Log4Shell: A retrospective
Now that the dust has settled on both the holiday season and the Log4j vulnerability that saw many of us working through it (CVE-2021-44228), it makes sense to look back and …
Now that the dust has settled on both the holiday season and the Log4j vulnerability that saw many of us working through it (CVE-2021-44228), it makes sense to look back and …
RDP brute-force attacks continue to be one of the most used attack vectors for breaching enterprise networks, ESET’s latest Threat Report has revealed. RDP brute-force …
Ivanti, Cyber Security Works and Cyware announced a report which identified 32 new ransomware families in 2021, bringing the total to 157 and representing a 26% increase over …
In late 2021, a never before seen macOS backdoor was delivered to pro-democracy individuals in Hong Kong via fake and compromised sites (for example, that of local radio …
A memory corruption vulnerability (CVE-2021-4034) in PolKit, a component used in major Linux distributions and some Unix-like operating systems, can be easily exploited by …
Sophos Labs researchers have detected the use of a novel exploit able to bypass a patch for a critical vulnerability (CVE-2021-40444) affecting the Microsoft Office file …
Due to the extraordinary widespread use of the open-source Apache Log4j library, the saga of the Log4Shell (CVE-2021-44228) vulnerability is nowhere near finished. As Dr. …
An APT group is leveraging a critical vulnerability (CVE-2021-44077) in Zoho ManageEngine ServiceDesk Plus to compromise organizations in a variety of sectors, including …
A local elevation of privilege vulnerability (CVE-2021-41379) in the Windows Installer that Microsoft supposedly fixed on November 2021 Patch Tuesday is, according to its …
Randori released a report that identifies the most tempting IT assets that an attacker is likely to target and exploit. Leading up to the anniversary of the Solarwinds hack, …
Researchers have unearthed 11 vulnerabilities affecting Nagios XI, a widely used enterprise IT infrastructure/network monitoring solution, some of which can be chained to …
Security misconfigurations are one of the most common gaps hackers look to exploit. One bad configuration setting in a popular cloud platform can have far-reaching …