vulnerabilities Archives

Jen Easterly, Director of the Homeland Security Department’s Cybersecurity and Infrastructure Security Agency, arrives to testify before the House (Select) Strategic Competition Between the United States and the Chinese Communist Party Committee on Capitol Hill on January 31, 2024 in Washington, DC. (Photo by Kevin Dietsch/Getty Images)

CISA ransomware warning program has sent out more than 2,000 alerts

The program warns organizations running software or hardware with vulnerabilities that are being exploited by ransomware gangs.

Apr 24, 2024 By Christian Vasquez

Aisle with messy cables in a server room. (Getty Images)

Six-year old bug will likely live forever in Lenovo, Intel products

A report from Binarly finds that a silently patched bug in a popular web server will likely live on in several major end-of-life products.

Apr 11, 2024 By Christian Vasquez

A digitally generated image of yellow data server discs organized into circular pattern is seen against on beige background. (Andriy Onufriyenko via GettyImages)

Plan to resuscitate beleaguered vulnerability database draws criticism

The National Vulnerability Database has ceased some of its work, but some experts fear the formation of a consortium to address its problems lacks sufficient urgency.

Mar 28, 2024 By Tim Starks

A cosplayer dressed as the Star Wars character Darth Vader holds a mobile phone displaying a government alert issued to all smartphones to test a system used to warn of life-threatening emergencies at the Scarborough Sci-Fi Convention in Scarborough north-east England on April 23, 2023. (Photo by OLI SCARFF/AFP via Getty Images)

Spyware and zero-day exploits increasingly go hand-in-hand, researchers find

Researchers found 97 zero-days exploited in the wild in 2023; nearly two thirds of mobile and browser flaws were used by spyware firms.

Mar 27, 2024 By Tim Starks

Close up of woman’s hand typing on computer keyboard. (Getty Images)

Ivanti integrity checker tool needs latest update to work, Five Eyes alert warns

The software company pushed back on the joint advisory, which comes following multiple directives from CISA this year prodding agencies to patch against Ivanti exploits.

Feb 29, 2024 By Christian Vasquez

Glowing computer monitor in row of monitors. (Getty Images)

LogoFAIL vulnerabilities impact vast majority of devices

Nearly all commercially available computers are vulnerable to a flaw in the process used to display a logo upon start-up.

Dec 7, 2023 By Christian Vasquez

Aerial view southwest of new car and van import park storage by C RO ltd in Purfleet RM19 Essex UK

Dangerous vulnerability in fleet management software seemingly ignored by vendor

Researchers say Digital Communications Technologies has not addressed a bug impacting its Syrus4 IoT gateway, leaving open the possibility for vehicle fleets to be shut down.

Dec 6, 2023 By Christian Vasquez

Top 12 vulnerabilities list highlights troubling reality: many organizations still aren’t patching

The list includes well-known vulnerabilities impacting Fortinet's VPNs and Log4Shell that hackers still routinely exploit.

Aug 3, 2023 By Christian Vasquez

Amit Yoran, CEO of Tenable, testified about encryption policies at a House Energy and Commerce Subcommittee hearing on Capitol Hill on April 19, 2016. At the time, he was president of RSA Security. (SAUL LOEB/AFP via Getty Images)

Tenable CEO accuses Microsoft of negligence in addressing security flaw

Cybersecurity veteran Amit Yoran says Microsoft has a culture of toxic obfuscation when it comes to addressing security threats.

Aug 2, 2023 By Elias Groll AJ Vicens

A Microsoft sign is displayed on December 7, 2022 in New York City. (Photo by Leonardo Munoz/VIEWpress)

Three key unanswered questions about the Chinese breach of Microsoft cloud services

Repeated breaches of cloud computing services makes understanding a recent incident affecting Microsoft essential.

Jul 20, 2023 By Trey Herr