Stop Putting Your Accounts At Risk, and Start Using a Password Manager
Image via Keeper Right Now, Get 30% Off Keeper, the Most Trusted Name in Password Management
Vulnerabilities are flaws attackers can exploit to access systems or data; timely patching, isolation, and least privilege reduce the impact.
Search across headline titles and summaries.
Background for this topic.
A vulnerability is a weakness in a system’s design, code, configuration, or operating process that could allow an attacker to violate a security requirement. It may affect software, hardware, networks, cloud services, or exposed interfaces, and is not automatically exploitable: practical risk depends on factors such as exposure, required privileges, available attack paths, and existing controls. Outcomes can include unauthorized access, information disclosure, code execution, or disruption of service.
Effective vulnerability management combines accurate asset inventory with code review, security testing, scanning, and trusted vulnerability intelligence. Organizations should prioritize weaknesses affecting reachable, business-critical systems—especially when exploitation is known or requires little access—then patch or otherwise mitigate them and verify the fix. Where patching is delayed, controls such as disabling an exposed feature, restricting network access, or strengthening authentication can reduce the attack surface. Records should preserve affected versions, risk decisions, remediation owners, and validation results.
Image via Keeper Right Now, Get 30% Off Keeper, the Most Trusted Name in Password Management
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added the recently disclosed Atlassian security flaw to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation
While attackers continue to rely on older, unpatched vulnerabilities, many are jumping on new vulnerabilities as soon as they are disclosed.
CISA has added a critical Confluence vulnerability tracked as CVE-2022-26138 to its list of bugs abused in the wild, a flaw that can provide remote attackers with hardcoded credentials following successful exploitation. [...]
The first half of the year saw more than 11,800 reported security vulnerabilities, but figuring out which ones to patch first remains a thankless job for IT teams.
Details have been shared about a security vulnerability in Dahua's Open Network Video Interface Forum (ONVIF) standard implementation, which, when exploited, can lead to seizing control of IP cameras. Tracked as CVE-2022-30563 (CVSS score: 7.4), the "vulnerability could be abused by attackers to compromise network cameras by sniffing a previous unencrypted ONVIF interaction and replaying the
A week after Atlassian rolled out patches to contain a critical flaw in its Questions For Confluence app for Confluence Server and Confluence Data Center, the shortcoming has now come under active exploitation in the wild
The LibreOffice suite has been updated to address several security vulnerabilities related to the execution of macros and the protection of passwords for web connections. [...]
The team behind LibreOffice has released security updates to fix three security flaws in the productivity software, one of which could be exploited to achieve arbitrary code execution on affected systems
Although Transport layer security (TLS) provides enhanced security, cybercriminals have become increasingly savvy, finding ways to circumvent many of these protections. Learn how malicious actors exploit vulnerabilities within TLS to introduce new forms of malware.
Ahead of their Black Hat USA talk in August, Simon Pavitt and Stephen Dewsnip explain the value of helping people practice cyber defense via a "malicious floorwalker" exercise.
Internet-connected MDM instances, each with an 'unrestricted number' of managed devices, were vulnerable FileWave has fixed a couple vulnerabilities in its endpoint management software that could allow a remote attacker to bypass authentication and take full control of the deployment and associated devices.…
Palo Alto Networks Unit 42 incident response team warns of patch speedups Palo Alto Networks' annual Unit 42 incident response report is out, warning of an ever-decreasing gap between vulnerability disclosures and an increase in cybercrime.…
Software vulnerabilities are a major threat to organizations today. The cost of these threats is significant, both financially and in terms of reputation.Vulnerability management and patching can easily get out of hand when the number of vulnerabilities in your organization is in the hundreds of thousands of vulnerabilities and tracked in inefficient ways, such as using Excel spreadsheets or
Insiders could become more vulnerable to cybercrime recruitment efforts, new report says.
System administrators have even less time to patch disclosed security vulnerabilities than previously thought, as a new report shows threat actors scanning for vulnerable endpoints within 15 minutes of a new CVE being publicly disclosed. [...]
Trying to remediate everything was never a winning strategy. RBVM is an approach that gets organizations better results with less effort.
FileWave's mobile device management (MDM) system has been found vulnerable to two critical security flaws that could be leveraged to carry out remote attacks and seize control of a fleet of devices connected to it
Malicious actors are exploiting a previously unknown security flaw in the open source PrestaShop e-commerce platform to inject malicious skimmer code designed to swipe sensitive information
Boffins find common code constructs that may be exploitable to achieve remote code execution Back in March, security researchers reported a critical command injection vulnerability in Parse Server, an open-source backend for Node.js environments.…