'Spring4Shell' bug in framework for Java programming draws widespread warnings

Written by Joe Warminsky Apr 1, 2022 | CYBERSCOOP Security researchers are urging users of Spring — a popular framework for creating create web applications in the widely used Java…

The Fifth Log4j Vulnerability Has Been Fixed by Apache

Another Log4j version has been released by Apache dubbed 2.17.1, as prior to yesterday the most recent Log4j version was 2.17.0. This new variant addresses the RCE found in 2.17.0…

Irani and Chinese State Hackers Exploiting Log4j Vulnerability

According to John Hultquist, VP of Intelligence Analysis, Mandiant, Iranian state hackers are specifically aggressive with this Log4j vulnerability. Cybersecurity firms Mandiant and CrowdStrike have confirmed that Iranian and Chinese…

A List of Vulnerable Products to the Log4j Vulnerability

Two days ago, we wrote a post about the Log4j vulnerability that is currently wreaking havoc on the cyberthreat landscape. The flaw stands for an open-source Java logging library. By…

Patch Tuesday December 2021 – Microsoft Fixes 67 Flaws, Including 6 Zero-Day Vulnerabilities

December’s Patch Tuesday comes with numerous security fixes and improvements, including two actively exploited zero-day vulnerabilities. The list features spoofing, denial of service, remote code execution, elevation of privilege, and…

Apache’s Fix for Log4Shell Can Lead to DoS Attacks

Not only is the jaw-dropping flaw in the Apache Log4j logging library ubiquitous; Apache’s blanket of a quickly baked patch for Log4Shell also has holes. As if finding one easily-exploited…

Web App Attacks Surge 251% in Two Years

Web App Attacks Surge 251% in Two Years Web application attacks on UK businesses have soared by over 250% since October 2019, driving a surge in data breaches, according to Imperva.…

Log4j Looms Large Over Patch Tuesday

Log4j Looms Large Over Patch Tuesday IT teams knocked for six by a newly disclosed Log4j bug were forced to tackle a new patch load from Microsoft released yesterday, containing 67 new…

CISA orders federal civilian agencies to patch Log4j vulnerability and 12 others by December 24

The US Cybersecurity and Infrastructure Security Agency has ordered all civilian federal agencies to patch the Log4j vulnerability and three others by December 24, adding it to the organization’s Known…

Apple iOS Update Fixes Cringey iPhone 13 Jailbreak Exploit

It took just 15 seconds to hack the latest, greatest, shiniest iPhone 13 Pro on stage at the Tianfu Cup in October, using a now-fixed iOS kernel bug. As if…