IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

vulnerability

Dogwalk RCE variant among 121 vulnerabilities fixed in Microsoft's August Patch Tuesday
Microsoft Windows 11 logo on a smartphone set against a background of neon blue code on a screen to denote a cyber security theme
zero-day exploit

Dogwalk RCE variant among 121 vulnerabilities fixed in Microsoft's August Patch Tuesday

The second-biggest security update released by Microsoft this year featured 17 critical-rated RCEs and privilege escalation bugs
10 Aug 2022
Over 200,000 DrayTek routers vulnerable to total device takeover
A digital render of a blue padlock fragmenting into a cloud of data
Security

Over 200,000 DrayTek routers vulnerable to total device takeover

The routers are popular with small and medium businesses, but are easily exploitable by threat actors seeking to steal data or launch ransomware
3 Aug 2022
Microsoft warns hackers turning to IIS exploits to create backdoors in businesses
Door in a wall in a black room painted with computer code leading to a digital red background
cyber attacks

Microsoft warns hackers turning to IIS exploits to create backdoors in businesses

Internet information service modules formed part of the attack of Microsoft's own Exchange servers earlier this year
27 Jul 2022
Actively exploited zero-day and four 'critical' vulnerabilities fixed in Microsoft's July Patch Tuesday
A padlock graphic on an abstract digital background
vulnerability

Actively exploited zero-day and four 'critical' vulnerabilities fixed in Microsoft's July Patch Tuesday

The month's list of 84 bug fixes has been branded "boring" by some experts but should be welcome news to security personnel
13 Jul 2022
HackerOne employee fired for using position to steal bug bounties
A hand holding a magnifying glass reveals a red lock, unlocked among several blue locked locks
Security

HackerOne employee fired for using position to steal bug bounties

The threat actor was identified by their duplicate data, which they were trying to pass off as their own for financial gain
4 Jul 2022
LockBit 2.0 ransomware disguised as PDFs distributed in email attacks
A digital render of an envelope, floating above blue cubes and the outlines of cubes made of red energy
Security

LockBit 2.0 ransomware disguised as PDFs distributed in email attacks

Researchers have urged vigilance over compressed attachments sent under false pretenses
27 Jun 2022
Proofpoint details 'dangerous' ransomware flaw in SharePoint and OneDrive
A close up photo of a smartphone screen with a shortcut for the OneDrive app displayed
ransomware

Proofpoint details 'dangerous' ransomware flaw in SharePoint and OneDrive

Functionality allows ransomware to encrypt files stored on SharePoint and OneDrive to make them potentially unrecoverable, vendor says
17 Jun 2022
US security agency issues emergency alert over vulnerable VMware products
The VMware website as seen through a magnifying glass against a monitor
Security

US security agency issues emergency alert over vulnerable VMware products

A string of actively exploited critical vulnerabilities across five popular VMware products has been described as an "unacceptable risk" to government…
19 May 2022
Researchers demonstrate how to install malware on iPhone after it's switched off
Apple logo on the side of a building
Security

Researchers demonstrate how to install malware on iPhone after it's switched off

The most recent iPhones are found to be vulnerable after researchers discover an exploit in a beloved iOS 15 feature
18 May 2022
Tool that scans office software for vulnerabilities finds almost 100 in Word and Acrobat
An unlocked padlock resting on a keyboard in front of a red backdrop
Security

Tool that scans office software for vulnerabilities finds almost 100 in Word and Acrobat

Myriad flaws in Microsoft Word, Adobe Acrobat, and Foxit Reader were discovered as part of the research project that netted $22,000 in bug bounty rewa…
13 May 2022
Windows Server admins say latest Patch Tuesday broke authentication policies
Image of a server rack with lens flare on the corner of the image
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

Microsoft has issued a workaround for the certificate-mapping issue, but many have already rolled back the updates to avoid operational disruption
12 May 2022
Actively exploited Windows vulnerability reaches peak severity when paired with popular attack
Windows 11 and Windows 11 displayed on two different laptops
Security

Actively exploited Windows vulnerability reaches peak severity when paired with popular attack

May 2022's routine Patch Tuesday fixes seven 'critical' issues, including a familiar headache for IT administrators
11 May 2022
Millions of Lenovo laptops thought to be vulnerable to newly discovered UEFI malware attacks
Motherboard mockup
Security

Millions of Lenovo laptops thought to be vulnerable to newly discovered UEFI malware attacks

ESET researchers said the core vulnerabilities were 'easy' to spot due to "unfortunate" and "honest" driver names
20 Apr 2022
Microsoft announces lucrative new bug bounty awards for M365 products and services
Bug surrounding by computer code and jargon
Security

Microsoft announces lucrative new bug bounty awards for M365 products and services

The new awards will focus on scenario-based weaknesses and offer bonuses of up to 30% for the most severe bugs
19 Apr 2022
Microsoft's massive 145-vulnerability Patch Tuesday fixes ten critical exploits
Win 11 on a smartphone in front of code on a monitor
Security

Microsoft's massive 145-vulnerability Patch Tuesday fixes ten critical exploits

This month's round of patches is now available with some exploits proving to be particularly dangerous
13 Apr 2022
IT Pro News In Review: The Works cyber attack, Lenovo recruitment drive, old macOS vulnerabilities
IT Pro News In Review: The Works cyber attack, Lenovo recruitment drive, old macOS vulnerabilitiesvideo
cyber security

IT Pro News In Review: The Works cyber attack, Lenovo recruitment drive, old macOS vulnerabilities

Catch up on the biggest headlines of the week in just two minutes
8 Apr 2022
Apple releases emergency patch fixing zero-days across iOS and macOS
Image of iPhone 13 on a white background
zero-day exploit

Apple releases emergency patch fixing zero-days across iOS and macOS

Flaws have been fixed on iPhones, iPads, and Macs, as well as undisclosed vulnerabilities on Apple TV and Apple Watch devices
1 Apr 2022
Patch finally released for Spring4Shell zero-day after vulnerable businesses put on high alert
Cyber security represented by a digital screen with encryption data background
Security

Patch finally released for Spring4Shell zero-day after vulnerable businesses put on high alert

With proof-of-concept code out in the wild, businesses are encouraged to assess their exposure to what's being dubbed 'Log4Shell 2.0'
31 Mar 2022
Google patches second Chrome browser zero-day of 2022
Google Chrome logo on a Chromebook
zero-day exploit

Google patches second Chrome browser zero-day of 2022

Google acted quickly to secure against the type confusion vulnerability that was under active exploitation
28 Mar 2022
Microsoft Patch Tuesday fixes Windows 11 system reset bug
Windows 11 and Windows 11 displayed on two different laptops
vulnerability

Microsoft Patch Tuesday fixes Windows 11 system reset bug

A host of fixes are available to Windows administrators as Microsoft patches three critical RCEs flaws
9 Mar 2022
China-backed hackers compromised six US government networks
A close up of a keyboard with graphics overlaid to represent cyber security and hacking
vulnerability

China-backed hackers compromised six US government networks

Mandiant researchers investigated APT41 activities between May 2021 and February 2022
9 Mar 2022
Mozilla patches two Firefox zero-day vulnerabilities
Firefox sign in front of a brick building
vulnerability

Mozilla patches two Firefox zero-day vulnerabilities

Memory bugs fixed in Firefox desktop and mobile browsers along with Mozilla's Thunderbird client
8 Mar 2022
Identity is key to stopping these five cyber security attacks
Whitepaper cover with a blurred image of a stack of data chipswhitepaper
Whitepaper

Identity is key to stopping these five cyber security attacks

Many attacks begin with the same weakness: user accounts
7 Mar 2022