Threat alerts

December 2021 December 14, 2021: Log4j Summary: Top US cybersecurity officials have warned of the zero-day vulnerability found in the Java logging library Apache Log4j….

Security Center of Excellence profile picture
Security Center of Excellence

June 3, 20211 minute read

December 2021

December 14, 2021: Log4j

Summary:

Top US cybersecurity officials have warned of the zero-day vulnerability found in the Java logging library Apache Log4j. ZDNet reports that the vulnerability, being tracked as CVE-2021-44228, is “severe and allows unauthenticated remote code execution as the user running the application utilizes the Java logging library.”

Further information here

________________________________________________

July 2021

July 6, 2021: Kaseya VSA Zero-Day

Summary:

  • Attackers carried out a supply chain ransomware attack by leveraging a zero-day vulnerability in Kaseya’s VSA software on Friday July 2, 2021. A compromised Kaseya update reached VSA on-premises servers from where, using the system’s internal scripting engine, the ransomware was deployed to all connected client systems.

Further information here

________________________________________________

June 2021

June 3, 2021: RIG Exploit Kit (EK)

Summary:

  • The RIG Exploit Kit (EK), which was discovered in 2014, is known to exploit vulnerabilities in Microsoft’s Internet Explorer browser and third-party applications such as Java, Adobe Flash, and Microsoft Silverlight. Browser exploits are very rare nowadays, however, in March 2021 researchers discovered the Rig EK had the ability to exploit CVE-2021-26411 affecting Microsoft Internet Explorer.

Further information here

________________________________________________

Share this post

Share this post to x. Share to linkedin. Mail to
Security Center of Excellence avatar image

Security Center of Excellence

See all posts

More from the author

Lessons from the SolarWinds attack: How to protect your business

Lessons from the SolarWinds attack: How to protect your business

By the time it was discovered in December, the SolarWinds cyber attack had evaded the security defenses of and penetrated at least 18,000 government agencies,…

5 minute read

The HAFNIUM Attack on the on-premises Microsoft Exchange Server

The HAFNIUM Attack on the on-premises Microsoft Exchange Server

On March 2, Microsoft announced that its on-premises Exchange Server had experienced multiple 0-day exploits. Microsoft commented: “In the attacks observed, the threat actor used…

3 minute read

To do, know and be… ask, why not me!

To do, know and be… ask, why not me!

Authored by Maureen Kaplan, VP Sales, OpenText Security It was the response to her childhood ‘declarations of I can’t’ that changed Lieutenant General (ret) Nadja West’s…

4 minute read

Stay in the loop!

Get our most popular content delivered monthly to your inbox.

Sign up