Frank Crast

Apache releases security update for another Log4j RCE vulnerability (CVE-2021-44832)

The Apache Software Foundation has released a new security update to address another Log4j vulnerability (CVE-2021-44832) where Log4j2 is vulnerable to remote code execution (RCE) via JDBC Appender when an attacker controls a configuration file.

Apache releases security update for another Log4j RCE vulnerability (CVE-2021-44832) Read More »

NotLegit: 4-year old Microsoft Azure App Service 0-day vulnerability affects source code repositories

A four-year old Microsoft Azure App Service 0-day vulnerability dubbed “NotLegit” affects hundreds of source code repositories.

NotLegit: 4-year old Microsoft Azure App Service 0-day vulnerability affects source code repositories Read More »

Apache releases new Log4k security update to fix another RCE vulnerability (CVE-2021-45046)

As affected organizations and vendors continue to identify products affected by Log4Shell remote code execution (RCE) Log4j vulnerability, Apache has released additional Log4j security updates to fix another RCE vulnerability (CVE-2021-45046).

Apache releases new Log4k security update to fix another RCE vulnerability (CVE-2021-45046) Read More »

Palo Alto Networks offers proactive protections against Apache Log4j vulnerability with Threat Prevention

As organizations continue to discover and patch the severe Apache Log4j vulnerability on their networks, Palo Alto Networks is recommending their customers leverage their next generation firewalls with Threat Prevention service, along with Cortex XDR and Prisma Cloud to help mitigate the threat.

Palo Alto Networks offers proactive protections against Apache Log4j vulnerability with Threat Prevention Read More »

Google adds OSS-Fuzz open source fuzzer capability to discover Log4Shell vulnerability

As the catastrophic Log4j vulnerability continues to cause havoc on the internet and organizations, Google in collaboration with security firm Code Intelligence has released an update to open source fuzzer (OSS-Fuzz) that can detect the Log4Shell vulnerability.

Google adds OSS-Fuzz open source fuzzer capability to discover Log4Shell vulnerability Read More »

Microsoft December 2021 Security Updates includes fix for zero-day exploit used to spread Emotet malware

Microsoft has released the December 2021 Security Updates that includes patches for 73 vulnerabilities, 7 of those rated Critical. The updates also address one vulnerability being actively exploited in the wild and used to spread Emotet malware.

Microsoft December 2021 Security Updates includes fix for zero-day exploit used to spread Emotet malware Read More »

Researchers discover Critical RCE 0-day “Log4Shell” vulnerability (CVE-2021-44228) in Apache Log4j logging utility (update)

Researchers have discovered a Critical 0-day vulnerability (CVE-2021-44228) in Apache Log4j logging utility that can result in remote code execution (RCE). In addition, CISA and Microsoft also issue new guidance for log4j vulnerability remediation.

Researchers discover Critical RCE 0-day “Log4Shell” vulnerability (CVE-2021-44228) in Apache Log4j logging utility (update) Read More »

Google releases Chrome 96 security update (96.0.4664.110) with fix for High risk zero-day exploited in the wild

Google has released Chrome 96 security update (96.0.4664.110) for Windows, Mac and Linux with a fix for one High risk vulnerability exploited in the wild.

Google releases Chrome 96 security update (96.0.4664.110) with fix for High risk zero-day exploited in the wild Read More »