In computer security, a vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness. In this frame, vulnerability is also known as the attack surface.
All stories in Vulnerability (computing)
-
Ford and VW's top selling cars can be hacked
A British consumer magazine is accusing Ford and Volkswagen of being careless with the digital security of their cars' connected ...
-
The Pixel 4 can now require your eyes to be open for face unlock to work
The Pixel 4's face unlock mostly works great, but it might work a little too well. Since launch, the phone's biometric security ...
-
Zoom is a godforsaken mess — but it can be fixed
Two years ago, after Facebook's Cambridge Analytica scandal came to the fore, there was a new story of the social network's ...
-
Coronavirus hype leads New York's top lawyer to probe Zoom over security
Zoom so far says its school services are in line with federal laws, but let's see if that tune changes with New York's top ...
-
An open Windows vulnerability lets attackers install malware through documents
Last night, Microsoft noted there's an unpatched bug in Windows that might allow attackers to install malware or ransomware ...
-
Mobile voting is far from perfect, but it's better than what we have now
The United States need to everything in their power to increase voter turnout, and that means embracing new technologies ...
-
Baby monitor exploit allowed hackers to creep on your toddlers
You might want to hold off copping iBaby's M6S baby monitor — unless you're fine with unknowingly streaming your toddler ...
-
Hackers submitted a record number of bug reports to the Pentagon in 2019
The Pentagon unveiled that last year it received more vulnerability disclosure reports from ethical hackers than ever — ...
-
Shocker: There’s another smart camera hackers can use to spy on you
Researchers have found gaping security holes in yet another smart camera, with the vulnerabilities practically turning the ...
-
Indian income tax agency patched a security flaw that would've allowed hackers to take over its site
India's income tax department patched a bug on its website last week, that allowed attackers to gain control of the site. ...
-
Phillips smart bulbs could compromise your Wi-Fi network
You're going to want to update your Philips Hue firmware ASAP. Trust us, you don't want anyone trying to hack your network ...
-
Microsoft is offering up to $20,000 to researchers who find bugs in Xbox
Microsoft is handing out up to $20,000 to security researchers who can unearth vulnerabilities in Xbox. The Windows-maker announced it's launching a bounty program specifically for its gaming console. To be eligible for a reward, researchers must identify a flaw in the Xbox Live ...
-
Google found vulnerabilities in Apple’s Safari that allowed user tracking
In December, Apple fixed multiple bugs found in its Safari browser that allowed third-party websites to track users' browsing habits. According to a paper published by Google's security team, the company notified Apple of various flaws in its anti-tracking technology, Intelligent ...
-
How to implement a ‘threat model’ to beef up your organization’s security
A threat model is the most effective way to take stock of your company’s security and make sure it’s continuously up-to-date. ...
-
5 cybersecurity trends that will dominate 2020, according to experts
Just about everyone agrees cybersecurity will be paramount in 2020, and governments and regulatory bodies are already taking ...
-
Jeopardy! adds Bitcoin ransomware to its GOAT tournament
Jeopardy! loves cryptocurrency. The show has once-again featured Bitcoin as an answer to a question, but this time, it had ...
-
Fixing employee access should be your top security priority in 2020
Where previously, many have perceived hackers as technical threats, today many in the industry are instead looking at human ...
-
Hackers steal $480,000 worth of NULS cryptocurrency from its dev team
Those pesky cryptocurrency hackers are back at it again. This time, they've forced a blockchain to 'hard fork' their network ...
-
Hackers can jack ShapeShift's crypto wallets in 15 minutes, Kraken warns
ShapeShift's KeepKey cryptocurrency wallet is reportedly vulnerable to a 'voltage glitching,' which could see hackers steal ...
-
Hackers mass-scan for Docker vulnerability to mine Monero cryptocurrency
A hacking group is performing a internet scan in search of vulnerable ports on systems using Docker to inject Monero cryptocurrency ...
-
Popular Android apps are shipping with outdated bug-ridden software
Researchers have found that several popular Android apps, including Facebook, Instagram and WeChat, come with outdated software ...
-
Mozilla’s report shows just how awful Ring’s privacy practices are
When the first internet-connected devices hit the market, they were rare enough that you could seriously consider whether ...
-
Bugs in Qualcomm chips leaked private data from Samsung and LG phones
Researchers have disclosed a set of vulnerabilites affecting Qualcomm chipsets that could allow a potential attacker to steal ...
-
GitHub launches Security Lab to spot vulnerabilities in open-source code
GitHub brings together security researchers, maintainers, and companies to officially launch a new Security Lab with an aim ...
-
A laser pointer can trick your smart devices into opening your doors, starting your car
A thief lies in wait across the street, hiding in the bushes and waiting for the lights of your television to go dark. Once ...
-
Vulnerability in Asus Wi-Fi software put users at risk of fraud and robbery
A data leak in Asus Wi-Fi software made it possible for hackers to sniff your data and hijack your smart home devices, including ...
-
Hackers are now selling 'Raccoon' data-stealing malware as a $200 monthly service
A new kind of trojan malware is fast gaining currency among cybercriminals for its capability to steal sensitive information, ...
-
Google's Titan Security Keys can be hijacked remotely, replace yours now
Google is recalling Bluetooth versions of its Titan Security Key after it found a vulnerability that allows attackers in ...
-
GitHub acquires Semmle to help developers spot security vulnerabilities
Software hosting service GitHub has acquired Semmle, a code analysis platform that helps developers discover security vulnerabilities ...
-
Apple patches zero-day ransomware flaw in Windows version of iTunes
Apple has patched a zero-day flaw in iTunes app for Windows that allowed hackers to evade detection and install BitPaymer ...
-
WhatsApp bug allowed hackers to steal files and messages with GIFs
A vulnerability in WhatsApp made it possible for attackers to gain access to your files nad messages by tricking you to open ...
-
Zero-day exploits: 14 things to remember when an issue is discovered
Zero-day exploits can be detrimental to businesses. However, depending on how you handle an incident when it occurs, you ...
-
Microsoft issues emergency Windows patch to address Internet Explorer zero-day flaw
Microsoft has issued an emergency out-of-band security update to address two critical vulnerabilities impacting Internet ...
-
Zcash network urged to update nodes immediately to push 'important security fix'
If you're running a Zcash node, you had better go download the latest software and update right now to avoid exposing the ...
-
Meet Panda, an illicit cryptocurrency mining crew terrorizing organizations worldwide
Panda isn't very sophisticated, but it is absolutely prolific: researchers say the crew could've earned roughly $90,000 in ...
-
LastPass fixes flaw that leaked your previously used credentials
Popular password manager LastPass has fixed a serious flaw in its latest update that could allow a malicious website to access ...
-
Pirated textbooks & essays are full of malware
But if you're broke, what other choice do you have?
-
Ex-Amazon employee who hacked Capital One bank used its servers to mine cryptocurrency
The ex-Amazon employee thought to be behind the recent breach of Capital One bank appears to have also used the infected ...
-
iOS 12.4 makes it possible to jailbreak your iPhone again (Update: Fixed)
Apple's most recent iOS update — 12.4 — has reopened a vulnerability that was previously patched, making it easy to ...
-
Apple will soon treat online web tracking the same as a security vulnerability
Apple ups its privacy batte with a new "WebKit Tracking Prevention Policy" that aims to prevent all forms covert tracking ...
-
Researcher discloses second Steam zero-day exploit after being shut out of bug bounty program (Update: fixed in beta channel)
A second zero-day vulnerability has been publicly disclosed in Steam gaming client by security researcher Vasily Kravets ...
-
Kink in porn site exposes the personal data of over 1M users
A kink in adult site Luscious, which focuses on pornographic images and animations, allowed hackers to access the personal ...
-
AI won't automate cybersecurity — but it'll improve the solutions we already have
Cybersecurity, a huge industry worth over $100 billion, is regularly subject to buzzwords. Cybersecurity companies often ...
-
PSA: Update your Windows machine now to fix 29 Critical security vulnerabilities
Microsoft has patched four serious vulnerabilities that could allow a malicious actor to remotely take control of Windows ...
-
Researchers hacked a Canon DSLR with ransomware demanding Bitcoin
Bitcoin demanding ransomware knows no bounds, and the latest potential victim? DSLR cameras. Researchers managed to exploit ...
-
Microsoft: Russian government hackers are targeting IoT devices
Microsoft today warned that Russian government hackers have been using video decoders, printers, and internet of things devices ...
-
Google researchers disclose ‘interactionless’ iOS exploits valued at $5M
A duo of Google researchers have disclosed several "interactionless" vulnerabilities in iOS that allowed hackers to hijack ...
-
Android vulnerability lets hackers hijack your phone with malicious videos
A vulnerability in Android ( found in versions between 7.0 and 9.0) enables hackers to hijack your phone by tricking you ...
-
Vicious malware threatens to turn search engine into crypto-mining zombie botnet
A strain of malware is targeting enterprise search engine Elasticsearch, forcing vulnerable servers to join a botnet of 'zombies.' ...
-
Equifax to pay $700m for breach that exposed 147 million Americans' data
Almost two years after a major data breach hit Equifax, the company has finally agreed to a global settlement with the US ...
-
PSA: Update WhatsApp now to prevent spyware from being installed on your phone
WhatsApp has patched a critical security vulnerability that allowed attackers to secretly infect phones with malicious spyware ...
-
Zoom's scary webcam flaw also affects RingCentral and Zhumu (Updated)
Zoom may have jumped in to fix its video-on webcam vulnerability, but other conferencing apps like RingCentral and Zhumu ...
-
Researchers find worrying security vulnerability in GE Healthcare anesthesia machines
Our health – and yes, our lives – are in the hands of researchers and vendors.
-
Monero security flaw could've seen XMR stolen from cryptocurrency exchanges
Monero devs have disclosed nine security vulnerabilities over the past two days - and some could have been outright devastating. ...
-
Dell patches vulnerability that put millions of PCs at risk — Update yours now
Dell released a security advisory urging consumers to update their laptops and PCs to patch a security vulnerability the ...
-
Mozilla fixes second Firefox zero-day bug used in Coinbase hack attempts
This is the second 'zero-day' exploit patched by Mozilla in a week week, as reports indicate spearphishers have been targeting ...
-
Netflix fixes potentially devastating Linux SACK vulnerability
Please mind the SACK
-
Blockchain startup hacked itself to 'save' $13M of its users’ cryptocurrency
Komodo devs took all cryptocurrency out of affected wallets and will keep it in a safe place until users submit claims to ...
-
New cryptocurrency mining malware is spreading across Thailand and the US
Security researchers have uncovered a new malware family, called BlackSquid, that's attacking hardware to get it to secretly ...
-
This tiny flashing kit can break your bad online security habits
The number of cyber attacks is estimated to have risen by 67% over the last five years, with the majority of these data breaches ...
-
Behind the scenes: Electrum hackers steal $4M with Bitcoin phishing attacks
Electrum Bitcoin wallet users have lost 771 BTC (approximately $4 million) since late December 2018, in an ongoing series ...
-
Hackers fix 20 security flaws in cryptocurrency-related platforms in 2 weeks
Seven cryptocurrency-related companies paid hackers to patch 20 software bugs in the past two weeks alone, including Stellar, ...
-
Facebook's reportedly been storing millions of user passwords in plain text since 2012
Facebook revelaed last night that it stored password of millions of users in plaintext. What's more shocking is that this ...
-
13 ways entrepreneurs can help their company guard against hacking
As technology evolves, so do hackers' techniques, something which puts tremendous pressure on organizations to constantly ...
-
Steam vulnerability exposed users to account hijacking and malware
A vulnerability in Valve's Steam client made it possible to take over user accounts, pilfer their items, and infect their ...
-
Security researchers found over 40 bugs in blockchain platforms in 30 days
The security experts found kinks in Monero, EOS, and popular cryptocurrency exchange desk Coinbase. Fortunately, none of ...
-
Coinbase handed out a $30K bounty for a critical bug in its systems
Another day, another bug: cryptocurrency exchange desk Coinbase has handed out a massive $30,000 bug bounty for a critical ...
-
Important security lessons learned from Apple's creepy FaceTime bug
Earlier this month, I woke up to a disastrous security bug in Apple’s FaceTime that could let anyone easily eavesdrop on ...
-
Apple temporarily disables group FaceTime to fix a bug that lets you eavesdrop on your contacts (Updated)
Update (February 8, 2019): Apple just released a fix (iOS 12.1.4) for this FaceTime bug. The company had said it’ll release ...
-
Blockchain researchers are still finding critical vulnerabilities in EOS
2019 has barely started and Block.one has already handed out $50,750 worth of bug bounties to researchers who found kinks ...
-
The security threats of neural networks and deep learning algorithms
This article is part of Demystifying AI, a series of posts that (try to) disambiguate the jargon and myths surrounding AI. History ...
-
Fortnite vulnerability could have left millions of credit cards exposed
Just as triumphant reports come in about Fortnite's success, the world's most popular game is forced to contend with stories ...
-
Ethereum devs delay Constantinople hard fork due to security fears
Core Ethereum developers have delayed the scheduled Constantinople upgrade after a code audit revealed it introduced new ...
-
5 of the worst security missteps by major tech companies in 2018
2018 marked the year that governments, businesses, and other organizations around the world started implementing GDPR — ...
-
Keep your digital life secure with these 6 simple tricks
Data breaches, widespread malware attacks, and microtargeted personalized advertising were lowlights of digital life in 2018. As ...
-
Hackers pocketed $878,000 from cryptocurrency bug bounties in 2018
Blockchain companies have resolved more than 3,000 vulnerability reports in 2018 alone. In return, white hackers pocketed ...
-
How numb are we to Facebook's fuck-ups at this point?
What would have been a PR nightmare last year is just a blip on the radar for Facebook in 2018.
-
Google+ to shut down early after second major security incident
After another data leak, its second such leak in a year, Google today announced it was shutting down its beleaguered social ...
-
Zoom bug let attackers hijack your screens during conference calls
Videoconferencing is almost always terrible at the best of times, but can you imagine someone taking control of your screen ...
-
The frustratingly simple techniques of ‘human hacking’ — and how to fight them
Technology has changed the meaning of how we interpret security and privacy in this digital millennium with tools that can ...
-
Facebook hack proves we need new user authentication methods
Facebook's recent security hack that possibly affected 90 million users has exposed the fundamental flaws that our authentication ...
-
Drone assassination attempts are a reminder that better legislation is needed
It will be up to the private sector, airspace security, and safety companies, to develop solutions that outwit and stop the ...
-
Our lack of interest in data ethics will come back to haunt us
When was the last time you saw a creepy ad on Facebook, which seemed to know about a product you were discussing with a coworker? ...
-
PSA: Major EOS bug makes it possible to steal valuable resources directly from users
EOS has another major vulnerability: this one allows for valuable network resources to be effectively stolen from user accounts ...
-
Bitcoin dev finds potentially crippling security flaw in Bitcoin Cash
A massive security vulnerability was found in Bitcoin Cash that, if exploited, would have crippled its blockchain with a ...
-
Blockchain bug hunters feature prominently at this year's Pwnie Awards
Three researchers are up for Pwnie Awards this year after exposing critical bugs in popular blockchain projects IOTA and ...
-
Bug in cryptocurrency platform Augur meant users could be duped into losing money
A massive vulnerability has been discovered in the decentralized betting platform Augur, which allowed all data shown in ...
-
200,000 routers in Brazil were secretly hijacked to mine cryptocurrency
Brazil has been hit by an elaborate cryptocurrency mining attack that infected hundreds of thousands of routers across the ...
-
Monero wallet vulnerability made it possible to steal XMR from exchanges
Monero, the cryptocurrency often praised for its privacy functions, was full of vulnerabilities - one allowing hackers to ...
-
John McAfee will pay you $100K if you get into his 'unhackable' crypto-wallet
McAfee says he will give $100,000 to anyone who can break into the 'Bitfi' wallet, the supposedly ‘unhackable’ cryptocurrency ...
-
Etherscan rushes to plug vulnerabilities following strange hacking attempts overnight
The most widely used Ethereum blockchain explorer, Etherscan, quickly patched vulnerabilities overnight after a set of strange ...
-
Hackers ejaculate 800,000 Brazzers accounts onto the dark web
2016 is proving to be the year of the data leak, as hackers have splashed 800,000 Brazzers accounts onto the internet.
