Vulnerabilities | News, how-tos, features, reviews, and videos
Black Hat conference attendees heard a post-mortem on the KeyTrap DNSSEC vulnerability, which could have widely impacted browsing, email, TLS, and other key web services.
Researchers find a way to access encrypted data in AMD EPYC data center chips using rogue memory modules.
The issue could allow threat actors to brute force MFA authentication codes for Outlook, Teams, and Azure access with 50% accuracy.
Bug bounty programs can be a big boon to software security and provide expanded vulnerability visibility, but they're not for all organizations and can come with risks.
Sichuan Silence and employee accused of exploiting firewall vulnerabilities in 2020.
The infosecurity world decamps to London this week, with research on vulnerabilities in AI systems at the fore of the latest edition of Black Hat Europe.
Vulnerabilities and misconfiguration in a huge number of public-facing websites allowed the attackers to gain access to sensitive customer data used in AWS services.
Researchers released a proof-of-concept exploit for a path traversal flaw in the enterprise VoIP suite that, coupled with an arbitrary file read issue, can give attackers access to protected files, among other possible attack paths.
The security flaw could allow threat actors to execute arbitrary code on unpatched Veeam Service Provider Console server machines.
While not production-ready malware, ‘Bootkitty’ provides a proof of concept for exploiting Linux systems at boot-up — widening the UEFI attack path beyond the Windows ecosystem.