Vulnerability Management

The authors of the infamous malware family have added measures for better protecting malicious code injections against inspection and research.

Recent "BadUSB" attacks serve as a reminder of the big damage that small devices can cause.

MoonBounce is the latest in a small but growing number of implants found hidden in a computer's Unified Extensible Firmware Interface (UEFI).

Using blockchain, multifactor authentication, or signatures can help boost authentication security and reduce fraud.

Cross-site scripting and broken access controls continued to be the top classes of vulnerabilities researchers discovered, according to Bugcrowd's annual vulnerability report.

Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.

The Log4j vulnerability is only the latest security flaw to have global impact, prompting the Biden administration and software developers to pledge to produce more secure software.

The next five years will bring the widespread use of hyperautomation in patch management. Part 3 of 3.

The vulnerability was patched this week in Microsoft's set of security updates for January 2022.

In this Tech Tip, SANS Institute’s Johannes Ullrich suggests using PowerShell to identify Windows systems affected by the newly disclosed vulnerability in http.sys.

By combining risk-based vulnerability prioritization and automated patch intelligence, organizations can apply patches based on threat level. Part 2 of 3.

Two-thirds of all malware distributed to enterprise networks last year originated from cloud apps such as Google Drive, OneDrive, and numerous other cloud apps, new research shows.

A vulnerability in a third-party component used by many networking firms puts consumer and small business routers at risk for remote exploitation.

But that could change anytime, officials warn, urging organizations to prioritize patching against the critical remote code execution flaw.

In the wake of WannaCry and its ilk, the National Vulnerability Database arose to help security organizations track and prioritize vulnerabilities to patch. Part 1 of 3.