Categories: Exploits and vulnerabilities Categories: News Tags: wormable Tags: zero-day Tags: spring4shell Tags: cve-2022-34718 Tags: log4j Tags: openssl Tags: cve-2022-36934 Tags: cve-2022-27492 Tags: cve-2022-22965 Tags: cve-2022-22963 What does it take to make the discussion of vulnerabilities useful? And where did this go wrong in 2022? |
The post 4 over-hyped security vulnerabilities of 2022 appeared first on Malwarebytes Labs.
Read more
Credit to Author: Leonid Grustniy| Date: Thu, 08 Dec 2022 16:33:57 +0000
What is the Log4Shell vulnerability, what harm can it do, and why is it still dangerous in 2022?
Read moreCategories: Exploits and vulnerabilities Categories: News Tags: Log4Text Tags: Apache Tags: Commons Text Tags: CVE-2022-42889 Tags: Log4j Tags: Log4Shell Tags: interpolators Log4Text is a recently found vulnerability in Apache Commons. Log4Text provoked a knee jerk reaction because it reminds us of Log4Shell. So should we worry? |
The post Why Log4Text is not another Log4Shell appeared first on Malwarebytes Labs.
Read moreCredit to Author: Paul Oliveria| Date: Thu, 25 Aug 2022 16:00:00 +0000
Microsoft detected an Iran-based threat actor the Microsoft Threat Intelligence Center (MSTIC) tracks as MERCURY leveraging exploitation of Log4j 2 vulnerabilities in SysAid applications against organizations located in Israel.
The post MERCURY leveraging Log4j 2 vulnerabilities in unpatched systems to target Israeli organizations appeared first on Microsoft Security Blog.
Read moreCategories: Exploits and vulnerabilities Categories: News Tags: Discord Tags: Spotify Tags: MicrosoftTeams Tags: Electron Tags: ElectronJS Tags: NodeJS Tags: V8 Chrome Tags: Log4Shell Tags: Log4j A group of security researchers found a series of vulnerabilities in the software underlying popular apps like Discord, Microsoft Teams, and many others |
The post Researchers found one-click exploits in Discord and Teams appeared first on Malwarebytes Labs.
Read moreCredit to Author: Pieter Arntz| Date: Tue, 12 Jul 2022 13:35:15 +0000
PyPI is rolling out a 2FA requirement for maintainers of critical projects.
The post PyPI starts rolling out required 2FA for important projects appeared first on Malwarebytes Labs.
Read moreCredit to Author: Amruta Wagh| Date: Tue, 10 May 2022 10:40:09 +0000
On December 9, 2021, Apache revealed a severe Remote code execution vulnerability CVE-2021-44228 named “Log4Shell” in Apache Java-based…
The post Critical Zero-Day “Log4Shell” Vulnerability “CVE-2021-44228” Exploited in the Wild appeared first on Quick Heal Blog | Latest computer security news, tips, and advice.
Read more
Credit to Author: Gabor Szappanos| Date: Tue, 29 Mar 2022 11:26:28 +0000
In the wake of December 2021 exposure of a remote code execution vulnerability (dubbed “Log4Shell”) in the ubiquitous Log4J Java logging library, we tracked widespread attempts to scan for and exploit the weakness—particularly among cryptocurrency mining bots. The vulnerability affected hundreds of software products, making it difficult for some organizations to assess their exposure. One […]
Read more