Security news aggregator

Latest coverage for Vulnerability

Vulnerabilities are flaws attackers can exploit to access systems or data; timely patching, isolation, and least privilege reduce the impact.

35 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

A vulnerability is a weakness in a system’s design, code, configuration, or operating process that could allow an attacker to violate a security requirement. It may affect software, hardware, networks, cloud services, or exposed interfaces, and is not automatically exploitable: practical risk depends on factors such as exposure, required privileges, available attack paths, and existing controls. Outcomes can include unauthorized access, information disclosure, code execution, or disruption of service.

Effective vulnerability management combines accurate asset inventory with code review, security testing, scanning, and trusted vulnerability intelligence. Organizations should prioritize weaknesses affecting reachable, business-critical systems—especially when exploitation is known or requires little access—then patch or otherwise mitigate them and verify the fix. Where patching is delayed, controls such as disabling an exposed feature, restricting network access, or strengthening authentication can reduce the attack surface. Records should preserve affected versions, risk decisions, remediation owners, and validation results.

Showing 20 most recent headlines of 35 Filtered view
Bank Info Security 1 year, 10 months ago

Eliminating the Need for Stored Credentials in Healthcare

Authentication requiring stored credentials is not only vulnerable to phishing and other compromises, but using these credentials can also be cumbersome for busy clinicians, said Tina Srivastava, co-founder of Badge, a provider of deviceless, tokenless authentication technology.

Bank Info Security 1 year, 10 months ago

Remote Access Tool Sprawl Increases OT Risks

Over-Deployment of Tools Raises Security and Operational ConcernsExcessive deployment of remote access tools in operational technology environments expands attack surfaces and creates operational challenges, warn security researchers from Claroty. Remote access tools are essential, but they introduce numerous potential vulnerabilities that threat actors exploit.

Krebs on Security 1 year, 10 months ago

The Dark Nexus Between Harm Groups and ‘The Com’

A cyberattack that shut down some of the top casinos in Las Vegas last year quickly became one of the most riveting security stories of 2023: It was the first known case of native English-speaking hackers in the United States and Britain teaming up with ransomware gangs based in Russia. But that made-for-Hollywood narrative has eclipsed a far more hideous trend: Many of these young, Western cybercriminals are also members of fast-growing online groups that exist solely to bully, stalk, harass and extort vulnerable teens into physically harming themselves and others.

Bank Info Security 1 year, 10 months ago

Breach Roundup: Mexico in Hacker Spotlight

Also: Critical WHOIS Vulnerability Exposes Internet Security Flaw in .mobi DomainsThis week, cyberthreats rising in Mexico; FBI warned of BEC scams; U.K. police arrested hacking suspect; Avis, Slim CD, Medicare and Fortinet disclosed breaches; Highline public schools reopened after cyberattack; a critical flaw was found in WHOIS; and Konni upped attacks on Russia, South Korea.

What kind of OS can be hijacked by clicking a link at just the right time? Microsoft's In this week's Patch Tuesday Microsoft alerted users to, among other vulnerabilities, a flaw in Windows Installer that can be exploited by malware or a rogue user to gain SYSTEM-level privileges to hijack a PC.…

Trend Micro Research, News and Perspectives 1 year, 10 months ago

Protecting Against RCE Attacks Abusing WhatsUp Gold Vulnerabilities

In this blog entry, we provide an analysis of the recent remote code execution attacks related to Progress Software’s WhatsUp Gold that possibly abused the vulnerabilities CVE-2024-6670 and CVE-2024-6671.

Bank Info Security 1 year, 10 months ago

NoName Apparently Allies With RansomHub Operation

NoName Specializes in Long-Tail ExploitsUp-and-coming online criminal extortion group RansomHub appears to have a new affiliate - NoName, a midtier actor whose main claim to fame so far has been impersonating the LockBit ransomware-as-a-service operation. NoName is known for exploiting years-old vulnerabilities.

Bank Info Security 1 year, 10 months ago

Geopolitical Tensions Fuel Growth in Cross-Border Fraud

ACAMS' Shilpa Arora on Global Financial Vulnerabilities and Regulatory ChallengesGeopolitical tensions have heightened cross-border fraud, with criminals exploiting technological advances and regulatory gaps between countries. Shilpa Arora, head of anti-financial crime products at ACAMS, discusses ways banks can tackle cross-border fraud schemes.

Bank Info Security 1 year, 10 months ago

Bashing Windows Bugs, Take 2: Microsoft Restores Nixed Fixes

A Confused Update Process Reinstalled Old, Exploitable Windows 10 ComponentsMicrosoft has issued a slew of software updates to patch numerous flaws, including three zero-day vulnerabilities that are already being exploited via in-the-wild attacks. Another fix addresses a prior update that inadvertently reintroduced vulnerable components to Windows 10.

Loading more headlines...