Critical bug allows attacker to remotely control medical robot
CVSS 9.8 flaws are not what you want in a hospital robot
Patches12 Apr 2022 | 12
Vulnerability
Attackers exploit Spring4Shell flaw to let loose the Mirai botnet
Trend Micro says vulnerable systems in Singapore have been compromised
Security11 Apr 2022 | 3
Google Play pulls sneaky data-harvesting apps with 46m+ downloads
In brief Plus: Fox News learns to use database passwords, Autodesk patches high-severity bugs, and CISA says retire old D-Link routers
Security11 Apr 2022 | 13
Fintech platform flaw could have allowed bank transfers, exposed data
Fintech provider flaw could have hit dozens of U.S. banks, says Salt Security
Security07 Apr 2022 | 9
Patch now: RCE Spring4shell hits Java Spring framework
You didn't have any plans for the weekend anyway, did you?
Security31 Mar 2022 | 8
Zlib crash-an-app bug finally squashed, 17 years later
Patch actually released this time
Security30 Mar 2022 | 23
BROADER TOPICS
NARROWER TOPICS
Detailed: Critical hijacking bugs that took months to patch in Microsoft Azure Defender for IoT
SQL injection, race condition, bad cryptographic check pave way for infrastructure network takeovers
Security30 Mar 2022 | 4
Sophos fixes critical hijack flaw in firewall offering
Authentication bypass followed by remote-code execution at the network boundary
Security28 Mar 2022 |
Google Chrome, Microsoft Edge patched in race against exploitation
Another bug squashed in JavaScript engine
Security28 Mar 2022 | 5
F-Secure spins out new enterprise security business: WithSecure
CEO tells The Reg of new branding ahead of Finnish vendor's corporate split
Security24 Mar 2022 | 5
VMware fixes command injection, file upload flaws in Carbon Black security tool
Miscreants can exploit these to make a bad situation much worse
Security23 Mar 2022 |
Biden says Russia exploring revenge cyberattacks
Several hundred US orgs given classified briefings as critical infrastructure felt to be at risk
Security22 Mar 2022 | 68
Western Digital tells EdgeRover users to patch app again
Critical vulnerability may have allowed an attacker to escalate local privileges
Security21 Mar 2022 | 3
Russia-linked attackers breach NGO by exploiting MFA, PrintNightmare vuln
Patch flaws and enforce authentication policies, CISA and FBI warn
Security16 Mar 2022 | 3
Kubernetes container runtime CRI-O has make-me-root flaw
Cr8escape priv-escalation bug opens the door to cluster takeovers
Devops15 Mar 2022 | 1
Singapore uncovers four critical vulnerabilities in Riverbed software
Details emerge of the now-patched flaws
Security11 Mar 2022 | 1
Millions of APC Smart-UPS devices vulnerable to TLStorm
Critical vulns spotted in popular Schneider kit
Security09 Mar 2022 | 34
US govt: Here are another 15 security bugs under attack right now
Best plug HiveNightmare if you haven't already, unless you like new admins
Security11 Feb 2022 | 10
Open-source Kubernetes tool Argo CD has a high-severity path traversal flaw: Patch now
Craft Helm chart, receive secrets
Security04 Feb 2022 | 7
Sophos: Log4Shell would have been a catastrophe without the Y2K-esque mobilisation of engineers
Anti-malware biz weighs in on one of the worst security flaws of recent times
Security25 Jan 2022 | 19
'Now' would be the right time to patch Ubuntu container hosts and ditch 21.04 thanks to heap buffer overflow bug
Red Hat agrees
Security20 Jan 2022 | 13
Volunteer Dutch flaw finders bag $100k to forward national bug bounty goal
Huntress Labs tips some loose change into vuln-spotters' cup
Security13 Jan 2022 |
Info-saturated techie builds bug alert service that phones you to warn of new vulns
Or SMSes, if the idea of midnight robot calls worries you
Security12 Jan 2022 | 10
Open source isn't the security problem – misusing it is
Opinion Security is a process, not a product
Software12 Jan 2022 | 43
Make sure you're up-to-date with Sonicwall SMA 100 VPN box patches – security hole exploit info is now out
Nothing like topping off unauth'd remote code execution with a su password of ... password
Security11 Jan 2022 | 1
Belgian defence ministry admits attackers accessed its computer network by exploiting Log4j vulnerability
Perpetrators' ID unknown, however
Security21 Dec 2021 | 60
Log4j RCE latest: In case you hadn't noticed, this is Really Very Bad, exploited in the wild, needs urgent patching
Updated This might be the bug that deserves the website, logo and book deal
Security13 Dec 2021 | 36
Log4j RCE: Emergency patch issued to plug critical auth-free code execution hole in widely used logging utility
Updated Prepare to have a very busy weekend of mitigating and patching
Security10 Dec 2021 | 65
Netgear router flaws exploitable with authentication ... like the default creds on Netgear's website
Don't just install the patch, change your router passwords too
Security03 Dec 2021 | 17
Visiting a booby-trapped webpage could give attackers code execution privileges on HP network printers
Patches available for 150 affected products
Security30 Nov 2021 | 27
Zero-day proof-of-concept exploit lands for Windows make-me-admin vulnerability
InstallerFileTakeOver code pops up on GitHub
Security23 Nov 2021 | 9
Thousands of internet-connected databases contain high or critical CVEs, says report by cloud security biz
Put your data on someone else's computer to keep it safe, urges Imperva
Security14 Sep 2021 | 14
BrakTooth vulnerabilities put Bluetooth users at risk – and some devices are going unpatched
Qualcomm, Texas Instruments alleged to be leaving Bluetooth chips open to attack
Personal Tech01 Sep 2021 | 12
Jira Data Center user? Here's a critical Ehcache vulnerability to spoil your day
Update now – and maybe firewall the thing off while you're at it
Devops22 Jul 2021 |
Fortinet's security appliances hit by remote code execution vulnerability
Cure worse than the disease for anyone with the 'fgfmsd' daemon activated
Security20 Jul 2021 | 1
So nice of China to put all of its network zero-day vulns in one giant database no one will think to break into
We sum up Middle Kingdom's massive crackdown on bug reports
Security15 Jul 2021 | 29
Researchers warn of unpatched remote code execution flaws in Schneider Electric industrial gear
Updated ModiPwn attack gives full control over Modicon programmable logic controllers
Security13 Jul 2021 | 31
You've patched that critical Sage X3 ERP security hole, yeah? Not exposing the suite to the internet, either, yeah?
Details of flaws now public for miscreants to exploit
Security07 Jul 2021 | 1
Leaked print spooler exploit lets Windows users remotely execute code as system on your domain controller
Kill this service immediately
Security30 Jun 2021 | 54
KVM flaw on AMD servers gave malicious VMs a route to take over the host
Updated Vuln thankfully patched following Google Project Zero disclosure
Virtualization30 Jun 2021 |
‘What are the odds someone will find and exploit this?’ Nice one — you just released an insecure app
Feature Who’s to blame: devs or management? And how do we cure application vulnerability epidemic
Security25 Jun 2021 | 72
Boffins promise protection and perfect performance with new ZeRØ, No-FAT memory safety techniques
Fast, easy to implement, and knocks attacks like Spectre on the head – what's the catch?
Security23 Jun 2021 | 18
Zoll Defibrillator Dashboard would execute contents of random Excel files ordinary users could import
Medical device cybersecurity raises its head in CISA warning
Security15 Jun 2021 | 15
Intel's latest patch set plugs some serious holes in CPU, Bluetooth, server, and – ironically – security lines
Reports through Chipzilla's bug bounty scheme growing, but still in the minority
Security09 Jun 2021 | 5
What to do about open source vulnerabilities? Move fast, says Linux Foundation expert
QCon Plus The CIO does not decide how soon you need to respond. 'The person who decides is the attacker'
Security26 May 2021 | 41
NHS-backed org reacted to GitHub leak disclosure with legal threats and police call, complains IT pro
+Comment Retention of now-deleted security breach evidence sparks spat
Security14 May 2021 | 101
Compsci boffin publishes proof-of-concept code for 54-year-old zero-day in Universal Turing Machine
Patch your devi... oh, hang on a sec
Security11 May 2021 | 59
PSA: If you're still giving users admin rights, maybe try not doing that. Would've helped dampen 100+ Microsoft vulns last year – report
Limiting access is great though 'patching is the only permanent fix'
Security17 Mar 2021 | 71
This Netgear SOHO switch has 15 – count 'em! – vulns, which means you need to upgrade the firmware... now
One of them is a critical RCE bug
Security11 Mar 2021 | 23
Proof of concept code published for latest Saltstack CVE: Don't be an update laggard
Any user could become root, warns Immersive Labs researcher
Security03 Mar 2021 | 3
NurseryCam hacked, company shuts down IoT camera service
Updated Real names, usernames, and what appeared to be SHA-1 hashed passwords* exposed
Security22 Feb 2021 | 28
Just 2.6% of 2019's 18,000 tracked vulnerabilities were actively exploited in the wild
So says Kenna Security in a refreshing piece of counter-FUD analysis
Security18 Feb 2021 | 11
It's 2021 and you can hijack a Cisco SD-WAN deployment with malicious IP traffic and a buffer overflow. Patch now
And also fix up these other holes that can be exploited via HTTP requests, SQL injection, etc
Security22 Jan 2021 | 10
How good are you at scoring security vulnerabilities, really? Boffins seek infosec pros to take rating skill survey
Real-world CVSS figures are a little variable, or so these folks reckon
Security08 Jan 2021 | 10
VMware urges sysadmins to apply workarounds after critical Workspace command execution vuln found
If you've been pwned in the past, pay special attention to this one
Security24 Nov 2020 |
Why, yes, you can register an XSS attack as a UK company name. How do we know that? Someone actually did it
And the 'acceptable company name' charset is hardcoded... in legislation
Security30 Oct 2020 | 64
JavaScript-based address bar spoofing vulns patched in Safari, Yandex, Opera
Are you where you think you are, or are you where I want you to think you are?
Security24 Oct 2020 | 10
How much does Oracle love you? Thiiiis much: Latest patch bundle has 402 fixes
How many times do you want to read the CVSS rating 9.8 today?
Security21 Oct 2020 | 3
For Foxit's sake: Windows and Mac users alike urged to patch PhantomPDF over use-after-free vulns
CISA points spotlight at PDF reader 'n' creator suite
Security13 Oct 2020 | 14
Burning down the house! Consumer champ Which? probes smart plugs to find a bunch of insecure fire-risk tat
Yep, plugs. The things that pick up electrickery from the wall
Edge + IoT01 Oct 2020 | 70
It's been a vintage year for bug bounty hunters, says HackerOne as it boasts of $40m+ passing through its treasure chests
Big money, says CEO, but what would it cost not to find and fix these vulns?
Security22 Sep 2020 | 2
Shared memory vulnerability in IBM's Db2 database could let nefarious insiders wreak havoc – so get patching
Lack of protections around trace facility gives local users read and write access
Security21 Aug 2020 | 7
Biting the hand that feeds IT
