Vulnerabilities & Exploits

A review of the first half of 2018 shows a threat landscape that not only has constant and familiar features but also has morphing and uncharted facets: Ever-present threats steadily grew while emerging ones used stealth.

Users of the Apache Struts are urged to update to its latest version after security researchers uncovered a critical remote code execution (RCE) vulnerability in the web application development framework.

At DEF CON 2018, security researchers demonstrated how they were able to infiltrate networks by exploiting vulnerabilities in printers. Here's how managed detection and response can help address similar threats.

Security researchers uncovered vulnerabilities affecting the speculative execution feature of Intel CPUs, similar to Spectre and Meltdown. Here's what you need to know.

Researchers discovered a WordPress core vulnerability that can allow attackers to gain control of web sites and execute arbitrary code.

Four vulnerabilities, including two critical ones, in Phoenix Contact switches used in industrial systems automation could be exploited for attacks. Affected companies are strongly advised to apply patches immediately.

Researchers found seven vulnerabilities in Axis cameras can be used for cyberattacks if exploited. While only POCs have been shown, customers are strongly advised to patch their firmware immediately.

PyRoMineIoT malware infects systems with a Monero miner, spreads using RCE EternalRomance by removing or modifying accounts and passwords with privileged access, and scans for vulnerable Internet of Things devices for possible future attacks.

A vulnerability found in websites’ cache infrastructure and content delivery networks can be used to spread malware, and an API vulnerability in Mozilla Firefox can be used to have partial control via plug-ins for a DDoS attack.