Vulnerabilities

Code on Screen

Firms are embracing Open Source. Securing it? Not so much.

The good news: open source software is nearly universal. The bad news: half of source code repositories contains open source code containing high-risk vulnerabilities, according to a new report released by the firm Synopsys.

hand on macbook

Episode 183: Researcher Patrick Wardle talks Zoom 0days and Mac (in)Security

You just reported a major security vulnerability in the Zoom platform. Now the CEO of Zoom wants to chat…via Zoom. What do you do? Security researcher Patrick Wardle of Jamf joins us to talk about it, his recent Zoom 0day, the state of Mac (in)security and his hot date in Moscow.

Episode 174: GE’s Very Bad Day – Unpacking the MDHex Vulnerabilities

The U.S. Department of Homeland Security warned of critical vulnerabilities in a range of products by GE. We speak with Elad Luz, the head of research at CyberMDX, which discovered the holes.

Armis Urgent/11 Vulnerabilities Logo

Critical Flaws in VxWorks affect 200 Million Connected Things

Serious and exploitable security flaws in VxWorks, a commonly used operating system for embedded devices, span 13 years and could leave hundreds of millions* of connected devices vulnerable to remote cyber attacks and hacks. The security firm Armis on Monday published a warning about 11 critical, zero day vulnerabilities in the VxWorks operating system, which is owned and managed by the firm Wind River. The vulnerabilities expose more than 200 million devices and could allow attackers to remotely take control of everything from networked printers and security appliances to industrial and medical devices, according to Ben Seri, the Vice President of Research at Armis. Move over, EternalBlue! At least a couple of the flaws were described as “more serious” than EternalBlue, the Microsoft Windows flaw that powered both the WannaCry and NotPetya malware outbreaks. SCADA and industrial control system devices, healthcare devices like patient monitors and MRI machines, as well […]

Expert: Patch Bluekeep Now or Face WannaCry Scenario

The flaw known as BlueKeep could be as dangerous as EternalBlue, the basis of recent malware like WannaCry, according to a report by BitSight.