Cisco Talos is monitoring reports of an actively exploited zero-day vulnerability in Confluence Data Center and Server. Confluence is a Java-based corporate Wiki employed by numerous enterprises. At this time,…
Tag: zero-day
Threat Advisory: Zero-day vulnerability in Microsoft diagnostic tool MSDT could lead to code execution
A recently discovered zero-day vulnerability in the Microsoft Windows Support Diagnostic Tool (MSDT) made headlines over the past few days. CVE-2022-30190, also known under the name “Follina,” exists when MSDT…
Log4j flaw: This new threat is going to affect cybersecurity for a long time
If there ever was any doubt over the severity of the Log4j vulnerability, director of US cybersecurity and infrastructure agency CISA, Jen Easterly, immediately quashed those doubts when she described…
Relentless Log4j Attacks Include State Actors, Possible Worm
More than 1.8 million attacks, against half of all corporate networks, have already launched to exploit Log4Shell. Call it a “logjam” of threats: Attackers including nation-state actors have already targeted…
Apache’s Fix for Log4Shell Can Lead to DoS Attacks
Not only is the jaw-dropping flaw in the Apache Log4j logging library ubiquitous; Apache’s blanket of a quickly baked patch for Log4Shell also has holes. As if finding one easily-exploited…
Log4j Looms Large Over Patch Tuesday
Log4j Looms Large Over Patch Tuesday IT teams knocked for six by a newly disclosed Log4j bug were forced to tackle a new patch load from Microsoft released yesterday, containing 67 new…
CISA orders federal civilian agencies to patch Log4j vulnerability and 12 others by December 24
The US Cybersecurity and Infrastructure Security Agency has ordered all civilian federal agencies to patch the Log4j vulnerability and three others by December 24, adding it to the organization’s Known…