Security researchers have found a way to attach virtual USB devices remotely to Supermicro servers, including over the internet, by abusing a feature in their baseband management controller software.
Stories by Lucian Constantin
Microsoft finds and fixes multiple RDS and RDP vulnerabilities in Windows, but new research on BlueKeep patch rates suggests many machines could remain exposed.
Remotely exploitable vulnerability in internet-connected devices gives attackers a means to cause disruption and damage in a wide range of industries.
Attackers can use the vulnerability to gain complete control of the phone. It underscores the risks of using old open-source code in IoT devices.
Researchers have found 11 serious vulnerabilities in VxWorks, the world's most popular real-time operating system.
According to new research, more companies are enabling biometric authentication on devices to verify access requests.
MongoDB aims to prevent exposed data stores by encrypting data in a way that makes it useless if compromised.
Unlike Rowhammer, which only allows for data corruption, the newly discovered RAMBleed vulnerability provides a way to grab data such as encryption keys from memory.
Cybercriminal group Carbanak has stolen hundreds of millions of dollars from financial institutions. Here's a detailed analysis by Bitdefender of how they did it at one bank.
Researchers released two tools--Muraen and NecroBrowser--that automate phishing attacks that can bypass 2FA. Most defenses won't stop them.
Intel has done some mitigations for these vulnerabilities that can leak secrets from virtual machines, secure enclaves and kernel memory. Here's how the attacks work.
By replacing a PC's SPI flash chip with one that contains rogue code, an attacker can can gain full, persistent access.
A recently released exploit takes advantage of a known configuration vulnerability that persists among many on-premise and cloud SAP instances.
If your company uses Confluence, make sure you have the latest available patches for this vulnerability.
Detected scans suggest attacker are seeking vulnerable servers to target for attacks.