Author: DEFENDEDGE
-
How to Buy Precious Patching Time as Log4j Exploits Fly
Podcast: Cybereason shares details about its vaccine: a fast shot in the arm released within hours of the Apache Log4j zero-day horror show being disclosed. Read more
-
CISA Creates Webpage for Apache Log4j Vulnerability CVE-2021-44228
Original release date: December 13, 2021 CISA and its partners, through the Joint Cyber Defense Collaborative, are tracking and responding to active, widespread exploitation of a critical remote code execution vulnerability (CVE-2021-44228) affecting Apache Log4j software library versions 2.0-beta9 to 2.14.1. Log4j is very broadly used in a variety of consumer and enterprise services, websites,… Read more
-
Vulnerability Summary for the Week of December 6, 2021
Original release date: December 13, 2021 High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info accops — hyworks_dvm_tools A Buffer Overflow vulnerability exists in Accops HyWorks DVM Tools prior to v3.3.1.105. The IOCTL Handler 0x22001B allows local attackers to execute arbitrary code in kernel mode or cause a denial… Read more
-
Where the Latest Log4Shell Attacks Are Coming From
Analysts find at least 10 Linux botnets actively exploiting Log4Shell flaw. Read more
-
Log4Shell Is Spawning Even Nastier Mutations
The cybersecurity Hiroshima of the year – the Apache Log4j logging library exploit – has spun off 60 bigger mutations in less than a day, researchers said. Read more
-
Next-Gen Maldocs & How to Solve the Human Vulnerability
Malicious email attachments with macros are one of the most common ways hackers get in through the door. Huntress security researcher John Hammond discusses how threat hunters can fight back. Read more
-
CISA Adds Thirteen Known Exploited Vulnerabilities to Catalog
Original release date: December 10, 2021 CISA has added thirteen new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to… Read more
-
1.6 Million WordPress Sites Under Cyberattack From Over 16,000 IP Addresses
As many as 1.6 million WordPress sites have been targeted by an active large-scale attack campaign originating from 16,000 IP addresses by exploiting weaknesses in four plugins and 15 Epsilon Framework themes. WordPress security company Wordfence, which disclosed details of the attacks, said Thursday it had detected and blocked more than 13.7 million attacks aimed at the… Read more
-
Zero Day in Ubiquitous Apache Log4j Tool Under Active Attack
The Log4Shell vulnerability critically threatens anybody using the popular open-source Apache Struts framework and could lead to a “Mini internet meltdown soonish.” Read more
-
Apache Releases Log4j Version 2.15.0 to Address Critical RCE Vulnerability Under Exploitation
Original release date: December 10, 2021 The Apache Software Foundation has released a security advisory to address a remote code execution vulnerability (CVE-2021-44228) affecting Log4j versions 2.0-beta9 to 2.14.1. A remote attacker could exploit this vulnerability to take control of an affected system. Log4j is an open-source, Java-based logging utility widely used by enterprise applications… Read more