Security news aggregator

Latest coverage for Vulnerability

Vulnerabilities are flaws attackers can exploit to access systems or data; timely patching, isolation, and least privilege reduce the impact.

25 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

A vulnerability is a weakness in a system’s design, code, configuration, or operating process that could allow an attacker to violate a security requirement. It may affect software, hardware, networks, cloud services, or exposed interfaces, and is not automatically exploitable: practical risk depends on factors such as exposure, required privileges, available attack paths, and existing controls. Outcomes can include unauthorized access, information disclosure, code execution, or disruption of service.

Effective vulnerability management combines accurate asset inventory with code review, security testing, scanning, and trusted vulnerability intelligence. Organizations should prioritize weaknesses affecting reachable, business-critical systems—especially when exploitation is known or requires little access—then patch or otherwise mitigate them and verify the fix. Where patching is delayed, controls such as disabling an exposed feature, restricting network access, or strengthening authentication can reduce the attack surface. Records should preserve affected versions, risk decisions, remediation owners, and validation results.

Showing 20 most recent headlines of 25 Filtered view
Bank Info Security 2 years, 1 month ago

ISMG Editors: Is SASE Living Up to the Hype in 2024?

Also: Apple Wi-Fi Vulnerabilities; Cyberattack on Ascension HospitalIn the latest weekly update, ISMG editors discussed the current state of Secure Access Service Edge solutions in 2024, vulnerabilities in Apple's Wi-Fi-based positioning system, and the patient safety questions arising after a cyberattack hit a U.S. hospital.

Bank Info Security 2 years, 1 month ago

RedTail Cryptomining Malware Exploits PAN-OS Vulnerability

Threat Actors Mirror the Tactics of North Korea's Lazarus GroupCryptomining malware that might be North Korean in origin is targeting edge devices, including a zero-day in Palo Alto Networks' custom operating system that the company hurriedly patched in April. It appears threat actors operate their own mining pools or pool proxies rather than using public ones.

Bank Info Security 2 years, 1 month ago

Internet-Exposed OT Devices at Risk Amid Israel-Hamas War

Cyberattack on Aliquippa Water Plant Highlights Vulnerabilities in OT SystemsThe onset of war between Israel and Hamas led to a spike in cyberattacks against operational technology, says Microsoft in a warning to critical infrastructure operators about the dangers of internet-exposed operational technology.

Agency Awards Contract for Additional Staffing to Cope With Massive Backlog of CVEsThe U.S. National Institute of Standards and Technology announced plans to resume processing new vulnerabilities for the National Vulnerability Database after funding cuts forced the agency to stop tracking common vulnerabilities and exposures in the critical repository.

Trend Micro Research, News and Perspectives 2 years, 1 month ago

Decoding Water Sigbin's Latest Obfuscation Tricks

Water Sigbin (aka the 8220 Gang) exploited the Oracle WebLogic vulnerabilities CVE-2017-3506 and CVE-2023-21839 to deploy a cryptocurrency miner using a PowerShell script. The threat actor also adopted new techniques to conceal its activities, making attacks harder to defend against.

Dark Reading 2 years, 1 month ago

Why CVEs Are an Incentives Problem

It's time to rethink the pivotal role incentives play in shaping behavior to find and disclose software vulnerabilities. More accurate guidance to reflect real-world risks and a tiered verification process to establish potential impact could slow misleading submissions.

Bank Info Security 2 years, 1 month ago

Surveillance Risk: Apple's Wi-Fi-Based Positioning System

Starlink Routers in Ukraine and Gaza Trackable via Apple WPS, Researchers WarnApple's Wi-Fi-based positioning system can be abused to track the live location of various types of devices around the globe, including Starlink routers in war zones, researchers warn. Until Apple puts in place more defenses, they say the system will continue to pose a "large-scale privacy threat."

Loading more headlines...