Threat AlertsUncategorized

Threat alerts

Stay informed about current cybersecurity threats

December 2021

December 14, 2021: Log4j

Summary:

Top US cybersecurity officials have warned of the zero-day vulnerability found in the Java logging library Apache Log4j. ZDNet reports that the vulnerability, being tracked as CVE-2021-44228, is “severe and allows unauthenticated remote code execution as the user running the application utilizes the Java logging library.”

Further information here

________________________________________________

July 2021

July 6, 2021: Kaseya VSA Zero-Day

Summary:

  • Attackers carried out a supply chain ransomware attack by leveraging a zero-day vulnerability in Kaseya’s VSA software on Friday July 2, 2021. A compromised Kaseya update reached VSA on-premises servers from where, using the system’s internal scripting engine, the ransomware was deployed to all connected client systems.

Further information here

________________________________________________

June 2021

June 3, 2021: RIG Exploit Kit (EK)

Summary:

  • The RIG Exploit Kit (EK), which was discovered in 2014, is known to exploit vulnerabilities in Microsoft’s Internet Explorer browser and third-party applications such as Java, Adobe Flash, and Microsoft Silverlight. Browser exploits are very rare nowadays, however, in March 2021 researchers discovered the Rig EK had the ability to exploit CVE-2021-26411 affecting Microsoft Internet Explorer.

Further information here

________________________________________________

Related Posts

Back to top button