Category: alerts

Original release date: December 22, 2021 The Apache Software Foundation has released Apache HTTP Server 2.4.52. This version addresses vulnerabilities—CVE-2021-44790 and CVE-2021-44224—that a remote attacker could exploit to take control of an affected system. CISA encourages users and administrators to review the Apache announcement and update as soon as possible. This product is provided subject to… Read more

Don’t freak: It’s got nothing to do with Log4Shell, except it may be just as far-reaching as Log4j, given HTTPD’s tendency to tiptoe into software projects. Read more

Original release date: December 22, 2021 CISA, the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and the cybersecurity authorities of Australia, Canada, New Zealand, and the United Kingdom have released a joint Cybersecurity Advisory in response to multiple vulnerabilities in Apache’s Log4j software library. Malicious cyber actors are actively scanning networks to potentially… Read more

Original release date: December 22, 2021 Summary The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), National Security Agency (NSA), Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS), the Computer Emergency Response Team New Zealand (CERT NZ), the New Zealand National Cyber Security Centre (NZ NCSC), and the… Read more

Attackers exploiting bugs in the “link preview” feature in Microsoft Teams could abuse the flaws to spoof links, leak an Android user’s IP address and launch a DoS attack. Read more

There are 17,000npatched Log4j packages in the Maven Central ecosystem, leaving massive supply-chain risk on the table from Log4Shell exploits. Read more

Microsoft is urging customers to patch two Active Directory domain controller bugs after a PoC tool was publicly released on Dec. 12. Read more

APT attackers are using a security vulnerability in ManageEngine Desktop Central to take over servers, deliver malware and establish network persistence. Read more

Original release date: December 21, 2021   High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info abb — omnicore_c30_firmware A Missing Authentication vulnerability in RobotWare for the OmniCore robot controller allows an attacker to read and modify files on the robot controller if the attacker has access to the Connected… Read more

Conti has become the first professional-grade, sophisticated ransomware group to weaponize Log4j2, now with a full attack chain. Read more