Security news that informs and inspires

Archive

16 results for tag Vulnerability:

Critical Kubernetes Bug Gives Anyone Full Admin Privileges

With a 9.8 rating on the Common Vulnerability Scoring System, the privilege escalation flaw in container orchestration system Kubernetes is as bad as it can get. Any user will be able to remotely gain full administrator privileges on any node in the cluster.

Vulnerability, Open Source, Patching

NIST Looking at AI to Calculate Bug Severity

IBM has been touting the potential of using Watson to help security analysts analyze large volumes of security data and make security decisions. The National Institutes of Standards and Technology may be considering using AI to help determine the severity of software vulnerabilities.

NIST, Vulnerability

Applications Using Apache .htaccess at Risk for Attacks

The original vulnerability may be in a jQuery plugin, but the disconnect in how web developers use .htaccess with the Apache web server and how the server is actually configured means there are potentially more applications out there that are vulnerable to attack.

Vulnerability, Appsec, Apache

No Sleep for Computers: Cold Boot Attacks are Back

F-Secure researchers found that modifying the hardware on modern computers make them susceptible to “cold boot” attacks where passwords and encryption keys can be harvested from memory. Hibernate or power off. Don't put the computer in sleep mode.

Hardware, Vulnerability

History Suggests Attackers Will Hit Struts Flaw Quickly

The open source Struts web application framework has a target on its back. Attackers are likely developing exploits. Is it time to stop using Struts?

Vulnerability, Patching