vulnerabilitiesCritical vulnerability exploit in GoAnywhere MFT
Time to update Fortra GoAnywhere MFT: an exploit has been developed for a critical vulnerability that allows attackers to bypass authentication and create admin accounts.
vulnerabilities
190 articles
Hacking a train: a 37С3 talk
Ethical hackers told 37C3 how they found a few eye-openers while breaking DRM to fix trains.
iOSOperation Triangulation: talk on 37С3
Detailed analysis of Operation Triangulation, the most sophisticated attack our experts have ever seen, presented at 37C3 conference.
LogoFAIL attack: using image files to attack computers
A serious vulnerability in UEFI firmware relevant to a large number of modern computers, and even servers.
Hacking Android, macOS, iOS, and Linux through a Bluetooth vulnerability
A researcher has discovered a vulnerability in the Bluetooth protocol implementations for Android, macOS, iOS, and Linux, allowing devices to be hacked remotely.
Are Macs safe? Threats to macOS users
Are Macs as safe as their owners think they are? A few recent stories about malware targeting macOS users.
websitesWordPress security issues
Typical security issues of WordPress, and how they can be addressed to protect your website or online store from cybercriminals.
Randstorm: vulnerable crypto wallets from the 2010s
Bitcoin wallets created on online platforms between 2011 and 2015 may be insecure due to a vulnerability in the library for key generation.
Reptar: a vulnerability in Intel processors
How a recently discovered bug in Intel processors threatens cloud providers.
androidA pain-free guide to installing Android updates
A look at the pros and cons of updating Android — and ways to do it safely.
How “zero-clicks” work, and how to defend against them
We discuss what zero-click attacks are, why they’re dangerous, and how to protect your company from them.
strategyThe top-10 mistakes made when configuring enterprise IT systems
Mistakes commonly found in almost every large organization. What should the inforsec team look out for, and what protective measures should they take?
A good reason to update Confluence
It’s time to update Confluence Data Center and Confluence Server: they contain a serious vulnerability that allows unauthorized creation of administrator accounts.
CarsSpies on wheels: how carmakers collect and then resell information
What personal information do modern cars collect about you, and how can you avoid surveillance or hacking of your vehicle?
Microsoft getting to grips with drivers. Now it’s your turn!
We take a look at drivers: why we need them, the threats they pose, and how to keep your computer secure.
Security of Electron-based desktop applications
A few words on why desktop applications based on the Electron framework should be approached with caution.
Wrong system time and insecure Secure Time Seeding
Why the Windows system time can suddenly change, and how to stop it from happening.
What to patch first: prioritizing updates
Some thoughts on what PC software patches should be prioritized and why.
Zenbleed: new hardware vulnerability in AMD CPUs
Explaining an issue in popular PC and server CPUs in simple terms.
VPNHow to fix TunnelCrack VPN leaks
What caused a mass vulnerability in VPN clients, and how to keep them working.
CVE-2017-11882: five years of exploitation
It means that some companies still have not installed MS Office patches that were published 5 years ago.