Microsoft’s February 2022 Patch Tuesday Addresses 48 CVEs (CVE-2022-21989)
February 8, 2022Microsoft addresses 48 CVEs in its February 2022 Patch Tuesday release, including one zero-day vulnerability that was publicly disclosed, but not exploited in the wild.
CVE-2022-20699, CVE-2022-20700, CVE-2022-20708: Critical Flaws in Cisco Small Business RV Series Routers
February 3, 2022Cisco patches 15 flaws in Cisco Small Business RV Series Routers, including three with critical 10.0 CVSSv3 scores. Update February 4: Cisco has updated their advisory to announce partial patch...
Oracle January 2022 Critical Patch Update Addresses 266 CVEs
January 19, 2022Oracle addresses 266 CVEs in its first quarterly update of 2022 with 497 patches, including 25 critical updates. Background On January 18, Oracle released its Critical Patch Update (CPU) for Januar...
CVE-2021-44757: ZoHo Patches Authentication Bypass in ManageEngine Desktop Central
January 18, 2022ZoHo patches authentication bypass in ManageEngine Desktop Central that could allow attackers to write arbitrary zip files to the server. Background On January 17, ZoHo issued an advisory and patche...
Microsoft’s January 2022 Patch Tuesday Addresses 97 CVEs (CVE-2022-21907)
January 11, 2022Microsoft addresses 97 CVEs in its January 2022 Patch Tuesday release, including four zero-day vulnerabilities that were publicly disclosed but not exploited in the wild. 9Critical 88Important...
CVE-2021-44228, CVE-2021-45046, CVE-2021-4104: Frequently Asked Questions About Log4Shell and Associated Vulnerabilities
December 17, 2021A list of frequently asked questions related to Log4Shell and associated vulnerabilities.
Microsoft’s December 2021 Patch Tuesday Addresses 67 CVEs (CVE-2021-43890)
December 14, 2021Microsoft addresses 67 CVEs in its December 2021 Patch Tuesday release, including a zero-day vulnerability that has been exploited in the wild.
Apache Log4j Flaw: A Fukushima Moment for the Cybersecurity Industry
December 13, 2021Organizations around the world will be dealing with the long-tail consequences of this vulnerability, known as Log4Shell, for years to come.
Apache Log4j Flaw Puts Third-Party Software in the Spotlight
December 12, 2021Even in the most mature organizations, addressing the issue, also known as Log4Shell, requires a complex mix of software development practices, vulnerability management and web application scanning.
CVE-2021-44228: Proof-of-Concept for Critical Apache Log4j Remote Code Execution Vulnerability Available (Log4Shell)
December 10, 2021Critical vulnerability in the popular logging library, Log4j 2, impacts a number of services and applications, including Minecraft, Steam and Apple iCloud. Attackers have begun actively scanning for and attempting to exploit the flaw.
CVE-2021-41773: Path Traversal Zero-Day in Apache HTTP Server Exploited
October 5, 2021The Apache HTTP Server Project patched a path traversal vulnerability introduced less than a month ago that has been exploited in the wild.Update October 7: The Solution section has been updated to re...
CVE-2021-38647 (OMIGOD): Critical Flaw Leaves Azure Linux VMs Vulnerable to Remote Code Execution
September 17, 2021Agents installed by default on Azure Linux virtual machines are vulnerable to a remote code execution flaw that can be exploited with a single request. Background On September 14, researchers at Wiz...