security13 Dec 2019 | 43
We're almost into the third decade of the 21st century and we're still grading security bugs out of 10 like kids. Why?
Disclosure Infosec veteran Marc Rogers on why we need a better system to rate vulnerabilities
Security07 Nov 2019 | 48
The NetCAT is out of the bag: Intel chipset exploited to sniff SSH passwords as they're typed over the network
Video Cunning data-snooping side-channel technique is tough to exploit, Chipzilla warns
Security10 Sep 2019 | 69
Not very Suprema: Biometric access biz bares 27 million records and plaintext admin creds
Updated Biostar 2 goes supernova after Israeli duo's probings
Security14 Aug 2019 | 64
Dodgy vids can hijack PCs via VLC security flaw, US, Germany warn. Software's makers not app-y with that claim
Updated 'Fake news!' dev team cries
Security23 Jul 2019 | 21
Millions of Windows Dell PCs need patching: Give-me-admin security gremlin found lurking in bundled support tool
Updated Can't spell SupportAssist without 'ass' and 'u' – other makers may be hit, too
Security20 Jun 2019 | 15
Another remote-code execution hole in top database engine SQLite: How it works, and why not to totally freak out
You know the drill: Patch and stop using C
Security10 May 2019 | 24
A patchy Apache a-patchin: HTTP server gets fix for worrying root access hole
Rogue 'worker' processes can sneak in with elevated privileges at startup
Security03 Apr 2019 | 10
Easy-to-hack combat systems, years-old flaws and a massive bill – yup, that's America's F-35
POGO says no-go on money-pit jet fighter
Software28 Mar 2019 | 87
Don't have a heart attack but your implanted defibrillator can be hacked over the air (by someone who really wants you dead)
US govt sounds alarm over wireless comms, caveats apply
Security22 Mar 2019 | 20
Sorry, Linux. We know you want to be popular, but cyber-crooks are all about Microsoft for now
Oh, and Flash! Arrrrrggghhh
Security19 Mar 2019 | 54
This headline is proudly brought to you by wired keyboards: Wireless Fujitsu model hacked
Updated If you have an LX901, you are at risk of mild embuggerance
Security18 Mar 2019 | 13
Yelp-for-MAGAs app maker is warned there are holes in its code. Does it A. Just fix the problem, or B. Threaten to call the FBI, too?
Or C. It's all a libtard plot?
Security12 Mar 2019 | 62
NX-OS-hit! Got Cisco Nexus and MDS 9000 switches? Then you've got patching to do, too
Oof. Crop of vulns include remote code execution as root
Security07 Mar 2019 | 1
Behold… a WinRAR security bug that's older than your child's favorite YouTuber. And yes, you should patch this hole
Bet all two of you who paid to activate your copy are feeling a little cheesed off at this 14-year-old undetected flaw
Security20 Feb 2019 | 23
Network kit biz Phoenix takes heat as flaws may leave industrial control system security in ashes
Oil, gas, maritime systems affected by latest bug findings
Security11 Feb 2019 | 1
At least Sony offered a t-shirt, says macOS flaw finder: Bug bounties now for Macs if you want this 0-day, Apple
Vid Cupertino's tight-wads called out by fella who found password, private key leak
OSes07 Feb 2019 | 41
Hi, Jack'd: A little PSA for anyone using this dating-hook-up app... Anyone can slurp your private, public snaps
Updated Vuln exposing intimate snaps left open for 'months' – you may want to delete your pics
Security05 Feb 2019 | 12
SD-WAN admin? Your number came up in Cisco's latest bug list
Webex, security, IoT systems also need patches
Security24 Jan 2019 | 3
This must be some kind of mistake. IT managers axed, CEO and others' wallets lightened in patient hack aftermath
Executives held to account? And three underlings thanked for their work? What is this madness?
Security14 Jan 2019 | 56
Intel's Software Guard caught asleep at its post: Patch out now for SGX give-me-admin hole
Chipzilla adds to Windows IT admins security update load
Security14 Jan 2019 | 2
Before you slink off to the pub, be sure to patch these 19 serious vulns in Juniper Networks kit
Happy New Year from the Gin Palace
Security10 Jan 2019 |
We're two weeks into 2019, and an email can potentially knacker your Cisco message box – plus other bugs to fix
Process data, crash, restart, process data, crash, restart...
Networks10 Jan 2019 | 4
Make a SAP decision: Apply these security fixes if you're using German giant's software
11 patches ship on Patch Tuesday
Security09 Jan 2019 | 6
In case you're not already sick of Spectre... Boffins demo Speculator tool for sniffing out data-leaking CPU holes
Analysis First proof-of-concept, SplitSpectre, requires fewer instructions in victim
Security07 Dec 2018 | 27
Create a news alert about Vulnerability, or find more stories about Vulnerability.
