One month into the Log4j vulnerability, we take a look at the 3 CVEs and their fixes, known exploits being observed in the wild, and a way forward in dealing with the ubiquitous and targeted Java library.
January 7, 2022
Amid the focus on Log4j while patching CVE-2021-44228, a JNDI injection RCE vulnerability, Apache has released 2.16.0 which disables JNDI by default and removes support for Message lookups in order to fix a newly discovered denial of service vulnerability.
December 14, 2021
Updates and recommended guidance for identifying vulnerable servers and mitigating exploit attempts.
December 13, 2021
A high-severity zero-day has been uncovered in Apache Log4j which could allow a log injection RCE exploit.
December 10, 2021
Two new vulnerabilities discovered in Zoom Client for Meetings allow arbitrary code execution and exposed process memory. Updates…
December 8, 2021
Randori, a red team cybersecurity company, officially disclosed a zero-day memory corruption vulnerability within the Palo Alto Global…
November 11, 2021
Urgent action is required to apply the critical patch updates, as Oracle products are everywhere and threat actors…
October 20, 2021
The vulnerability allows for arbitrary code execution at kernel level permissions and appears to be actively leveraged by…
October 13, 2021
October 6, 2021
On September 19, 2021, Hikvision released a security advisory (CVE-2021-36260) regarding an unauthenticated remote code execution vulnerability reported…
October 4, 2021