How CVSS works: characterizing and scoring vulnerabilities

CVSS, or Common Vulnerability Scoring System, provides developers, testers, and security professionals with a standardized process to assess vulnerabilities.

Read more

iOS Mail bug allows remote zero-click attacks

A newly-discovered vulnerability in iOS Mail can be used to attack an iPhone remotely using a malicious e-mail message, even if you’re running the latest version of iOS (13.4.1).

Read more

A week in security (October 14 – 20)

Cybersecurity news for October 14 – 20, including the future of the password, the lingering threat of ransomware, and new security features from Instagram.

Read more

Pulse VPN patched their vulnerability, but businesses are trailing behind

After a vulnerability in a popular business VPN solutions was discussed at length and an easy to use exploit is availbale, organizations still fail to apply the patch. What’s up?

Read more

New iOS exploit checkm8 allows permanent compromise of iPhones

A new exploit for iOS enables attackers to gain permanent access to iPhones, iPads, Apple Watches, and more—with zero potential for patching. Learn why this is possibly the biggest security news for iOS since its inception.

Read more

A week in security (June 3 – 9)

A weekly roundup of security news from June 3–9, including Magecart, breaches, hyperlink auditing, Bluekeep, FTC, and facial recognition.

Read more

4 lessons to be learned from the DOE’s DDoS attack

The Department of Energy was subject to a DDoS attack that caused major disruptions in their operations. Is the smart grid ready for such an attack? Here are the lessons we can take away from the event.

Read more

Microsoft pushes patch to prevent ‘WannaCry level’ vulnerability

This month marks two years since the infamous WannaCry attack. Now a Remote Desktop Protocol (RDP) vulnerability has been discovered that could be used in a similar large-scale attack—though Microsoft has released a patch. Have you updated yet?

Read more

A week in security (March 4 – 11)

A roundup of cybersecurity news from March 4–11, including a Chrome zero-day, Labs’ data privacy report, news from RSA, and more.

Read more

Google Chrome zero-day: Now is the time to update and restart your browser

A particularly dangerous Google Chrome zero-day is already being used in real-world attacks. Despite Google’s auto update feature, users will need to close and restart their browser in order to be protected.

Read more

Select your language