vulnerability

Log4j New Year Wrap-Up

One month into the Log4j vulnerability, we take a look at the 3 CVEs and their fixes, known exploits being observed in the wild, and a way forward in dealing with the ubiquitous and targeted Java library.

January 7, 2022

Apache Releases Log4j 2.16.0 to Patch Lingering DoS Vulnerability

Amid the focus on Log4j while patching CVE-2021-44228, a JNDI injection RCE vulnerability, Apache has released 2.16.0 which disables JNDI by default and removes support for Message lookups in order to fix a newly discovered denial of service vulnerability.

December 14, 2021

Log4j/Log4Shell Updates and Recommended Guidance

Updates and recommended guidance for identifying vulnerable servers and mitigating exploit attempts.

December 13, 2021

Apache Log4j Zero-Day Exposes Java Applications to RCE

A high-severity zero-day has been uncovered in Apache Log4j which could allow a log injection RCE exploit.

December 10, 2021

Multiple Vulnerabilities Discovered in Zoom Client

Two new vulnerabilities discovered in Zoom Client for Meetings allow arbitrary code execution and exposed process memory. Updates…

December 8, 2021

Critical RCE Vulnerability in Palo Alto Global Protect Firewall Affects Estimated 10,000 VPNs

Randori, a red team cybersecurity company, officially disclosed a zero-day memory corruption vulnerability within the Palo Alto Global…

November 11, 2021

Oracle releases October Critical Patch Update for all product lines

Urgent action is required to apply the critical patch updates, as Oracle products are everywhere and threat actors…

October 20, 2021

Apple Releases Updates to Actively Exploited iOS and iPadOS Vulnerability

The vulnerability allows for arbitrary code execution at kernel level permissions and appears to be actively leveraged by…

October 13, 2021

GitLab Security Updates Patch Dozens of Newly Disclosed Vulnerabilities

Multiple high-rated Cross-Site Scripting (XSS) vulnerabilities that allow for arbitrary JavaScript Execution are among the many vulnerabilities patched…

October 6, 2021

Hikvision Cameras RCE Vulnerability Requires a Firmware Update

On September 19, 2021, Hikvision released a security advisory (CVE-2021-36260) regarding an unauthenticated remote code execution vulnerability reported…

October 4, 2021

Hand-Picked Top-Read Stories

Take Control of Your Software Supply Chain Before You’re Sabotaged

Microsoft Critical Wormable RCE and Six Zero-Days Highlight January Patch Tuesday

University Researchers Pit Top 18 EDR Products Against Real-World Attacks

Trending Tags

Log4j New Year Wrap-Up

Apache Releases Log4j 2.16.0 to Patch Lingering DoS Vulnerability

Log4j/Log4Shell Updates and Recommended Guidance

Apache Log4j Zero-Day Exposes Java Applications to RCE

Multiple Vulnerabilities Discovered in Zoom Client

Critical RCE Vulnerability in Palo Alto Global Protect Firewall Affects Estimated 10,000 VPNs

Oracle releases October Critical Patch Update for all product lines

Apple Releases Updates to Actively Exploited iOS and iPadOS Vulnerability

GitLab Security Updates Patch Dozens of Newly Disclosed Vulnerabilities

Hikvision Cameras RCE Vulnerability Requires a Firmware Update

Threat Advisories

Microsoft Critical Wormable RCE and Six Zero-Days Highlight January Patch Tuesday

High-Priority, Actively-Exploited Vulnerabilities Patched in Exchange and Excel

Cisco Patches Vulnerabilities Across Multiple Product Lines

Microsoft warns of continued supply chain attacks leveraging service providers and product resellers

October Patch Tuesday Updates More Than 40 Microsoft Products and Technologies

Education

MITRE ATT&CK 101

Security Assessments 101

Phishing Monitoring

University Researchers Pit Top 18 EDR Products Against Real-World Attacks

Endpoint Protection (EPP) & Endpoint Detection & Response (EDR) Efficacy Analysis

The New Standard of

Cybersecurity
Education

Innovate Cybersecurity Summit