vulnerability

Patch management vs vulnerability management
Plasters over a hard disc drive to symbolise patch management
enterprise security

Patch management vs vulnerability management

What exactly is patch management, and why should IT pros sit up and take notice of doing it properly?
14 Sep 2021
Apple patches zero-day flaw abused by infamous NSO exploit
A close-up of the Apple iPhone 12 mini's notch
exploits

Apple patches zero-day flaw abused by infamous NSO exploit

The ForcedEntry flaw affects all Apple devices and allows hackers to compromise systems without any user interaction
14 Sep 2021
Weekly threat roundup: Atlassian, Microsoft Office, Zoho ManageEngine
Graphic showing a red unlocked padlock surrounded by blue locked padlocks
vulnerability

Weekly threat roundup: Atlassian, Microsoft Office, Zoho ManageEngine

Pulling together the most dangerous and pressing flaws that businesses need to patch
9 Sep 2021
Azure Container Instances users urged to ​​revoke privileged credentials after flaw discovery
A Microsoft Azure web page
Microsoft Azure

Azure Container Instances users urged to ​​revoke privileged credentials after flaw discovery

Microsoft says action needed "out of an abundance of caution" rather than as a response to a specific threat
9 Sep 2021
Hackers exploit Windows zero-day to target users with Office files
The Microsoft Word software on a computer screen
vulnerability

Hackers exploit Windows zero-day to target users with Office files

This ‘reliable and dangerous’ flaw is being abused to launch remote code execution attacks against specific targets
8 Sep 2021
Network-wide security flaw discovered in NPM package
Programming code abstract on a reflective background
vulnerability

Network-wide security flaw discovered in NPM package

“Pac-resolver” vulnerability could lead to remote code execution
7 Sep 2021
US officials warn of “mass exploitation” of Atlassian Confluence flaw
The Atlassian logo on the website seen through a magnifying glass
hacking

US officials warn of “mass exploitation” of Atlassian Confluence flaw

Hackers can exploit the workplace collaboration platform to execute arbitrary code remotely
6 Sep 2021
Google reveals five high-risk flaws in Chrome browser
Chrome thumbnail on a computer screen
vulnerability

Google reveals five high-risk flaws in Chrome browser

Updated Chrome 93 fixes these serious vulnerabilities
3 Sep 2021
Weekly threat roundup: Exchange Server, AMD CPUs, Azure Cosmos DB
Graphic showing a red unlocked padlock surrounded by blue locked padlocks
vulnerability

Weekly threat roundup: Exchange Server, AMD CPUs, Azure Cosmos DB

Pulling together the most dangerous and pressing flaws that businesses need to patch
2 Sep 2021
AMD Zen+, Zen 2 vulnerable to Meltdown-style attacks
AMD Epyc CPU
data processing

AMD Zen+, Zen 2 vulnerable to Meltdown-style attacks

Researchers find AMD CPUs can be manipulated just like Intel ones
31 Aug 2021
Microsoft Exchange Server flaw lets attackers misconfigure mailboxes
A laptop on a table with the Microsoft Exchange logo displayed
vulnerability

Microsoft Exchange Server flaw lets attackers misconfigure mailboxes

Microsoft has patched the ProxyToken vulnerability before any evidence of exploitation has emerged
31 Aug 2021
Critical flaw in IoT camera system could lead to remote takeover
Security cameras on the side of a building
vulnerability

Critical flaw in IoT camera system could lead to remote takeover

Network video recorder vulnerability could allow hackers to steal sensitive video recordings
27 Aug 2021
Microsoft Azure flaw exposed 'thousands' of customer databases
the Microsoft Azure website under a magnifying glass
vulnerability

Microsoft Azure flaw exposed 'thousands' of customer databases

Security research Wiz describes Cosmos flaw as "the worst cloud vulnerability you can imagine"
27 Aug 2021
29 vulnerabilities fixed in multiple F5 products
F5 sign on a white building
vulnerability

29 vulnerabilities fixed in multiple F5 products

One flaw scored 9.9 on CVSS scale, CISA issues warning
26 Aug 2021
Weekly threat roundup: Ethereum, Razer mice, Cisco
Graphic showing a red unlocked padlock surrounded by blue locked padlocks
vulnerability

Weekly threat roundup: Ethereum, Razer mice, Cisco

Pulling together the most dangerous and pressing flaws that businesses need to patch
26 Aug 2021
Hackers target outdated versions of Linux in the cloud
Linux on a blue background with a circuit-board-like graphic
Linux

Hackers target outdated versions of Linux in the cloud

Coinminers, web shells and ransomware, top malware aiming at Linux, report finds
23 Aug 2021
Critical infrastructure vulnerabilities increased by 41% in first half of 2021
A hacker wearing black gloves using a laptop keyboard
vulnerability

Critical infrastructure vulnerabilities increased by 41% in first half of 2021

Vulnerability reports are growing in severity too
19 Aug 2021
Weekly threat roundup: Blackberry QNX, Cisco VPNs, Fortinet firewalls
Graphic showing a red unlocked padlock surrounded by blue locked padlocks
vulnerability

Weekly threat roundup: Blackberry QNX, Cisco VPNs, Fortinet firewalls

Pulling together the most dangerous and pressing flaws that businesses need to patch
19 Aug 2021
Fortinet firewall flaw could allow hackers to take over a device
Fortinet sign on a grey building
vulnerability

Fortinet firewall flaw could allow hackers to take over a device

Unpatched vulnerability in security system could allow execution of arbitrary commands
18 Aug 2021
Blackberry 'reluctantly' admits to QNX flaw
BlackBerry QNX headquarters in Kanata, Canada
vulnerability

Blackberry 'reluctantly' admits to QNX flaw

The vulnerability, known as BadAlloc, impacts pre-2012 versions of BlackBerry’s flagship operating system
18 Aug 2021
StackHawk announces native dynamic application and API security testing for GitHub
GitHub office with GitHub logo over top
cyber security

StackHawk announces native dynamic application and API security testing for GitHub

StackHawk’s DAST solution spots vulnerabilities within developers' GitHub projects
13 Aug 2021
Hackers lift $610m in cryptocurrency from Poly Network
Physical manifestation of Ether cryptocurrency buried in gravel
cryptocurrencies

Hackers lift $610m in cryptocurrency from Poly Network

The company has pleaded with the hackers to return the stolen tokens
11 Aug 2021
What's behind the explosion in zero-day exploits?
A figure in a hooded jumper against a red and blue background
zero-day exploit

What's behind the explosion in zero-day exploits?

Projections show the industry will detect almost three times as many exploits in 2021 as were found last year
3 Aug 2021
PwnedPiper flaws threaten infrastructure of 80% of US hospitals
female nurse looking after a male patient in bed
Security

PwnedPiper flaws threaten infrastructure of 80% of US hospitals

Pneumatic tube systems could be hacked, putting patients at risk
2 Aug 2021