Penetration testing, ethical hacking and vulnerability assessments

In this security testing and ethical hacking guide, you will get info on how to conduct a vulnerability assessment of your network and IT environment with penetration testing and ethical hacking tools and software, ethical hacker training and certifications.

Top Stories

Answer 28 Aug 2024
Types of hackers: Black hat, white hat, red hat and more

Black, white and gray hats are familiar to security pros, but as the spectrum evolves to include green, blue, red and purple, things get muddled. Brush up on types of hackers. Continue Reading
By
- Sharon Shea, Executive Editor
Feature 06 Feb 2024
20 free cybersecurity tools you should know about

Cybersecurity products can get pricy but there are many excellent open source tools to help secure your systems and data. Here's a list of some of the most popular with cyber pros. Continue Reading
By
- Andy Patrizio

Definition 11 Mar 2024
vulnerability assessment

A vulnerability assessment is the process of defining, identifying, classifying and prioritizing vulnerabilities in computer systems, applications and network infrastructures. Continue Reading
By
- TechTarget Contributor
Definition 27 Feb 2024
computer forensics (cyber forensics)

Computer forensics is the application of investigation and analysis techniques to gather and preserve evidence from a particular computing device in a way that is suitable for presentation in a court of law. Continue Reading
By
- Rahul Awati
- Ben Lutkevich, Site Editor
Feature 06 Feb 2024
20 free cybersecurity tools you should know about

Cybersecurity products can get pricy but there are many excellent open source tools to help secure your systems and data. Here's a list of some of the most popular with cyber pros. Continue Reading
By
- Andy Patrizio
Tip 18 Jan 2024
How to perform a cybersecurity risk assessment in 5 steps

This five-step framework for performing a cybersecurity risk assessment will help your organization prevent and reduce costly security incidents and avoid compliance issues. Continue Reading
By
- Michael Cobb
Definition 24 Oct 2023
Plundervolt

Plundervolt is the name of an undervolting attack that targeted Intel central processing units (CPUs). Continue Reading
By
- Ben Lutkevich, Site Editor
Tip 29 Sep 2023
How to use Wireshark to sniff and scan network traffic

Wireshark continues to be a critical tool for security practitioners. Learning how to use it to scan network traffic should be on every security pro's to-do list. Continue Reading
By
- Ed Moyle, Drake Software
Tip 14 Aug 2023
Top 3 ransomware attack vectors and how to avoid them

Protecting your organization against these three common ransomware attack entryways could mean the difference between staying safe or falling victim to a devastating breach. Continue Reading
By
- Diana Kelley, SecurityCurve
Definition 07 Mar 2023
fuzz testing (fuzzing)

Fuzz testing (fuzzing) is a quality assurance technique used to discover coding errors or bugs and security loopholes in software, operating systems and networks. Continue Reading
By
- Ben Lutkevich, Site Editor
Definition 18 Nov 2022
pen testing (penetration testing)

A penetration test, also called a pen test or ethical hacking, is a cybersecurity technique that organizations use to identify, test and highlight vulnerabilities in their security posture. Continue Reading
By
- Kinza Yasar, Technical Writer
- Puneet Mehta, SDG
Definition 10 Jan 2022
honeynet

A honeynet is a network set up with intentional vulnerabilities hosted on a decoy server to attract hackers. Continue Reading
By
- Andrew Zola
Definition 29 Dec 2021
white hat hacker

A white hat hacker -- or ethical hacker -- is an individual who uses hacking skills to identify security vulnerabilities in hardware, software or networks. Continue Reading
By
- Andrew Froehlich, West Gate Networks
- Madelyn Bacon, TechTarget
Feature 29 Oct 2021
A guide for how to become an ethical hacker

Ethical hackers have a unique and valuable skill set to find vulnerabilities before they can be exploited. Learn what it takes become an ethical hacker in the cybersecurity industry. Continue Reading
By
- Andy Patrizio
News 26 Oct 2021
Researcher cracks 70% of neighborhood Wi-Fi passwords

A CyberArk researcher showed that $50 worth of hardware and some attack scripts are all you need to break into home and small business Wi-Fi networks. Continue Reading
By
- Shaun Nichols
Feature 25 Oct 2021
How to use Python for privilege escalation in Windows

Penetration testers can use Python to write scripts and services to discover security vulnerabilities. In this walkthrough, learn how to escalate privileges in Windows. Continue Reading
By
- Kyle Johnson, Technology Editor
- No Starch Press
Feature 25 Oct 2021
Why hackers should learn Python for pen testing

The authors of 'Black Hat Python' explain the importance of learning Python for pen testing, how it helps create scripts to hack networks and endpoints, and more. Continue Reading
By
- Kyle Johnson, Technology Editor
Podcast 22 Oct 2021
Risk & Repeat: Apple bug bounty frustrations boil over

Security researchers criticized the Apple Security Bounty program and claimed the company ignored bug reports, denied bounty payments and silently patched vulnerabilities. Continue Reading
By
- Rob Wright, Senior News Director
News 15 Oct 2021
Burned by Apple, researchers mull selling zero days to brokers

Security researchers have grown frustrated with Apple's lack of communication, ‘silent patching’ of vulnerabilities, denial of bug bounty rewards and other issues. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 11 Oct 2021
5 open source offensive security tools for red teaming

To be an effective red teamer, you need the right tools in your arsenal. These are five of the open source offensive security tools worth learning. Continue Reading
By
- Ed Moyle, Drake Software
Feature 30 Sep 2021
How to use Ghidra for malware analysis, reverse-engineering

The Ghidra malware analysis tool helps infosec beginners learn reverse-engineering quickly. Get help setting up a test environment and searching for malware indicators. Continue Reading
By
- Kyle Johnson, Technology Editor
- Packt Publishing
Feature 30 Sep 2021
Get started with the Ghidra reverse-engineering framework

Malware analysts use Ghidra to examine code to better understand how it works. Learn what to expect from the reverse-engineering framework, how to start using it and more. Continue Reading
By
- Kyle Johnson, Technology Editor
News 30 Sep 2021
Researchers hack Apple Pay, Visa 'Express Transit' mode

Academic researchers discover an attack technique that enables them to make fraudulent transactions on locked iPhones when Apple Pay and Visa cards are set up for transit mode. Continue Reading
By
- Arielle Waldman, News Writer
Definition 27 Sep 2021
brute-force attack

A brute-force attack is a trial-and-error method used by application programs to decode login information and encryption keys to use them to gain unauthorized access to systems. Continue Reading
By
- Katie Terrell Hanna
News 24 Sep 2021
Spurned researcher posts trio of iOS zero days

An anonymous bug hunter critical of Apple's handling of reports to its bounty program has released details on three zero-day vulnerabilities in its iOS mobile platform. Continue Reading
By
- Shaun Nichols
News 13 Sep 2021
Hackers port Cobalt Strike attack tool to Linux

An unknown group of cybercriminals has created a version of the Windows-only Cobalt Strike Beacon tool that works against Linux machines, which has been used in recent attacks. Continue Reading
By
- Shaun Nichols
News 13 Sep 2021
Tenable acquires cloud security startup Accurics for $160M

The acquisition will be Tenable's first expansion into securing infrastructure as code, as it makes a push to identify and fix flaws in cloud-native software. Continue Reading
By
- Arielle Waldman, News Writer
Tip 31 Aug 2021
How to use Metasploit commands and exploits for pen tests

These step-by-step instructions demonstrate how to use the Metasploit Framework for enterprise vulnerability and penetration testing. Continue Reading
By
- Ed Moyle, Drake Software
News 25 Aug 2021
Bugs aplenty as VMware, Cisco and F5 drop security updates

Two critical updates from Cisco, remote code execution flaws in F5's Big-IP, and a half-dozen VMware security holes are among the more pressing issues for admins to address. Continue Reading
By
- Shaun Nichols
News 09 Aug 2021
'ProxyShell' Exchange bugs resurface after presentation

A critical vulnerability in Microsoft Exchange is once again making the rounds with attackers, following a Black Hat presentation from the researcher who found it. Continue Reading
By
- Shaun Nichols
News 09 Aug 2021
Transparency after a cyber attack: How much is too much?

Sharing threat intelligence and proof-of-concept exploits can often help other organizations better defend themselves, but such efforts are hampered by obstacles and restrictions. Continue Reading
By
- Arielle Waldman, News Writer
News 05 Aug 2021
Apple's M1 silicon brings new challenges for malware defenders

Noted security researcher Patrick Wardle told Black Hat 2021 attendees that catching malware attacks on new macOS systems requires learning the subtleties of ARM64 architecture. Continue Reading
By
- Shaun Nichols
News 05 Aug 2021
Researchers argue action bias hinders incident response

A Black Hat 2021 session focused on the human instinct to act immediately after a cyber attack and how that can negatively impact incident response. Continue Reading
By
- Arielle Waldman, News Writer
News 04 Aug 2021
14 flaws in NicheStack put critical infrastructure at risk

The vulnerability disclosure process for Infra:Halt, a set of flaws impacting critical infrastructure, took nearly a year, due to the nature of supply chain vulnerabilities. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 02 Aug 2021
Hospitals at risk from security flaws in pneumatic tube systems

Researchers at IoT security vendor Armis said the nine critical vulnerabilities affect the pneumatic tube systems used by many hospitals in North America. Continue Reading
By
- Shaun Nichols
News 28 Jul 2021
CISA unveils list of most targeted vulnerabilities in 2020

Attackers chased the headlines in 2020, going after the most publicized vulnerabilities in Citrix, Pulse Secure and Fortinet products, according to the U.S. government. Continue Reading
By
- Shaun Nichols
Podcast 22 Jul 2021
Risk & Repeat: Vulnerability patching still falling short

Many organizations still fail to patch critical vulnerabilities, even when they're under exploitation in the wild. What are the best ways to improve patching rates? Continue Reading
By
- Rob Wright, Senior News Director
News 15 Jul 2021
SonicWall warns of 'imminent' SMA 100/SRA ransomware attacks

SonicWall said that those who fail to update or disconnect their vulnerable SMA 100 and SRA devices are 'at imminent risk of a targeted ransomware attack.' Continue Reading
By
- Alexander Culafi, Senior News Writer
News 14 Jul 2021
Microsoft: Chinese threat actor exploited SolarWinds zero-day

Microsoft has observed DEV-0322, the threat actor exploiting the SolarWinds Serv-U zero-day, 'targeting entities in the U.S. Defense Industrial Base Sector and software companies.' Continue Reading
By
- Alexander Culafi, Senior News Writer
News 13 Jul 2021
Schneider Electric PLCs vulnerable to remote takeover attacks

The authentication bypass vulnerability is a symptom of a much larger security crisis plaguing industrial control hardware, according to researchers who found the bug. Continue Reading
By
- Shaun Nichols
News 12 Jul 2021
SolarWinds warns of zero-day vulnerability under attack

SolarWinds says targeted attacks from a single threat actor have been reported on a previously unknown vulnerability in the Serv-U file transfer platform. Continue Reading
By
- Shaun Nichols
News 08 Jul 2021
Dutch researchers shed new light on Kaseya vulnerabilities

Dutch security researchers were working with Kaseya to get an authentication bypass flaw and other bugs patched when the catastrophic supply chain attack occurred. Continue Reading
By
- Shaun Nichols
Feature 28 Jun 2021
What are cloud containers and how do they work?

Containers in cloud computing have evolved from a security buzzword. Deployment of cloud containers is now an essential element of IT infrastructure protection. Continue Reading
By
- Rob Shapland
- Ben Cole, Executive Editor
- Kyle Johnson, Technology Editor
News 24 Jun 2021
Dell BIOSConnect flaws affect 30 million devices

Eclypsium researchers discovered vulnerabilities that, if exploited, can allow remote code execution in a pre-boot environment for 128 different Dell products. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 16 Jun 2021
Zscaler: Exposed servers, open ports jeopardizing enterprises

Zscaler analyzed 1,500 networks and found administrators are leaving basic points of entry wide open for attackers as neglected servers are falling by the wayside. Continue Reading
By
- Shaun Nichols
News 15 Jun 2021
Apple issues patches for two more WebKit zero-days

Apple said both WebKit zero-days, which affect older iOS devices, have reportedly been exploited in the wild, but further details about the threat activity are unknown. Continue Reading
By
- Alexander Culafi, Senior News Writer
Feature 15 Jun 2021
How to get started with security chaos engineering

Introducing security chaos engineering: the latest methodology security teams can implement to proactively discover vulnerabilities or weaknesses in a company's system. Continue Reading
By
- Michael Cobb
Definition 14 Jun 2021
threat modeling

Threat modeling is a procedure for optimizing application, system or business process security by identifying objectives and vulnerabilities, and then defining countermeasures to prevent or mitigate the effects of threats to the system. Continue Reading
By
- Michael Cobb
News 08 Jun 2021
CISA taps Bugcrowd for federal vulnerability disclosure program

The new program follows a CISA directive from September that requires executive branch agencies to create and publish vulnerability disclosure policies. Continue Reading
By
- Shaun Nichols
Feature 07 Jun 2021
Hackers vs. lawyers: Security research stifled in key situations

The age-old debate between sharing information or covering legal liability is a growing issue in everything from bug bounties to disclosing ransomware attacks. Continue Reading
By
- Shaun Nichols
Feature 03 Jun 2021
How to ethically conduct pen testing for social engineering

Author Joe Gray explores his interest in pen testing for social engineering, what it means to be an ethical hacker and how to get started in the career. Continue Reading
By
- Kyle Johnson, Technology Editor
Feature 03 Jun 2021
How to handle social engineering penetration testing results

In the wake of conducting social engineering penetration testing, companies need to have a plan ready to prevent or minimize phishing, vishing and other attacks. Continue Reading
By
- Kyle Johnson, Technology Editor
- No Starch Press
Definition 21 May 2021
ethical hacker

An ethical hacker, or white hat hacker, is an information security expert authorized by an organization to penetrate computing infrastructure to find security vulnerabilities a malicious hacker could exploit. Continue Reading
By
News 18 May 2021
McAfee CTO: Use data to make better cyber-risk decisions

According to McAfee CTO Steve Grobman, the best response to today's cyber-risks includes both human and technology-based solutions, like threat intelligence and good security hygiene. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 04 May 2021
Qualys finds 21 vulnerabilities in Exim mail software

Qualys, which discovered the '21Nails' vulnerabilities, said that it did not see evidence of exploitation, but many vulnerabilities are 17 years old and at risk of being exploited. Continue Reading
By
- Alexander Culafi, Senior News Writer
Feature 27 Apr 2021
Applying web application reconnaissance to offensive hacking

Learn how to apply web application reconnaissance fundamentals to improve both offensive and defensive hacking skills in an excerpt of 'Web Application Security' by Andrew Hoffman. Continue Reading
By
- Katie Donegan, Social Media Manager
Feature 27 Apr 2021
Collaboration is key to a secure web application architecture

Author Andrew Hoffman explains the importance of a secure web application architecture and how to achieve it through collaboration between software and security engineers. Continue Reading
By
- Katie Donegan, Social Media Manager
Definition 21 Apr 2021
red teaming

Red teaming is the practice of rigorously challenging plans, policies, systems and assumptions by adopting an adversarial approach. Continue Reading
By
- TechTarget Contributor
News 21 Apr 2021
Hackers exploit 3 SonicWall zero-day vulnerabilities

SonicWall patched the zero-day vulnerabilities earlier this month, but the security vendor didn't disclose they were being exploited until Tuesday. Continue Reading
By
- Alexander Culafi, Senior News Writer
Guest Post 15 Apr 2021
5 cybersecurity testing areas CISOs need to address

With increasing board interest in cybersecurity risk, CISOs need to explain the preventive steps they are taking to have the right cybersecurity testing in place to minimize risk. Continue Reading
By
- Mark Whitehead
News 08 Apr 2021
Unpatched applications threaten SAP security

Cyberattacks are a significant threat to unpatched, unprotected SAP applications, according to a new threat intelligence report from SAP and Onapsis. Continue Reading
By
- Jim O'Donnell, News Writer
News 05 Apr 2021
CISA: APTs exploiting Fortinet FortiOS vulnerabilities

Three Fortinet FortiOS vulnerabilities that have been fully patched since last summer are being exploited by advanced persistent threat actors, according to the FBI and CISA. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 26 Feb 2021
5 steps to conduct network penetration testing

Enterprises that want to ensure competent network security strategies should look at how they can implement penetration testing, considering red teams and physical pen tests. Continue Reading
By
- John Cavanaugh, BlueAlly
Definition 24 Feb 2021
honeypot (computing)

A honeypot is a network-attached system set up as a decoy to lure cyber attackers and detect, deflect and study hacking attempts to gain unauthorized access to information systems. Continue Reading
By
- Ben Lutkevich, Site Editor
- Casey Clark, TechTarget
- Michael Cobb
News 24 Feb 2021
Dragos: ICS security threats grew threefold in 2020

A new report highlights the challenges facing ICS vendors today, including practices that are geared toward traditional IT and not designed for ICS security. Continue Reading
By
- Arielle Waldman, News Writer
Feature 22 Feb 2021
Why developers should consider automated threat modeling

Traditional threat modeling is hard. Can automated threat modeling make development and security teams' lives easier? Continue Reading
By
- Kyle Johnson, Technology Editor
- O'Reilly Media
Feature 22 Feb 2021
Introducing development teams to threat modeling in SDLC

Enterprises can improve their security posture by educating development teams on threat modeling so they can work alongside security teams and everyone knows a common language. Continue Reading
By
- Kyle Johnson, Technology Editor
Feature 08 Feb 2021
5 cybersecurity lessons from the SolarWinds breach

Ransomware attack simulations, accessing enterprise logs and pen testing software code are among the best practices cybersecurity pros suggest following the SolarWinds breach. Continue Reading
By
- Sandra Gittlen
News 02 Feb 2021
SonicWall confirms zero-day vulnerability on SMA 100 series

After testing NCC Group's findings, SonicWall 'confirmed their submission as a critical zero-day in the SMA 100 series 10.x code, and are tracking it as SNWLID-2021-0001.' Continue Reading
By
- Alexander Culafi, Senior News Writer
News 14 Jan 2021
Tenable: Vulnerability disclosures skyrocketed over last 5 years

New research from Tenable shows a dramatic increase in vulnerability disclosures since 2015, as well as concerning data about data breaches, ransomware threats and unpatched bugs. Continue Reading
By
- Arielle Waldman, News Writer
Answer 07 Jan 2021
Explore benefits and challenges of cloud penetration testing

Cloud penetration testing presents new challenges for information security teams. Here's how a playbook from the Cloud Security Alliance can help inform cloud pen test strategies. Continue Reading
By
- Nick Lewis
Definition 04 Jan 2021
deception technology

Deception technology is a class of security tools and techniques designed to prevent an attacker who has already entered the network from doing damage. The technology uses decoys to misdirect the attacker and delay or prevent him from going deeper into the network and reaching his intended target. Continue Reading
By
- Carolyn Crandall, Attivo Networks
Guest Post 31 Dec 2020
The enterprise case for implementing live-fire cyber skilling

Companies continue to grapple with the cybersecurity skills gap, but Adi Dar offers a way to ensure security teams are properly trained through the use of live exercises. Continue Reading
By
- Adi Dar
Feature 29 Dec 2020
Editor's picks: Top cybersecurity articles of 2020

As the year no one could have predicted comes to a close, SearchSecurity takes a 30,000-foot view of the cybersecurity trends and challenges that defined the last 12 months. Continue Reading
By
- Katie Donegan, Social Media Manager
News 23 Dec 2020
Security measures critical for COVID-19 vaccine distribution

The COVID-19 vaccine supply chain is already under attack, which comes as no surprise to experts. The biggest potential threats, however, are still to come. Continue Reading
By
- Makenzie Holland, Senior News Writer
- Jim O'Donnell, News Writer
Quiz 08 Dec 2020
Practice Certified Ethical Hacker exam questions

Preparing for your Certified Ethical Hacker certification? Assess your knowledge of topics on the CEH exam with these practice test questions. Continue Reading
By
- Sharon Shea, Executive Editor
- McGraw Hill Education
Feature 08 Dec 2020
Ethical hacker career path advice: Getting started

Matt Walker, author of a Certified Ethical Hacker exam guide and practice exam book, offers advice to career hopefuls on the profession, CEH certification and more. Continue Reading
By
- Sharon Shea, Executive Editor
Tip 20 Nov 2020
Pair cyber insurance, risk mitigation to manage cyber-risk

The role of cyber insurance may come after a breach, but it remains a useful element in an organization's vulnerability management strategy. Continue Reading
By
- Paul Kirvan
Tip 20 Nov 2020
Cyber insurance explained, from selection to post-purchase

Before you sign on the dotted line, make sure you understand what cyber insurance can and can't do -- and what type of policy will do the most for you. Continue Reading
By
- Sherri Davidoff, LMG Security
Tip 04 Nov 2020
Red team vs. blue team vs. purple team: What's the difference?

Red team-blue team exercises simulate attacks on enterprise networks. What does each team do? Where do purple teams fit in? Find out here. Continue Reading
By
- Sharon Shea, Executive Editor
News 04 Nov 2020
SaltStack discloses critical vulnerabilities, urges patching

The SaltStack vulnerabilities, disclosed Tuesday, allow remote attackers to execute arbitrary code on affected installations of the popular open source software. Continue Reading
By
- Arielle Waldman, News Writer
Guest Post 01 Oct 2020
3 common election security vulnerabilities pros should know

Election security remains top of mind for many right now, with Nabil Hannan discussing vulnerabilities like remote breaches, new attack surfaces and poor current controls. Continue Reading
By
- Nabil Hannan
News 23 Sep 2020
ConnectWise launches bug bounty program to boost security

ConnectWise, which provides remote management software to MSPs, partnered with HackerOne in its first bug bounty program, which is part of a larger strategy to improve security. Continue Reading
By
- Arielle Waldman, News Writer
News 09 Sep 2020
Intel patches critical flaw in Active Management Technology

Intel's Patch Tuesday featured four security advisories, including a critical flaw in Active Management Technology that could allow an attacker privilege escalation. Continue Reading
By
- Arielle Waldman, News Writer
News 03 Sep 2020
CISA issues vulnerability disclosure order for federal agencies

The U.S. Cybersecurity and Infrastructure Security Agency gives a directive for federal agencies to establish vulnerability disclosure policies in the next 180 calendar days. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 31 Aug 2020
Cisco issues alert for zero-day vulnerability under attack

Cisco discovered attempted exploitation of a high-severity vulnerability found in the IOS XR software used in some of its networking equipment. Continue Reading
By
- Arielle Waldman, News Writer
News 21 Aug 2020
Claroty: 70% of ICS vulnerabilities are remotely exploitable

Out of 365 ICS vulnerabilities that were disclosed by the National Vulnerability Database in the first half of 2020, Claroty found more than 70% can be remotely exploited. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 21 Aug 2020
Former Uber CSO charged over 'hush money' payment to hackers

Joe Sullivan, who was fired by Uber in 2017, was charged by federal prosecutors for allegedly covering up a massive 2016 data breach at the ride-sharing company. Continue Reading
By
- Rob Wright, Senior News Director
News 18 Aug 2020
Apache Struts vulnerabilities allow remote code execution, DoS

The Apache Software Foundation issued security advisories last week for two Apache Struts vulnerabilities that were originally patched but not fully disclosed last fall. Continue Reading
By
- Alexander Culafi, Senior News Writer
Feature 17 Aug 2020
Hands-on guide to S3 bucket penetration testing

Attention AWS pen testers: The trick to understanding the indicators of AWS S3 bucket vulnerabilities is setting up an insecure bucket. Learn how in this actionable guide. Continue Reading
By
- Katie Donegan, Social Media Manager
- Packt Publishing
Feature 17 Aug 2020
How to handle Amazon S3 bucket pen testing complexity

Security researcher Benjamin Caudill shares details from his book, 'Hands-On AWS Penetration Testing with Kali Linux,' and advice on Amazon S3 bucket pen testing for ethical hackers. Continue Reading
By
- Katie Donegan, Social Media Manager
Guest Post 12 Aug 2020
What cybersecurity teams can learn from COVID-19

Nabil Hannan examines key similarities between medical and computer viruses that cybersecurity teams can use to keep businesses protected effectively. Continue Reading
By
- Nabil Hannan
News 07 Aug 2020
10 years after Stuxnet, new zero-days discovered

A decade after Stuxnet, SafeBreach Labs researchers discovered new zero-day vulnerabilities connected to the threat, which they unveiled at Black Hat USA 2020. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 06 Aug 2020
Voting vendor ES&S unveils vulnerability disclosure program

Election Systems & Software, the biggest vendor of U.S. voting equipment, will allow the security researcher community to test its elections equipment for vulnerabilities. Continue Reading
By
- Arielle Waldman, News Writer
News 06 Aug 2020
Ripple20 vulnerabilities still plaguing IoT devices

Months after Ripple20 vulnerabilities were reported, things haven't gotten much better, say experts at Black Hat USA 2020. In fact, the world may never be fully rid of the flaws. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 05 Aug 2020
Matt Blaze warns of election security challenges amid COVID-19

In his Black Hat USA 2020 keynote, security researcher Matt Blaze discussed the challenges facing U.S. elections this year and what must be done to solve them. Continue Reading
By
- Rob Wright, Senior News Director
Tip 03 Aug 2020
How to start an enterprise bug bounty program and why

Incentivizing researchers for finding software vulnerabilities can be advantageous for vendors and participants. Here's what to know before starting a bug bounty program. Continue Reading
By
- Ed Moyle, Drake Software
News 01 Jul 2020
Microsoft fixes Windows Codecs flaws with emergency patches

Microsoft addressed two vulnerabilities, one rated critical and the other rated important, after being alerted by a researcher with Trend Micro's Zero Day Initiative. Continue Reading
By
- Arielle Waldman, News Writer
News 16 Jun 2020
ZDI drops 10 zero-day vulnerabilities in Netgear router

Trend Micro's Zero Day Initiative published 10 vulnerabilities in Netgear's R6700 router that have gone unpatched for seven months. Continue Reading
By
- Arielle Waldman, News Writer
Tip 08 Jun 2020
Benefits of open source container vulnerability scanning

Containers have revolutionized app development but pose many security challenges. Uncover how container vulnerability scanning can help and why to consider open source tools. Continue Reading
By
- Ed Moyle, Drake Software
News 02 Jun 2020
VMware vulnerability enables takeover of cloud infrastructure

A new vulnerability in VMware Cloud Director allowed any user to obtain control of any virtual machine on a public or private cloud, according to ethical hacking firm Citadelo. Continue Reading
By
- Alexander Culafi, Senior News Writer
Feature 30 Apr 2020
Words to go: Types of phishing scams

IT teams must take proactive measures to address security awareness when it comes to email. Learn about the types of phishing scams to mitigate risk. Continue Reading
By
- Katie Donegan, Social Media Manager